Jump to content
Nytro

Advanced SQL Injection In SQL Server

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

E-Book

Table of Contents
[Abstract]...........................................................................................................................3
[Introduction].....................................................................................................................3
[Obtaining Information Using Error Messages].................................................................7
[Leveraging Further Access].............................................................................................12
[xp_cmdshell]...............................................................................................................12
[xp_regread]..................................................................................................................13
[Other Extended Stored Procedures]............................................................................13
[Linked Servers]............................................................................................................14
[Custom extended stored procedures]...........................................................................14
[Importing text files into tables]...................................................................................15
[Creating Text Files using BCP]...................................................................................15
[ActiveX automation scripts in SQL Server]................................................................15
[Stored Procedures]...........................................................................................................17
[Advanced SQL Injection]................................................................................................18
[Strings without quotes]................................................................................................18
[Second-Order SQL Injection]......................................................................................18
[Length Limits].............................................................................................................20
[Audit Evasion].............................................................................................................21
[Defences]........................................................................................................................21
[Input Validation]..........................................................................................................21
[SQL Server Lockdown]...............................................................................................23
[References].....................................................................................................................24
Appendix A - 'SQLCrack'.................................................................................................25
(sqlcrack.sql).................................................................................................................25

Download:

http://www.ngssoftware.com/papers/advanced_sql_injection.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...