Sql Injection Paper

2,008 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,008
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
77
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Sql Injection Paper

  1. 1. Sql Injection Paper By zeroday. zeroday [ at ] blacksecurity.org 1.Introduction. 2.Testing for vulnerabilities. 3.Gathering Information. 4.Data types. 5.Grabbing Passwords. 6.Create DB accounts. 7.MySQL OS Interaction. 8.Server name and config. 9.Retrieving VNC password from registry. 10.IDS Signature Evasion. 11.mySQL Input Validation Circumvention using Char(). 12.IDS Signature Evasion using comments. 13.Strings without quotes. 1. When a box only has port 80 open, it's almost certain the admin will patch his server, The best thing to turn to is web attacks. Sql Injection is one of the most common web attacks. You attack the web application, ( ASP, JSP, PHP, CGI..etc) rather than the webserver or the services running on the OS. Sql injection is a way to trick using a qurey or command as a input via webpages, most websites take parameters from the user like username and passwrod or even

×