Saturday, April 18, 2009

SQL injection to get access to OS

Hi folks,
today I'd like to point out an amazing Black Hat's talk concerning SQL injection. As you know SQL injection has been really used in the past years and it's a well known background that every attacker has. This talks seems to be pretty much different.


Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.

It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference.



The author will discuss his new sqlmapper. Since I have no much experience with this tool ( I use to do SQL injection by hand, in the old way ..) I'm not going to describe it, I just wanna show how it seems powerful by attaching some relevant screen shots on what it does.

List of available DataBases:


List of available tables:



I'm going to investigate more about this tool, if someone knows better then me sqlmap, please lets some comments regarding his experiences.
Thanks

No comments: