Published on January 17th, 2011 📆 | 8007 Views ⚑
0DEFCON 16: Time-Based Blind SQL Injection using heavy queries
https://www.ispeech.org
Speakers:
Chema Alonso, Microsoft MVP Windows Security,Informática64
José Parada, Microsoft IT Pro Evangelist,Microsoft
This presentation describes how attackers could take advantage of SQL Injection vulnerabilities using time-based blind SQL injection. The goal is to stress the importance of establishing secure development best practices for Web applications and not only to entrust the site security to the perimeter defenses. This article shows exploitation examples for some versions of Microsoft SQL Server, Oracle DB Engine,MySQL and Microsoft Access database engines, nevertheless the presented technique is applicable to any other database product in the market. This work shows a NEW POC Tool.
For more information visit: http://bit.ly/defcon16_information
To download the video visit: http://bit.ly/defcon16_videos
2011-01-17 12:57:27
source
Gloss