[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- To: Daniel Kachakil <dani@xxxxxxxxxxxx>
- Subject: Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
- From: Razi Shaban <razishaban@xxxxxxxxx>
- Date: Fri, 6 Feb 2009 18:50:25 +0200
On Fri, Feb 6, 2009 at 2:10 PM, Daniel Kachakil <dani@xxxxxxxxxxxx> wrote:
> Hi,
>
> I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL
> injection technique which allows to extract the whole information of a
> Microsoft SQL Server 2005/2008 database in an extremely fast and efficient
> way.
>
This isn't new, this is old news. It might be the first paper written
about the topic, but these methods have been used for years.