Nytro Posted March 29, 2011 Report Share Posted March 29, 2011 Advanced SQL injection to operating system full controlBernardo Damele Assumpção Guimarãesbernardo.damele -@- gmail.comApril 10, 2009This white paper discusses the security exposures of a server that occurdue to a SQL injection aw in a web application that communicate witha database.Over ten years have passed since a famous hacker coined the term "SQLinjection" and it is still considered one of the major application threats.A lot has been said on this vulnerability, but not all of the aspects andimplications have been uncovered, yet.This paper aim is to collate some of the existing knowledge, introducenew techniques and demonstrate how to get complete control over thedatabase management system's underlying operating system, le systemand internal network through a SQL injection vulnerability in over-lookedand theoretically not exploitable scenarios.Download:http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf Quote Link to comment Share on other sites More sharing options...
michee Posted March 30, 2011 Report Share Posted March 30, 2011 oldies.......but goldies, nonetheless:) Quote Link to comment Share on other sites More sharing options...
