Connection String Parameter Pollution Attacks

Chema Alonso
Security Professional
Feb. 2, 2010
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
1 of 43

Connection String Parameter Pollution Attacks

Feb. 2, 2010
Download to read offline

Talk delivered by Chema Alonso and Jose Palazon "Palako" in BlackHat DC 2010 about Connection String Injection Parameter Pollution attacks.

Chema Alonso
Security Professional

Recommended

системийг хөгжүүлэх алхмууд ба дизайнсистемийг хөгжүүлэх алхмууд ба дизайн
системийг хөгжүүлэх алхмууд ба дизайнKhishighuu Myanganbuu2.6K views13 slides
Java lecture4Java lecture4
Java lecture4Onobold Odgerel3.2K views41 slides
Lab14 algorithmLab14 algorithm
Lab14 algorithmBPurev18.6K views3 slides
Big Data: HBase and Big SQL self-study lab Big Data: HBase and Big SQL self-study lab
Big Data: HBase and Big SQL self-study lab Cynthia Saracco28K views50 slides
C consC cons
C consOnon Tuul18.5K views35 slides
CS203 Лекц02 OopCS203 Лекц02 Oop
CS203 Лекц02 OopJargalsaikhan Alyeksandr3.9K views33 slides

More Related Content

What's hot

Sw203 Lecture6 InheritanceSw203 Lecture6 Inheritance
Sw203 Lecture6 InheritanceJargalsaikhan Alyeksandr5.3K views22 slides
Lects 12Lects 12
Lects 12Ganbaatar ch16.4K views60 slides
U.cs101 алгоритм программчлал-2U.cs101 алгоритм программчлал-2
U.cs101 алгоритм программчлал-2Badral Khurelbaatar10.1K views31 slides
CS203 Лекц01 PrefeaceCS203 Лекц01 Prefeace
CS203 Лекц01 PrefeaceJargalsaikhan Alyeksandr4.1K views26 slides
Sw203 Lecture4 Class ObjectSw203 Lecture4 Class Object
Sw203 Lecture4 Class ObjectJargalsaikhan Alyeksandr2.1K views22 slides
Жава хэлний сурах бичиг Java helnii surah bichig MongolЖава хэлний сурах бичиг Java helnii surah bichig Mongol
Жава хэлний сурах бичиг Java helnii surah bichig MongolGantulga Dashdondov4.8K views188 slides

What's hot(20)

Sw203 Lecture6 InheritanceSw203 Lecture6 Inheritance
Sw203 Lecture6 Inheritance
Jargalsaikhan Alyeksandr5.3K views
Lects 12Lects 12
Lects 12
Ganbaatar ch16.4K views
U.cs101 алгоритм программчлал-2U.cs101 алгоритм программчлал-2
U.cs101 алгоритм программчлал-2
Badral Khurelbaatar10.1K views
CS203 Лекц01 PrefeaceCS203 Лекц01 Prefeace
CS203 Лекц01 Prefeace
Jargalsaikhan Alyeksandr4.1K views
Sw203 Lecture4 Class ObjectSw203 Lecture4 Class Object
Sw203 Lecture4 Class Object
Jargalsaikhan Alyeksandr2.1K views
Жава хэлний сурах бичиг Java helnii surah bichig MongolЖава хэлний сурах бичиг Java helnii surah bichig Mongol
Жава хэлний сурах бичиг Java helnii surah bichig Mongol
Gantulga Dashdondov4.8K views
5 & 65 & 6
5 & 6
International Ulaanbaatar University734 views
03.12 cnn backpropagation03.12 cnn backpropagation
03.12 cnn backpropagation
Dea-hwan Ki762 views
스마트폰활용교육다운로드Ppt스마트폰활용교육다운로드Ppt
스마트폰활용교육다운로드Ppt
균상 류8.8K views
Lekts presentation10Lekts presentation10
Lekts presentation10
ganzorigb3.1K views
7salaalsan7salaalsan
7salaalsan
Turuu Tsogt1.5K views
C++C++
C++
Алдарболд Э.9.7K views
Presentation1 өгөгдлийн санPresentation1 өгөгдлийн сан
Presentation1 өгөгдлийн сан
baterden3.5K views
визуаль програмчлал тествизуаль програмчлал тест
визуаль програмчлал тест
International Ulaanbaatar University1.5K views
Sw203 Lecture7 Method OverrideSw203 Lecture7 Method Override
Sw203 Lecture7 Method Override
Jargalsaikhan Alyeksandr1.3K views
Лекц 3 (Давталт)Лекц 3 (Давталт)
Лекц 3 (Давталт)
Мөнхбаярын Цэцэнцэнгэл3.7K views
U.IT101 Lab 9U.IT101 Lab 9
U.IT101 Lab 9
Ganbaatar ch26K views
Excel anhan shah, tomiyoExcel anhan shah, tomiyo
Excel anhan shah, tomiyo
monkhzyl6K views
Big Data: Big SQL and HBase Big Data: Big SQL and HBase
Big Data: Big SQL and HBase
Cynthia Saracco19.7K views
Rdbms bie daaltRdbms bie daalt
Rdbms bie daalt
Usukhuu Galaa513 views

