Jump to content
Nytro

Advanced SQL Injection

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Advanced SQL Injection

Presented By:

Joe McCray

joe - learnsecurityonline.com

http://twitter.com/j0emccray

Joe McCray | LinkedIn

Step 1: Tell customer you are 31337 security professional

Customers only applied patches if it fixed something on the system

It was common practice NOT to apply system updates that didn't fix a problem you were

experiencing on a system (WTF ARE YOU DOING -YOU MIGHT BREAK SOMETHING!!!!!)

Step 2: Scan customer network with ISS or Nessus if you were a renegade

Customers didn't apply patches, and rarely even had firewalls and IDSs back then

You know you only ran ISS because it had nice reports...

Step 3: Break out your uber 31337 warez and 0wn it all!!!!!

You only kept an exploit archive to save time (Hack.co.za was all you needed back then)

If you could read the screen you could 0wn the network!!!!!!!

Download:

[URL]https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf[/URL]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...