I have written a paper describing how the technique works and in which fundamentals it is based, and I have also developed a tool which implements this technique as a proof of concept (with the source code included). You can get them through this URL: http://www.kachakil.com/papers/SFX-SQLi-en.htm
Having read your paper, I'm a bit confused about what you think the "new SQL injection technique" is that you've discovered. I understand you have determined a way to *extract* data in a more compact and efficient format, but I didn't see any new *injection* technique. IOW, the FOR XML construct isn't going to assist you in obtaining the data - only in obtaining it more efficiently.
Did I miss something? Paul Schmehl, If it isn't already obvious, my opinions are my own and not those of my employer. ****************************************** WARNING: Check the headers before replying
Attachment:
p7sNtUwO3nnXT.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/