Advanced SQL Injection with SQLol
Upcoming SlideShare
Loading in...5
×
 

Advanced SQL Injection with SQLol

on

  • 1,678 views

The slides from my SOURCE Boston 2012 talk: Advanced SQL Injection with SQLol

The slides from my SOURCE Boston 2012 talk: Advanced SQL Injection with SQLol

Statistics

Views

Total Views
1,678
Views on SlideShare
1,625
Embed Views
53

Actions

Likes
0
Downloads
11
Comments
0

3 Embeds 53

https://twitter.com 46
http://www.linkedin.com 6
http://twitter.com 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Advanced SQL Injection with SQLol Advanced SQL Injection with SQLol Presentation Transcript

  • Presented by:COPYRIGHT TRUSTWAVE 2011
  • Whom?Daniel CrowleyTrustwave SpiderLabs @dan_crowley dcrowley@trustwave.comCOPYRIGHT TRUSTWAVE 2011
  • What?SQLol A configurable SQLi test-bed A tool for Research Education Testinghttp://github.com/SpiderLabs/SQLolCOPYRIGHT TRUSTWAVE 2011
  • Why?Existing test-beds are Inflexible SimplifiedReal-world scenarios are Varied DangerousCOPYRIGHT TRUSTWAVE 2011
  • Why? Klingon versionHeghlumeH QaQ jajvamCOPYRIGHT TRUSTWAVE 2011
  • Why? Shakespearean versionI humbly posit that the current state(With much respect to work whichdoes precede)Of test-beds made with vulns to demonstrateIs lacking some in flexibility.COPYRIGHT TRUSTWAVE 2011
  • Why? Shakespearean versionTwo options are presented present-day,As far as when one deals with SQL:A blind injection (bool or time delay)And UNION statement hax (oh gee, how swell…)COPYRIGHT TRUSTWAVE 2011
  • Why? Shakespearean versionImagine we could choose howqueries readAnd how our input sanitizes, oh!How nimble and specific we could beTo recreate our ‘sploit scenarios.COPYRIGHT TRUSTWAVE 2011
  • Why? Shakespearean versionAnd thus is S-Q-L-O-L conceived:That we can study how to pwn DBs.COPYRIGHT TRUSTWAVE 2011
  • Why? tl;dr version‘Cuz.COPYRIGHT TRUSTWAVE 2011
  • Choose type of queryCOPYRIGHT TRUSTWAVE 2011
  • Choose sanitization optionsCOPYRIGHT TRUSTWAVE 2011
  • Choose verbosityCOPYRIGHT TRUSTWAVE 2011
  • ChallengesCOPYRIGHT TRUSTWAVE 2011
  • ManualCOPYRIGHT TRUSTWAVE 2011
  • ManualCOPYRIGHT TRUSTWAVE 2011
  • AutomatedCOPYRIGHT TRUSTWAVE 2011
  • RequirementsWeb server of your choice with PHPADODB-supported databaseCOPYRIGHT TRUSTWAVE 2011
  • DeploymentUn-tar SQLol inside web rootCOPYRIGHT TRUSTWAVE 2011
  • DeploymentModify includes/database.config.phpCOPYRIGHT TRUSTWAVE 2011
  • DeploymentRun database reset scriptCOPYRIGHT TRUSTWAVE 2011
  • Future featuresCustom sanitization routinesStored procedure injectionsDatabase privilege optionsMore challengesCOPYRIGHT TRUSTWAVE 2011
  • Like SQLol?Try XMLmao!Possible future test beds? cryptOMG rofLDAP (asLDAP) KTHXbypass XSSmhCOPYRIGHT TRUSTWAVE 2011
  • Questions?dcrowley@trustwave.comTwitter: @dan_crowleyCode:http://github.com/SpiderLabs/SQLolhttp://www.surveymonkey.com/sourceboston12COPYRIGHT TRUSTWAVE 2011