0
DO S A TTACKS USING SQL
            W ILDCARDS
                                         Ferruh Mavituna

                 ...
DoS Attacks Using Sql Wildcards
DoS Attacks Using Sql Wildcards
DoS Attacks Using Sql Wildcards
DoS Attacks Using Sql Wildcards
DoS Attacks Using Sql Wildcards
DoS Attacks Using Sql Wildcards
DoS Attacks Using Sql Wildcards
Upcoming SlideShare
Loading in...5
×

DoS Attacks Using Sql Wildcards

2,595

Published on

DoS Attacks Using Sql Wildcards

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,595
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
99
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Transcript of "DoS Attacks Using Sql Wildcards"

  1. 1. DO S A TTACKS USING SQL W ILDCARDS Ferruh Mavituna www.portcullis-security.com This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications1. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks: 1- An SQL Server Backend; 2- More than 300 records in the database and around 500 bytes of data per row; 3- An application level search feature. As you might notice I have just described 90% of Microsoft SQL Server based CMSs, blogs, CRMs and e-commerce web applications. Other databases could be vulnerable depending on how the applications implement search functionalities although common implementation of the search functionality in SQL Server back-end applications is vulnerable. S EARCH Q UERIES The SQ
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×