Tuesday, May 19, 2009
Blind SQL Injection, or passing the elephant through the needle hole
This SANS Diary entry from Bojan Zdrnja is a very good explanation about how an apparently non-exploitable SQL Injection condition can be used to get important information from the database. Just by looking at one of the sample injected SQL statements you can see how complex a SQL Injection attack can be:event = tr' || (select casewhen substr(banner, 1, 1) = 'A' then 'u' else 'X' end from (selectbanner from v$version where banner like '%Oracle%')) || 'eRead the full story here.
Posted by Augusto Barros at 6:16 PM