Chapter 1 What Is SQL Injection? 1-Introduction 2-Understanding How Web Applications Work. 3-A Simple Application Architecture 4-A More Complex Architecture 5-Understanding SQL Injection 6-High-Profile Examples 7-Understanding How It Happens 8-Dynamic String Building 9-Incorrectly Handled Escape Characters 10-Incorrectly Handled Types 11-Incorrectly Handled Query Assembly 12-Incorrectly Handled Errors 13-Incorrectly Handled Multiple Submissions 14-Insecure Database Configuration 15-Summary 16-Solutions Fast Track 17-Frequently Asked Questions Chapter 2 Testing for SQL Injection 1-Introduction 2-Finding SQL Injection 3-Testing by Inference 4-Identifying Data Entry 5-GET Requests 6-POST Requests 7-Other Injectable Data 8-Manipulating Parameters 9-Information Workf low 10-Database Errors 11-Commonly Displayed SQL Errors 12-Microsoft SQL Server Errors 13-MySQL Errors 14-Oracle Errors 15-Generic Errors 16-HTTP Code Errors 17-Different Response Sizes 18Blind Injection Detection 19-Confirming SQL Injection 20-Differentiating Numbers and Strings 21-Inline SQL Injection 22-Injecting Strings Inline 23-Injecting Numeric Values Inline 24-Terminating SQL Injection 25-Database Comment Syntax 26-Using Comments 27-Executing Multiple Statements 28-Time Delays 29-Automating SQL Injection Discovery 30-Tools for Automatically Finding SQL Injection 31-HP WebInspect 32-IBM Rational AppScan 33-HP Scrawlr 34-SQLiX 35-Paros Proxy 36-Summary 37-Solutions Fast Track 38-Frequently Asked Questions Chapter 3 Reviewing Code for SQL Injection 1-Introduction 2-Reviewing Source Code for SQL Injection 3-Dangerous Coding Behaviors 4-Dangerous Functions 5-Following the Data 6-Following Data in PHP 7-Following Data in Java 8-Following Data in C# 9-Reviewing PL/SQL and T-SQL Code 10-Automated Source Code Review 11-Yet Another Source Code Analyzer 12-Pixy 13-AppCodeScan 14-LAPSE 15-Security Compass Web Application Analysis Tool (SWAAT) 16-Microsoft Source Code Analyzer for SQL Injection 17-Microsoft Code Analysis Tool .NET (CAT.NET) 18-Commercial Source Code Review Tools 19-Ounce 20-Source Code Analysis 21-CodeSecure 22-Summary 23-Solutions Fast Track 24-Frequently Asked Questions Chapter 4 Exploiting SQL Injection 1-Introduction 2-Understanding Common Exploit Techniques 3-Using Stacked Queries 4-Identifying the Database 5-Non-Blind Fingerprint 6-Banner Grabbing 7-Blind Fingerprint 8-Extracting Data through UNION Statements 9-Matching Columns 10-Matching Data Types 11-Using Conditional Statements 12-Approach 1: Time-based 13-Approach 2: Error-based 14-Approach 3: Content-based 15-Working with Strings 16-Extending the Attack 17-Using Errors for SQL Injection 18-Error Messages in Oracle 19-Enumerating the Database Schema 20-SQL Server 21-MySQL 22-Oracle 23-Escalating Privileges 24-SQL Server 25-Privilege Escalation on Unpatched Servers 26-Oracle 27-Stealing the Password Hashes 28-SQL Server 29-MySQL 30-Oracle 31-Oracle Components 32-APEX 33-Oracle Internet Directory 34-Out-of-Band Communication 35-E-mail 36-Microsoft SQL Server 37-Oracle 38-HTTP/DNS 39-File System 40-SQL Server 41-MySQL 42-Oracle 43-Automating SQL Injection Exploitation 44-Sqlmap 45-Sqlmap Example 46-Bobcat 47-BSQL 48-Other Tools 49-Summary 50-Solutions Fast Track 51-Frequently Asked Questions Chapter 5 Blind SQL Injection Exploitation 1-Introduction 2-Finding and Confirming Blind SQL Injection 3-Forcing Generic Errors 4-Injecting Queries with Side Effects 5-Spitting and Balancing 6-Common Blind SQL Injection Scenarios 7-Blind SQL Injection Techniques 8-Inference Techniques 9-Increasing the Complexity of Inference Techniques 10-Alternative Channel Techniques 11-Using Time-Based Techniques 12-Delaying Database Queries 13-MySQL Delays 14-Generic MySQL Bit-by-Bit Inference Exploits 15-SQL Server Delays 16-Generic SQL Server Binary Search Inference Exploits 17-Generic SQL Server Bit-by-Bit Inference Exploits 18-Oracle Delays 19-Time-Based Inference Considerations 20-Using Response-Based Techniques 21-MySQL Response Techniques 22-SQL Server Response Techniques 23-Oracle Response Techniques 24-Returning More Than One Bit of Information 25-Using Alternative Channels 26-Database Connections 27-DNS Exfiltration 28-E-mail Exfiltration 29-HTTP Exfiltration 30-Automating Blind SQL Injection Exploitation 31-Absinthe 32-BSQL Hacker 33-SQLBrute 34-Sqlninja 35-Squeeza 36-Summary 37-Solutions Fast Track 38-Frequently Asked Questions Chapter 6 Exploiting the Operating System 1-Introduction 2-Accessing the File System 