• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
DoS Attacks Using Sql Wildcards
 

DoS Attacks Using Sql Wildcards

on

  • 4,119 views

DoS Attacks Using Sql Wildcards

DoS Attacks Using Sql Wildcards

Statistics

Views

Total Views
4,119
Views on SlideShare
4,115
Embed Views
4

Actions

Likes
1
Downloads
98
Comments
0

1 Embed 4

http://www.slideshare.net 4

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    DoS Attacks Using Sql Wildcards DoS Attacks Using Sql Wildcards Presentation Transcript

    • DO S A TTACKS USING SQL W ILDCARDS Ferruh Mavituna www.portcullis-security.com This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications1. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks: 1- An SQL Server Backend; 2- More than 300 records in the database and around 500 bytes of data per row; 3- An application level search feature. As you might notice I have just described 90% of Microsoft SQL Server based CMSs, blogs, CRMs and e-commerce web applications. Other databases could be vulnerable depending on how the applications implement search functionalities although common implementation of the search functionality in SQL Server back-end applications is vulnerable. S EARCH Q UERIES The SQ