[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] SFX-SQLi: A new SQL injection technique for SQL Server (dumps a table in one request!)
- To: "Daniel Kachakil" <dani@xxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] SFX-SQLi: A new SQL injection technique for SQL Server (dumps a table in one request!)
- From: seclists <seclists@xxxxxxx>
- Date: Sun, 8 Feb 2009 00:42:57 +0800 (CST)
The Chinese version MSSQL Injection FOR MSSQL 2005 & 2008 can be found at
http://www.pcsec.org/archives/SFX-SQLi-A-new-SQL-injection-technique-for-MSSQL-dumps-a-table-in-one-request.html
在2009-02-08?00:02:21,"Daniel?Kachakil"?<dani@xxxxxxxxxxxx>?写道:
>Hi,
>
>I?am?glad?to?release?SFX-SQLi?(Select?For?XML?SQL?injection),?a?new?SQL?
>injection?technique?which?allows?to?extract?the?whole?information?of?a?
>Microsoft?SQL?Server?2005/2008?database?in?an?extremely?fast?and?efficient?
>way.
>
>This?technique?is?based?on?the?FOR?XML?clause,?which?is?able?to?convert?the?
>content?of?a?table?into?a?single?string,?so?its?contents?could?be?appended?
>to?some?field?injecting?a?subquery?into?a?vulnerable?input?of?a?web?
>application.?In?most?cases,?this?method?can?dump?all?the?contents?of?any?
>table?using?only?ONE?REQUEST?to?the?web?server,?without?the?need?of?any?
>special?permission?on?the?DBMS.
>
>I?have?written?a?paper?describing?how?the?technique?works?and?in?which?
>fundamentals?it?is?based,?and?I?have?also?developed?a?tool?which?implements?
>this?technique?as?a?proof?of?concept?(with?the?source?code?included).
>
>You?can?get?them?through?this?URL:
>
>http://www.kachakil.com/papers/SFX-SQLi-en.htm
>
>Regards,
>??Daniel?Kachakil?
>
>
>_______________________________________________
>Full-Disclosure?-?We?believe?in?it.
>Charter:?http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted?and?sponsored?by?Secunia?-?http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/