[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] SQL DB Structure Extraction vulnerabilities
- To: MustLive <mustlive@xxxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] SQL DB Structure Extraction vulnerabilities
- From: Benji <me@xxxxxxxxx>
- Date: Sat, 20 Mar 2010 19:30:46 +0000
oh dude, I've missed you.
On Wed, Mar 17, 2010 at 9:36 PM, MustLive <mustlive@xxxxxxxxxxxxxxxxxx>wrote:
> Hello Full-Disclosure!
>
> Yesterday I wrote English version of my article SQL DB Structure Extraction
> vulnerabilities (http://websecurity.com.ua/4038/).
>
> There is such variety of Information Leakage vulnerabilities as SQL DB
> Structure Extraction. This vulnerability lie in that there is information
> leakage in web application about structure of the database. This
> information
> leakage can be of use at SQL Injection attack.
>
> Such vulnerability I found first time already in 2006 (at one site) and
> gave
> it this name. Such vulnerabilities I found at many web sites and also in
> many web applications.
>
> In the article I talked about SQL DB Structure Extraction, different
> variants of SQL Errors (three variants) and about difference between SQL DB
> Structure Extraction and SQL Error.
>
> You can read the article SQL DB Structure Extraction vulnerabilities at my
> site: http://websecurity.com.ua/4038/
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/