This paper will present a new class of attack, called SQL Smuggling. SQL Smuggling is a sub-class of SQL Injection attacks that rely on differences between contextual interpretation performed by the application platform and the database server. While numerous instances of SQL Smuggling are commonly known, it has yet to be examined as a discrete class of attacks, with a common root cause. The root cause in fact has not yet been thoroughly investigated; this research is a result of a new smuggling technique, presented in this paper. It is fair to assume that further study of this commonality will likely lead to additional findings in this area.
46f3d645ad84a08e0fd5e13e5b32e7c9a124a0b37fd8e35f1fe56d83038a5ddf
A tutorial written for newbies who wants to explore the m4d l33t world of SQL injection and have yet to even learn basic SQL commands.
c0a7f60cb48c9552397f1e532902b4520e369df3e949149b7d57db9e5e391b32
Whitepaper discussing techniques for MySQL related SQL injection. Written in Spanish.
ee7e900283cc996a8c28c40c5884ac9c44ab2146723cc1d4733f97b3eed84f6d
Whitepaper discussing blind SQL injection discovery and exploitation techniques. It describes how to deal with blind SQL injection on ASP/ASP.NET applications running with access to XP_CMDSHELL.
38f99722128efd5e6ad90e4e47213ad4e80f38e80cd65725de7307d4dc245cf1
DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers.
966761136e5dd0fc10bac9d6b273966d20386567a7bdca93ac2c13e0d89fc0e9
Blind MySQL Injection - Techniques for injection without any information regarding MySQL. Written in Spanish.
8d89853d9dcac5bc068947c4c9f8c470ec5a392d5d24061e64d5913b14a15aaf
Lateral SQL Injection: A New Class of Vulnerability in Oracle.
0db673b33010a9aa5626bc5198e1ef07be87e36a1d9a04d25e9c098c2c211bbe
Whitepaper called Error Based SQL Injection - A True Story.
8c587c42923564ab931ded4c61b6f6a56d5e1b9a7fc0f1f3884c7f21aa408442
Slides from the presentation Oracle Database Vault: Design Failures.
aa413dac2420e9793150ea25140ef356d8f3b5c166c5a82b88e5082a51840006
Whitepaper: Oracle Forensics Part 6 - Examining Undo Segments, Flashback and the Oracle Recycle Bin.
76e1d7ed99164fa689c01f4960b40e5de09c7ff60fa91c3fe4fcaabf1c4422f2
Whitepaper: Oracle Forensics Part 5 - Finding Evidence of Data Theft in the Absence of Auditing.
05f964f5538507637f62883278dca0fbb358534be66e7a889e548211d48bc52c
Whitepaper discussing security implications with PostgreSQL when improperly configured.
394fde0a55e01e4ceacd902f672a2e8f17f90c73974cfcf7a60f272b62d35440
Whitepaper: Oracle Forensics Part 4 - What an incident responder should do during a Live Response on a compromised Oracle server.
83f0aeb9dd27cf69a8be8e6c4848a9202b04c6d3075694610204fed13acc7d0b
Database Security Brief: The Oracle Critical Patch Update for April 2007.
a465cc3fe3cd6f9d61436789abaa6d3353a89cf58084fac1c54a1b580479ea9a
Whitepaper: Oracle Forensics Part 3 - Isolating Evidence of Attacks Against the Authentication Mechanism.
81e72d8d4ad573a25cd1dc2081223589365436cda2fb6120efd95ace839bbc35
Whitepaper: Oracle Forensics Part 2 - Locating Dropped Objects.
4ae3a18f31870f0d43997f9547068790fed32a9e928f6fd5fdfada63b49fbb91
Whitepaper: Oracle Forensics Part 1 - Dissecting the Redo Logs.
b03a861dde27c162bf5629855f2f67c101139bb2deae2410b0349885f1615935
Whitepaper entitled "Cursor Injection - A New Method for Exploiting PL/SQL Injection and Potential Defences".
5e052565e3661c687c0142cb2a857a3b5d8400a27ec65832792185de33fbad3d
Defeating Virtual Private Databases, a chapter from the Oracle Hacker's Handbook.
7cf148e1ab70f4357ff232e00ce6a5f24bef89a12e5de8bc87246be02511702f
Indirect Privilege Escalation, a chapter from the Oracle Hacker's Handbook.
7f8124fe32864ca4771a493debdf86f128eba3b844b6479d4bfc1da1fee9ff8a
New Oracle Security Paper - How to secure Oracle passwords from rainbow tables and new password cracking patches. Also includes a free audit tool called OraBrute to brute force SYS AS SYSDBA in order to check that it has been secured. Unfortunately by default it is not but can be secured by following this papers recommendations.
d01676e8a88e2d6cb26473a80fe847d360a18ce0fbd1a995aafac93055168522
Whitepaper detailing a potential PL/SQL programming error related to cursors that leads to a new class of vulnerability in Oracle.
8c5057fe16f9b2f304f5725b4b6a9f9f6342e138793b7fb488b2611b317c234a
Whitepaper entitled "Which is more secure? Oracle vs. Microsoft". This article looks at the number of security flaws in Oracle and Microsoft database offerings.
76b1dff89265c886e4fb95a2da210b637f0ae4d28b78e4ee37976c44012de162
Informix: Discovery, Attack, and Defense.
30d3c198f1a5407dc57ce22ec3acc687151a9106b822a114825a198deff50d61
"Snagging Security Tokens to Elevate Privileges" is a brief that details how a database server running as a low privileged user on Windows can still provide an attacker with the ability to gain elevated privileges on the network and suggests a change in security policy to mitigate the risk. As a side note, this affects all network servers that offer OS based authentication - not just database servers.
ddf0367b0ae123b501921160d18f52c089a3c85c8d21251937bf98c7eee6c567