sqlinjection

MySQL SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into MySQL databases…

Tags: , , , ,

Posted in: SQL Injection

Postgres SQL Injection Cheat Sheet

Some useful syntax reminders for SQL Injection into PostgreSQL databases…

Tags: , , , ,

Posted in: SQL Injection

Time-Based Blind SQL Injection with Heavy Queries

Chema Alonso sent me a link to this Microsoft paper which is based on his PhD thesis.  It explores how to exploit time-based SQL injection on any database backend without the use of usual “delay functions” like waitfor delay, benchmark, DBMS_LOCK, etc.  Well worth a read.

Tags:

Posted in: Blog

MS Access SQL Injection Cheat Sheet

Luca from webapptest.org just published an MS Access cheat sheet.  It’s one of the best of seen for MS Access.  Check it out: http://www.webapptest.org/ms-access-sql-injection-cheat-sheet-EN.html

Tags: , , , ,

Posted in: Blog

DB2 SQL Injection Cheat Sheet

Finding a SQL injection vulnerability in a web application backed by DB2 isn’t too common in my experience.  When you do find one, though it pays to be prepared…

Tags: , , , ,

Posted in: SQL Injection

Ingres SQL Injection Cheat Sheet

Ingres seems to be one of the less common database backends for web applications, so I thought it would be worth installing it and making some notes to make my next Ingres-based web app test a little easier.

Tags: , , , ,

Posted in: SQL Injection

Enabling xp_cmdshell for SQL Server 2005

It’s disappointing to exploit a SQL injection, find you’re “sa”, then realise they’ve disabled xp_cmdshell (the default for MSSQL 2005). Fortunately, it’s possible to re-enable it quite easily…

Tags: , ,

Posted in: Blog

Exfiltrating Data From MS SQL Server Via DNS

Exfiltrating data via Blind SQL Injection vulnerabilities can be slow, or the very least undesirably noisy. DNS may provide a faster alternative if the target system is connected to the Internet.

Tags: , , ,

Posted in: Blog