ignore security and it'll go away
Showing 1 - 25 of 74 RSS Feed

Files

Injecting SQLite Database-Based Application
Posted Feb 19, 2017
Authored by Manish Tanwar

This is a whitepaper that discusses leveraging SQL injection attacks against SQLite databases.

tags | paper, sql injection
MD5 | 5d5a3664bfa800fd6c41493052b37555
MySQL Error Based SQL Injection Using EXP
Posted Aug 22, 2015
Authored by Osanda Malith

This paper discusses an overflow in the DOUBLE data type in MySQL.

tags | paper, overflow
MD5 | 6719c22c4e76623f9156b543969a0c83
Inside The Mind Of Oracle's Mary Ann Davidson
Posted Aug 11, 2015
Authored by Mary Ann Davidson

This is a public blog posted by Oracle's CSO Mary Ann Davidson. It provides a rare glimpse into the corporate mindframe reminding us all that license agreements are always respected by hostile parties and therefore security researchers should not even consider reverse engineering Oracle's code base. As has been proven time and again, Oracle's bullet proof unbreakable security does not need public vetting and they consistently can identify and address all issues without your needless meddling.

tags | paper
MD5 | c993db9ae48ad4873422fb2cc2c54060
Pentesting Microsoft SQL Server
Posted Mar 4, 2015
Authored by Halil Dalabasmaz

Whitepaper discussing penetration and security testing against Microsoft SQL Server. Written in Turkish.

tags | paper, sql injection
MD5 | 8cb9062c3732cae2ddc38dfcb6234c65
SQLMap ile CSRF Bypass
Posted Jul 29, 2014
Authored by Ibrahim Balic

This whitepaper discusses hacking with sqlmap and leveraging cross site request forgery vulnerabilities. Written in Turkish.

tags | paper, vulnerability, csrf
MD5 | 68418b19f3a809183774a45c6a6e5099
DBMS_XMLSTORE As An Auxiliary SQL Injection Function In Oracle 12c
Posted Jul 22, 2014
Authored by David Litchfield

The ability to execute arbitrary SQL on Oracle via a SQL injection flaw is hampered by the fact that the Oracle RDBMS will not batch multiple queries. Typically, a low privileged attacker with say only the CREATE SESSION privilege, must find a function they can inject that will allow them to execute a block of anonymous PL/SQL. These are known as auxiliary inject functions. Depending upon the version of Oracle and what components are installed auxiliary inject functions may be few and far between. For example, on Oracle 12c with the internal Java VM removed, there may be none. Indeed, during a recent client assessment the author of this paper was confronted with such a situation: a PL/SQL injection flaw but with no easy method for easy exploitation to gain full control of the database server. This paper presents a method around such a problem using DBMS_XMLSTORE and, co-incidentally, DBMS_XMLSAVE. This method can be used in web-based SQL injection attacks, as well.

tags | paper, java, web, arbitrary, sql injection
MD5 | d24504669a9cae4404a95a4af656e24a
Oracle Data Redaction Is Broken
Posted Jul 16, 2014
Authored by David Litchfield

Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.

tags | paper, web, sql injection
MD5 | f858111decb47b66b29d44d90b0f6a79
Oracle SID Detection Techniques Part 4
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.

tags | paper
MD5 | d114f2b1e8754e16955bfbe8a4b73007
Oracle SID Detection Techniques Part 3
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 3. Written in Persian.

tags | paper
MD5 | 937cc2a89e90122dc9f10938834aa814
Oracle SID Detection Techniques Part 2
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 2. Written in Persian.

tags | paper
MD5 | 7369d8e14c979e5e473cd2ca1b5f99c2
Oracle SID Detection Techniques Part 1
Posted Jun 15, 2014
Authored by Ali Abbasi

Whitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.

tags | paper
MD5 | 67aa0083f8855957c2a7e45704f9735d
SQL Injection In Insert, Update, And Delete
Posted May 7, 2014
Authored by Osanda Malith

This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.

tags | paper, sql injection
MD5 | 5cbd0e55c570992f600f2d3c243a4f20
Exploitation Of MS-SQL Servers Explained
Posted Nov 26, 2012
Authored by Agd_Scorp

Whitepaper called Exploitation of MS-SQL Servers Explained. Written in Turkish.

tags | paper
MD5 | 81e182e2e0644d3bd89a704b28302936
Indexed Blind SQL Injection
Posted Dec 3, 2011
Authored by gamma95

Whitepaper called Indexed Blind SQL Injection. Time based blind SQL attacks suffer from low bit/request ratios. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of a longer runtime. Along the way, some issues and notes of applicability are also discussed.

