Whitepaper called Database Security Threats and Injection Technique. Written in Persian.
5d18ecda87e677b9be4fcc471c55096e2eefcceb48e70cc55ca0ed8b6636b300Whitepaper called MySQL UDF Exploitation.
e3f1baa170d27afb7c63c85824246d5dacb72df1f9b55d3c574624348aab3380This is a whitepaper that discusses leveraging SQL injection attacks against SQLite databases.
2d25bf7c68c93856be515e7d7f9ce1c5e31d0ff0e1c4c03ba1d67a61f385507eThis paper discusses an overflow in the DOUBLE data type in MySQL.
994da41348fedec81430a33635725f5ef5bf21eaded32a286053dfd2938cf982This is a public blog posted by Oracle's CSO Mary Ann Davidson. It provides a rare glimpse into the corporate mindframe reminding us all that license agreements are always respected by hostile parties and therefore security researchers should not even consider reverse engineering Oracle's code base. As has been proven time and again, Oracle's bullet proof unbreakable security does not need public vetting and they consistently can identify and address all issues without your needless meddling.
d16deebdad2785cf38a42eaa182a2fd03f6976eacc830f7b05b1f5489393b40fWhitepaper discussing penetration and security testing against Microsoft SQL Server. Written in Turkish.
dc6404d93aa87f8467a2c37aca466c0c947bae3530334eb4dd8b112aa3850d18This whitepaper discusses hacking with sqlmap and leveraging cross site request forgery vulnerabilities. Written in Turkish.
7130a96bfe8e601c63c6db831c76a47578959bc3aa160183ca7c39ba4c380efdThe ability to execute arbitrary SQL on Oracle via a SQL injection flaw is hampered by the fact that the Oracle RDBMS will not batch multiple queries. Typically, a low privileged attacker with say only the CREATE SESSION privilege, must find a function they can inject that will allow them to execute a block of anonymous PL/SQL. These are known as auxiliary inject functions. Depending upon the version of Oracle and what components are installed auxiliary inject functions may be few and far between. For example, on Oracle 12c with the internal Java VM removed, there may be none. Indeed, during a recent client assessment the author of this paper was confronted with such a situation: a PL/SQL injection flaw but with no easy method for easy exploitation to gain full control of the database server. This paper presents a method around such a problem using DBMS_XMLSTORE and, co-incidentally, DBMS_XMLSAVE. This method can be used in web-based SQL injection attacks, as well.
42373a43d60cc25c4d8fb1e06e905e8adafeae668b2a402d7121f1232ab9d611Oracle data redaction is a simple but clever and innovative idea from Oracle. However, at present, there are weaknesses that undermine its effectiveness as a good security mechanism. These weaknesses can be exploited via web based SQL injection attacks and this paper details those weaknesses and provides suggestions on how it can be improved and made more secure.
8cb488d94f0f24c541295b45894955646b915f06b2bd3f2038f2c4e7aac4422fWhitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.
216902657ee1a360c1b1d862f34bf7cec694092990536e667eff806c67124f16Whitepaper called Oracle SID Detection Techniques - Part 3. Written in Persian.
99d5fc68bd7f308a7fb0286580dfe9fb08fa67f54a4512ba6fc79242096c12a4Whitepaper called Oracle SID Detection Techniques - Part 2. Written in Persian.
dce6b5307b6f20bb7d98b49054356d04c564fab5330fc55d8943a23c414fdf59Whitepaper called Oracle SID Detection Techniques - Part 1. Written in Persian.
b840fcc9f91bdcdd628bf96a2b8007f515b3578cf72d2146034d794c32e08817This is a brief whitepaper that goes over different payloads that can be leveraged in SQL injection attacks.
9499be52d5cfed9d72ecaf10bc20f2276bb6bc14fd6d1eb70d8afca6916fdf70Whitepaper called Exploitation of MS-SQL Servers Explained. Written in Turkish.
4ffc2985fa1f3d4996dafdb8b9f4aeb73a2c9f7d902970dcdd4e16f2f7207a9dWhitepaper called Indexed Blind SQL Injection. Time based blind SQL attacks suffer from low bit/request ratios. Each request produces only one valuable bit of information. This paper describes a tweak that produces higher yield at the expense of a longer runtime. Along the way, some issues and notes of applicability are also discussed.
84e74daa46ea6185f1c1f4ee9764bc2315f2a4cf39e46f8dfcea99039a5ecb21Whitepaper called Blind SQL Injection with Regular Expressions Attack.
167010ab38c65a1b629b2eb5767870004cb391e155573d9cd652fbf5476b540fWhitepaper called Advanced MySQL Exploitation.
eeed1189d006c0343e26e681e5c40d6acc19a93e76346607fc677f073a104192Whitepaper called Tutorial Blind SQL Injection Referensi. Written in Indonesian.
e3aa7441ce7deb5e534679f40dc15f786367faa10e651b0d1a65433fca02f778Whitepaper called Oracle Penetration Testing Using the Metasploit Framework.
5f83e34bb9fafd4e3e942567202ceb11434ef372ffb87749583ed54f98922e90These are slides from the Practical Padding Oracle Attack presentation given at BlackHat Europe 2010.
44d6bd6f34982348a4af9f4bd0fe7a99db3855f3ff6cb55230636fab6a2bbf7bThis is a short tutorial called MySQL Injection - Simple Load File and Into OutFile.
6866aa8f28dcac6458750046b3125a824fcea99b3aedbddd27f63076b1098e76This whitepaper is a MySQL SQL injection tutorial.
517d27c0d6f06d56b0bfa16f3e725b79f33fe4a3755de1772342c7350620aa7cWhitepaper called SQL Injection with File Privileges. Written in German.
8a840f1a4c02b27eff38fa668101a0c35692ec019f154067aa6c23502a435bd6Whitepaper called SQL Injection with INFORMATION_SCHEMA. Written in German.
a163eee81c0b2b2ca61c599aa48a492b19d92ef0e7f6836c52b7048326274b35
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed