Bernardo Damele Assumpção Guimarães
Advanced SQL injection to operating system full control
Bernardo Damele Assump??o Guimar?es
Black Hat Briefings Europe Amsterdam (NL) ? April 16, 2009
Who I am
Bernardo Damele Assump??o Guimar?es:
? Proud father ? IT security engineer ? sqlmap lead developer ? MySQL UDF repository developer
2
SQL injection definition
? SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL statements
? It is a common threat in web applications that lack of proper sanitization on usersupplied input used in SQL queries
3
SQL injection techniques
? Boolean based blind SQL injection:
par=1 AND ORD(MID((SQL query), Nth char, 1)) > Bisection num--
? UNION query (inband) SQL injection:
par=1 UNION ALL SELECT query--
? Batched queries SQL injection:
par=1; SQL query;--
4
How far can an attacker go by exploiting a SQL injection?
5
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- base64 encode or decode le as mime base64 rfc 1341
- base64 encode or decode file as mime base64 rfc 1341
- specification based testing with quickcheck
- pdf to base64 c
- convert base64 to pdf c
- webphone parameter encoding
- part 1 decoding binary cyberforce competition
- postgresql cheat sheet string functions
- bernardo damele assumpção guimarães
- pdf to base64 string c