tags | paper, sql injection
MD5 | 9e7ad9653111f72569433f8ab5f75f03
Blind SQL Injection With Regular Expressions Attack
Posted Jun 13, 2011
Authored by IHTeam, white_sheep | Site ihteam.net

Whitepaper called Blind SQL Injection with Regular Expressions Attack.

tags | paper, sql injection
MD5 | f0fa901d1c691c1e0c55151687ac10ae
Advanced MySQL Exploitation
Posted Jan 10, 2011
Authored by Muhaimin Dzulfakar

Whitepaper called Advanced MySQL Exploitation.

tags | paper
MD5 | 863e901e751d249f12dd9fce9db7c4eb
Tutorial Blind SQL Injection Referensi
Posted Nov 8, 2010
Authored by jos_ali_joe

Whitepaper called Tutorial Blind SQL Injection Referensi. Written in Indonesian.

tags | paper, sql injection
MD5 | 63f2b8f63c3fd977692f13ed307277b6
Oracle Penetration Testing Using The Metasploit Framework
Posted Nov 2, 2010
Authored by Chris Gates, Mario Ceballos

Whitepaper called Oracle Penetration Testing Using the Metasploit Framework.

tags | paper
MD5 | 5f9856825cbdb65feddd17821b6f19f0
Practical Padding Oracle Attacks
Posted Sep 29, 2010
Authored by Juliano Rizzo, Thai Duong

These are slides from the Practical Padding Oracle Attack presentation given at BlackHat Europe 2010.

tags | paper
MD5 | bc4c5b4525f49da4823ddbd4f03e8f7d
MySQL Injection - Simple Load File And Into OutFile Tutorial
Posted Aug 13, 2010
Authored by MikiSoft

This is a short tutorial called MySQL Injection - Simple Load File and Into OutFile.

tags | paper, sql injection
MD5 | 2919fdf1ea63bdd21b064c4495257766
MySQL SQL Injection Tutorial
Posted Jul 26, 2010
Authored by Prashant Uniyal

This whitepaper is a MySQL SQL injection tutorial.

tags | paper, sql injection
MD5 | e29082314c34ad39aacd6ba49afe9045
SQL Injection With File Privileges
Posted Jun 29, 2010
Authored by fred777

Whitepaper called SQL Injection with File Privileges. Written in German.

tags | paper, sql injection
MD5 | 1d4738c8c5dfa9ae9fb351222a06a17a
SQL Injection With INFORMATION_SCHEMA
Posted Jun 25, 2010
Authored by fred777

Whitepaper called SQL Injection with INFORMATION_SCHEMA. Written in German.

tags | paper, sql injection
MD5 | 9caa89d8d3cfbe1c01bee97e38b6a118
SQL Injection Filtering
Posted May 25, 2010
Authored by d3c0der

Whitepaper called SQL Injection Filtering. Written in Persian.

tags | paper, sql injection
MD5 | 826a23d9c3e3a5de99d710cbaf6b1461
Whitepaper Called Easy Method: Blind SQL Injection
Posted May 18, 2010
Authored by Mohd Izhar Ali | Site johncrackernet.blogspot.com

This is a whitepaper called Easy Method: Blind SQL Injection.

tags | paper, sql injection
MD5 | ab2baecb89655ab41b0a80e7f1122322
Page 1 of 3
Back123Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
New Magniber Ransomware Targets South Korea, Asia Pacific
Posted Oct 21, 2017

tags | headline, malware, china, fraud, korea
Hackers Race To Use Flash Exploit Before Vulnerable Systems Are Patched
Posted Oct 21, 2017

tags | headline, hacker, malware, flaw, cyberwar, adobe
Bitcoin Boom Prompts Growth Of Coin-Mining Malware
Posted Oct 21, 2017

tags | headline, malware, bank, fraud
How To Social Engineer Yourself Into High Security Facilities
Posted Oct 21, 2017

tags | headline, fraud, social
Phishers Getting Smarter By Making Use Of User Location
Posted Oct 20, 2017

tags | headline, malware, cybercrime, fraud, phish
OSX Malware Spread Via Compromised Software Downloads
Posted Oct 20, 2017

tags | headline, malware, apple
Canadian Spooks Release Their Own Malware Detection Tool
Posted Oct 20, 2017

tags | headline, government, malware, canada, spyware
Judge: MalwareTech Is No Longer Under Curfew, GPS Monitoring
Posted Oct 20, 2017

tags | headline, hacker, government, malware, usa, conference
Microsoft Mocks Google For Failed Security Fix Deployment Methodology
Posted Oct 19, 2017

tags | headline, microsoft, flaw, google, chrome
Malicious Mineraft Apps In Google Play Enslave Your Device To A Botnet
Posted Oct 19, 2017

tags | headline, malware, microsoft, phone, botnet, google
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close