Your SlideShare is downloading. ×
  • Like
Advanced SQL Injection with SQLol
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Advanced SQL Injection with SQLol


The slides from my SOURCE Boston 2012 talk: Advanced SQL Injection with SQLol

The slides from my SOURCE Boston 2012 talk: Advanced SQL Injection with SQLol

Published in Technology , Spiritual
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. Presented by:COPYRIGHT TRUSTWAVE 2011
  • 2. Whom?Daniel CrowleyTrustwave SpiderLabs @dan_crowley dcrowley@trustwave.comCOPYRIGHT TRUSTWAVE 2011
  • 3. What?SQLol A configurable SQLi test-bed A tool for Research Education Testing TRUSTWAVE 2011
  • 4. Why?Existing test-beds are Inflexible SimplifiedReal-world scenarios are Varied DangerousCOPYRIGHT TRUSTWAVE 2011
  • 5. Why? Klingon versionHeghlumeH QaQ jajvamCOPYRIGHT TRUSTWAVE 2011
  • 6. Why? Shakespearean versionI humbly posit that the current state(With much respect to work whichdoes precede)Of test-beds made with vulns to demonstrateIs lacking some in flexibility.COPYRIGHT TRUSTWAVE 2011
  • 7. Why? Shakespearean versionTwo options are presented present-day,As far as when one deals with SQL:A blind injection (bool or time delay)And UNION statement hax (oh gee, how swell…)COPYRIGHT TRUSTWAVE 2011
  • 8. Why? Shakespearean versionImagine we could choose howqueries readAnd how our input sanitizes, oh!How nimble and specific we could beTo recreate our ‘sploit scenarios.COPYRIGHT TRUSTWAVE 2011
  • 9. Why? Shakespearean versionAnd thus is S-Q-L-O-L conceived:That we can study how to pwn DBs.COPYRIGHT TRUSTWAVE 2011
  • 10. Why? tl;dr version‘Cuz.COPYRIGHT TRUSTWAVE 2011
  • 11. Choose type of queryCOPYRIGHT TRUSTWAVE 2011
  • 12. Choose sanitization optionsCOPYRIGHT TRUSTWAVE 2011
  • 13. Choose verbosityCOPYRIGHT TRUSTWAVE 2011
  • 14. ChallengesCOPYRIGHT TRUSTWAVE 2011
  • 15. ManualCOPYRIGHT TRUSTWAVE 2011
  • 16. ManualCOPYRIGHT TRUSTWAVE 2011
  • 17. AutomatedCOPYRIGHT TRUSTWAVE 2011
  • 18. RequirementsWeb server of your choice with PHPADODB-supported databaseCOPYRIGHT TRUSTWAVE 2011
  • 19. DeploymentUn-tar SQLol inside web rootCOPYRIGHT TRUSTWAVE 2011
  • 20. DeploymentModify includes/database.config.phpCOPYRIGHT TRUSTWAVE 2011
  • 21. DeploymentRun database reset scriptCOPYRIGHT TRUSTWAVE 2011
  • 22. Future featuresCustom sanitization routinesStored procedure injectionsDatabase privilege optionsMore challengesCOPYRIGHT TRUSTWAVE 2011
  • 23. Like SQLol?Try XMLmao!Possible future test beds? cryptOMG rofLDAP (asLDAP) KTHXbypass XSSmhCOPYRIGHT TRUSTWAVE 2011
  • 24. Questions?dcrowley@trustwave.comTwitter: @dan_crowleyCode: TRUSTWAVE 2011