SlideShare is now on Android. 15 million presentations at your fingertips.  Get the app

×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
 

Advanced SQL injection to operating system full control (slides)

by Computer Security Consultant at - on Apr 20, 2009

  • 36,935 views

Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. ...

Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.

It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).

These slides have been presented at Black Hat Euroe conference in Amsterdam on April 16, 2009.

Statistics

Views

Total Views
36,935
Views on SlideShare
35,743
Embed Views
1,192

Actions

Likes
14
Downloads
1,322
Comments
1

47 Embeds 1,192

http://bernardodamele.blogspot.com 442
http://ricardo.parente.us 179
http://www.slideshare.net 123
http://vaidacerto.blogspot.com 91
http://bernardodamele.blogspot.in 40
http://bernardodamele.blogspot.co.uk 35
https://cybozulive.com 33
http://www.arcanesecurity.net 31
http://mhlabs.wordpress.com 28
http://vaidacerto.blogspot.com.br 26
http://bernardodamele.blogspot.com.br 24
http://bernardodamele.blogspot.it 14
http://bernardodamele.blogspot.mx 11
http://bernardodamele.blogspot.fr 11
http://bernardodamele.blogspot.de 10
http://bernardodamele.blogspot.com.au 9
http://bernardodamele.blogspot.pt 9
http://static.slidesharecdn.com 7
http://bernardodamele.blogspot.ca 6
http://bernardodamele.blogspot.co.il 6
http://bernardodamele.blogspot.ch 4
http://bernardodamele.blogspot.ro 4
http://feeds2.feedburner.com 4
http://bernardodamele.blogspot.com.es 4
http://bernardodamele.blogspot.be 3
http://bernardodamele.blogspot.com.ar 3
http://bernardodamele.blogspot.ie 3
http://bernardodamele.blogspot.gr 3
http://translate.googleusercontent.com 3
http://bernardodamele.blogspot.se 2
http://bernardodamele.blogspot.tw 2
http://bernardodamele.blogspot.ae 2
http://bernardodamele.blogspot.nl 2
http://bernardodamele.blogspot.hu 2
http://bernardodamele.blogspot.jp 2
http://bernardodamele.blogspot.kr 2
http://www.blogger.com 2
http://www.hanrss.com 1
http://bernardodamele.blogspot.com.tr 1
http://www.linkedin.com 1
http://74.125.93.132 1
http://bernardodamele.blogspot.dk 1
http://webcache.googleusercontent.com 1
http://vaidacerto.blogspot.pt 1
https://twimg0-a.akamaihd.net 1
http://bernardodamele.blogspot.co.at 1
https://www.linkedin.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • sumsid1234 sumsid1234 SQL Server 2000 by default runs as 'system' and hence the smb relay attack mentioned in your slide will fail(slide 50).

    Very nice talk, looking forward to use the overflow in SQL server.
    4 years ago
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Advanced SQL injection to operating system full control (slides) Advanced SQL injection to operating system full control (slides) Presentation Transcript