3-Reading Files 4-MySQL 5-Microsoft SQL Server 6-Oracle 7-Writing Files 8-MySQL 9-Microsoft SQL Server 10-Oracle 11-Executing Operating System Commands 12-Direct Execution 13-Oracle 14-DBMS_SCHEDULER 15-PL/SQL Native 16-Other Possibilities 17-Alter System Set Events 18-PL/SQL Native 9i 19-Buffer Overflows 20-Custom Application Code 21-MySQL 22-Microsoft SQL Server 23-Consolidating Access 24-Summary 25-Solutions Fast Track 26-Frequently Asked Questions 27-Endnotes Chapter 7 Advanced Topics 1-Introduction 2-Evading Input Filters 3-Using Case Variation 4-Using SQL Comments 5-Using URL Encoding 6-Using Dynamic Query Execution 7-Using Null Bytes 8-Nesting Stripped Expressions 9-Exploiting Truncation 10-Bypassing Custom Filters 11-Using Non-Standard Entry Points 12-Exploiting Second-Order SQL Injection 13-Finding Second-Order Vulnerabilities 14-Using Hybrid Attacks 15-Leveraging Captured Data 16-Creating Cross-Site Scripting 17-Running Operating System Commands on Oracle 18-Exploiting Authenticated Vulnerabilities 19-Summary 20-Solutions Fast Track 21-Frequently Asked Questions Chapter 8 Code-Level Defenses 1-Introduction 2-Using Parameterized Statements 3-Parameterized Statements in Java 4-Parameterized Statements in .NET (C#) 5-Parameterized Statements in PHP 6-Parameterized Statements in PL/SQL 7-Validating Input 8-Whitelisting 9-Blacklisting 10-Validating Input in Java 11-Validating Input in .NET 12-Validating Input in PHP 13-Encoding Output 14-Encoding to the Database 15-Encoding for Oracle 16-Oracle dbms_asser 17-Encoding for Microsoft SQL Server 18-Encoding for MySQL 19-Canonicalization 20-Canonicalization Approache 21-Working with Unicode 22-Designing to Avoid the Dangers of SQL Injection 23-Using Stored Procedures 24-Using Abstraction Layers 25-Handling Sensitive Data 26-Avoiding Obvious Object Names 27-Setting Up Database Honeypots Chapter 9 Reference 1-Introduction 2-Structured Query Language (SQL) Primer 3-SQL Queries 4-SELECT Statement 5-UNION Operator 6-INSERT Statement 7-UPDATE Statement 8-DELETE Statement 9-*zensiert* Statement 10-CREATE TABLE Statement 11-ALTER TABLE Statement 12-GROUP BY Statement 13-ORDER BY Clause 14-Limiting the Result Set 15-SQL Injection Quick Reference 16-Identifying the Database Platform 17-Identifying the Database Platform via Time Delay Inference 18-Identifying the Database Platform via SQL Dialect Inference 19-Combining Multiple Rows into a Single Row 20-Microsoft SQL Server Cheat Sheet. 21-Blind SQL Injection Functions: Microsoft SQL Server 22-Microsoft SQL Server Privilege Escalation 23-OPENROWSET Reauthentication Attack 24-Attacking the Database Server: Microsoft SQL Server 25-System Command Execution via xp_cmdshell 26-xp_cmdshell Alternative 27-Cracking Database Passwords 28-Microsoft SQL Server 2005 Hashes 29-File Read/Write 30-MySQL Cheat Sheet 31-Enumerating Database Configuration Information and Schema 32-Blind SQL Injection Functions: MySQL 33-Attacking the Database Server: MySQL 34-System Command Execution 35-Cracking Database Passwords 36-Attacking the Database Directly 37-File Read/Write 38-Oracle Cheat Sheet 39-Enumerating Database Configuration Information and Schema 40-Blind SQL Injection Functions: Oracle 41-Attacking the Database Server: Oracle 42-Command Execution 43-Reading Local Files 44-Reading Local Files (PL/SQL Injection Only) 45-Writing Local Files (PL/SQL Injection Only) 46-Cracking Database Passwords 47-Bypassing Input Validation Filters 48-Quote Filters 49-HTTP Encoding 50-Troubleshooting SQL Injection Attacks 51-SQL Injection on Other Platforms 52-PostgreSQL Cheat Sheet 53-Enumerating Database Configuration Information and Schema 54-Blind SQL Injection Functions: PostgreSQL 55-Attacking the Database Server: PostgreSQL 56-System Command Executio 57-Local File Access 58-Cracking Database Passwords 59-DB2 Cheat Sheet 60-Enumerating Database Configuration Information and Schema 61-Blind SQL Injection Functions: DB2 62-Informix Cheat Sheet 63-Enumerating Database Configuration Information and Schema 64-Blind SQL Injection Functions: Informix 65-Ingres Cheat Sheet 66-Enumerating Database Configuration Information and Schema 67-Blind SQL Injection Functions: Ingres 68-Microsoft Access 69-Resources 70-SQL Injection White Papers 71-SQL Injection Cheat Sheets 72-SQL Injection Exploit Tools 73-Password Cracking Tools 74-Solutions Fast Track Download : _Bible_of_the_SQL-Injection.rar"]http://www.mediafire.com/file/77b6x7y4f1dn41x/[E-Book]_Bible_of_the_SQL-Injection.rar