Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: SQL Injection data retrieving??

from [Shields, Larry] Network Security [Permanent Link]
Subject: RE: SQL Injection data retrieving??
Date: Wed, 15 Sep 2004 11:07:49 -0400 
 
Just use blind SQL injection techniques documented in various
whitepapers on the topic to grab the data field within an AND, use
substring to grab a single letter, then do comparisons that return true
or false to see if it's greater than the letter 'm' or not.  If the page
returns normally, you've got a true condition, if it fails, you've got a
false condition.  Adjust your letter and continue until you have it.
Even if you can't return the entire field somewhere on the page, you can
use this technique to pull the data out (even if it's slow until you
automate the process).

See http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf for an
example.

-Larry


-----Original Message-----
From: Jonathan Angliss [mailto:jon@netdork.net] 
Sent: Tuesday, September 14, 2004 4:29 PM
To: Roland Despins
Cc: webappsec@securityfocus.com
Subject: Re: SQL Injection data retrieving??

Hi Roland,

Monday, September 13, 2004, 1:26:47 AM, you wrote:

ou application is vulnerable to SQL injection and I'm trying to build 
some sort of "exploit" in order to show them how simple it is to get 
data out of our database! So they might consider security from a other



point of view...


Extracting data is just one point of an exploit... you can always
destroy the data, or modify it so it is unusable. They might be more
influenced towards a more secure setup when all their data becomes
corrupt and unusuable, or even worse, missing.

--
Jonathan Angliss
(jon@netdork.net)

I am Drunk of Borg. Resistance is floor tile!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [OT] Multi-tier web app client-server response time?!?, Stef
Next by Date:  Re: Tying sessions to IP address - some real world data, Andrew Sledge
Previous by Thread:  RE: SQL Injection data retrieving??, Peter Harrison
Next by Thread:  Web PT, Alvin
Indexes:  [Date] [Thread] [Top] [All Lists]