Building the bridge between the web app and the OS: GUI ...
[Pages:46]Building the bridge between the web app and the OS:
GUI access through SQL Injection
Alberto Revelli Portcullis Computer Security
ayr@portcullis- r00t@
OWASP-Day II Universit? "La Sapienza", Roma 31st, March 2008
Copyright ? 2008 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License.
The OWASP Foundation
Agenda
Context Evading WAF/IPS Escalating privileges Uploading executables DNS-fu GUI access
OWASP Day II ? 31st , March 2008
OWASP-Italy
About me...
Senior Consultant for Portcullis Computer Security Technical Director of Italian Chapter of OWASP Co-author of the OWASP Testing Guide 2.0 Developer of sqlninja -
OWASP Day II ? 31st , March 2008
OWASP-Italy
SQL Injection: the base concept
Client
Web Application
Back-end Database
SELECT name,address,mail,creditcard FROM users WHERE id='1'
OWASP Day II ? 31st , March 2008
OWASP-Italy
SQL Injection: the base concept
Client
Web Application
The application does not filter input parameters!!
Back-end Database
SELECT name,password,creditcard FROM users WHERE id=[SQL_CODE]
OWASP Day II ? 31st , March 2008
OWASP-Italy
Ok, so you have found a SQL Injection...
NOW WHAT?
OWASP Day II ? 31st , March 2008
OWASP-Italy
Several possible ways: ...how about data?
The first one aims to extract the data from the remote DB server
Plenty of research in non-blind injection (UNION SELECT)
Slower but very effective techniques for blind injection (inference based techniques)
A heap of potential fun (Usernames? Passwords? Credit Cards? Jenna Jameson's phone number?)
...And a heap of tools to choose from: - sqlmap - bobcat - absinthe - SQL Power Injector - Priamos - more.............
OWASP Day II ? 31st , March 2008
OWASP-Italy
Nice, but more fun with the underlying OS
Modern DBMS are very powerful applications, which provide several instruments to directly talk with the underlying operating system Why not play a little bit with these instruments to talk with the operating system ourselves? Some research done, but not as much You usually need administrative access, but there is no lack of privilege
escalation attacks A heap of potential fun too (Usernames, Passwords, Credit Cards, Jenna
Jameson's phone number, PLUS a foothold in the internal network!) Tools? uhm....
OWASP Day II ? 31st , March 2008
OWASP-Italy
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- zfs as backend file system for lustre the current status
- mortscript v4
- orchestrate
- advanced training endo
- sobotta edisi 23 pdf 89
- advanced sql injection
- sources of 3 instantiating the core in sopc builder components
- 03 sql injection partei modo de compatibilidade
- tnp wyg for cavanna homes torbay
- participants information guide 2018
Related searches
- office web app server 2016
- the bridge aspen dental
- the bridge aspen intranet
- economist web app windows 10
- find the distance between the points calculator
- find the distance between the two points
- azure web app for containers
- azure web app docker image
- outlook web app owa
- azure web app code vs container
- outlook web app for windows desktop
- microsoft teams web app url