Jump to content
Nytro

Advanced SQL injection to operating system full control

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Advanced SQL injection to operating system full control

Bernardo Damele Assumpção Guimarães

bernardo.damele -@- gmail.com

April 10, 2009

This white paper discusses the security exposures of a server that occur

due to a SQL injection aw in a web application that communicate with

a database.

Over ten years have passed since a famous hacker coined the term "SQL

injection" and it is still considered one of the major application threats.

A lot has been said on this vulnerability, but not all of the aspects and

implications have been uncovered, yet.

This paper aim is to collate some of the existing knowledge, introduce

new techniques and demonstrate how to get complete control over the

database management system's underlying operating system, le system

and internal network through a SQL injection vulnerability in over-looked

and theoretically not exploitable scenarios.

Download:

http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...