Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: SFX-SQLi: A new SQL injection technique for SQL Server (dumps a table in one request!)
From: seclists <seclists () 126 com>
Date: Sun, 8 Feb 2009 00:42:57 +0800 (CST)

The Chinese version MSSQL Injection FOR MSSQL 2005 & 2008 can be found at 
http://www.pcsec.org/archives/SFX-SQLi-A-new-SQL-injection-technique-for-MSSQL-dumps-a-table-in-one-request.html
 


在2009-02-08?00:02:21,"Daniel?Kachakil"?<dani () kachakil com>?写道:
Hi,

I?am?glad?to?release?SFX-SQLi?(Select?For?XML?SQL?injection),?a?new?SQL?
injection?technique?which?allows?to?extract?the?whole?information?of?a?
Microsoft?SQL?Server?2005/2008?database?in?an?extremely?fast?and?efficient?
way.

This?technique?is?based?on?the?FOR?XML?clause,?which?is?able?to?convert?the?
content?of?a?table?into?a?single?string,?so?its?contents?could?be?appended?
to?some?field?injecting?a?subquery?into?a?vulnerable?input?of?a?web?
application.?In?most?cases,?this?method?can?dump?all?the?contents?of?any?
table?using?only?ONE?REQUEST?to?the?web?server,?without?the?need?of?any?
special?permission?on?the?DBMS.

I?have?written?a?paper?describing?how?the?technique?works?and?in?which?
fundamentals?it?is?based,?and?I?have?also?developed?a?tool?which?implements?
this?technique?as?a?proof?of?concept?(with?the?source?code?included).

You?can?get?them?through?this?URL:

http://www.kachakil.com/papers/SFX-SQLi-en.htm

Regards,
??Daniel?Kachakil?


_______________________________________________
Full-Disclosure?-?We?believe?in?it.
Charter:?http://lists.grok.org.uk/full-disclosure-charter.html
Hosted?and?sponsored?by?Secunia?-?http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]