Viewers also liked

Examen final de pascal jorgeExamen final de pascal jorge
Examen final de pascal jorgeMauro Calderon Chavez533 views1 slide
Default Passwords: Adelante por favorDefault Passwords: Adelante por favor
Default Passwords: Adelante por favorChema Alonso4.5K views44 slides
Seguridad en NavegadoresSeguridad en Navegadores
Seguridad en NavegadoresChema Alonso3.4K views32 slides
Seguridad en Apache Web ServerSeguridad en Apache Web Server
Seguridad en Apache Web ServerChema Alonso1.4K views47 slides
Navegadores en la EmpresaNavegadores en la Empresa
Navegadores en la EmpresaChema Alonso715 views34 slides
MS Forefront Client SecurityMS Forefront Client Security
MS Forefront Client SecurityChema Alonso921 views28 slides

Viewers also liked(20)

Examen final de pascal jorgeExamen final de pascal jorge
Examen final de pascal jorge
Mauro Calderon Chavez533 views
Default Passwords: Adelante por favorDefault Passwords: Adelante por favor
Default Passwords: Adelante por favor
Chema Alonso4.5K views
Seguridad en NavegadoresSeguridad en Navegadores
Seguridad en Navegadores
Chema Alonso3.4K views
Seguridad en Apache Web ServerSeguridad en Apache Web Server
Seguridad en Apache Web Server
Chema Alonso1.4K views
Navegadores en la EmpresaNavegadores en la Empresa
Navegadores en la Empresa
Chema Alonso715 views
MS Forefront Client SecurityMS Forefront Client Security
MS Forefront Client Security
Chema Alonso921 views
Portátiles A Prueba De RobosPortátiles A Prueba De Robos
Portátiles A Prueba De Robos
Chema Alonso730 views
Circuitos de Video Vigilancia IPCircuitos de Video Vigilancia IP
Circuitos de Video Vigilancia IP
Chema Alonso1.1K views
Asegúr@IT 7: Serialized SQL InjectionAsegúr@IT 7: Serialized SQL Injection
Asegúr@IT 7: Serialized SQL Injection
Chema Alonso1.4K views
Fortificación de MS SharePonFortificación de MS SharePon
Fortificación de MS SharePon
Chema Alonso812 views
Apadrina un malwareApadrina un malware
Apadrina un malware
Chema Alonso1.7K views
RootedCON 2011: DUSTRootedCON 2011: DUST
RootedCON 2011: DUST
Chema Alonso958 views
Hacking, Ciberguerra y otros PalabrosHacking, Ciberguerra y otros Palabros
Hacking, Ciberguerra y otros Palabros
Chema Alonso2.9K views
Asegúr@IT 7 - Forefront UAG 2010Asegúr@IT 7 - Forefront UAG 2010
Asegúr@IT 7 - Forefront UAG 2010
Chema Alonso1.6K views
MetaShield Protector & FOCA 2.0MetaShield Protector & FOCA 2.0
MetaShield Protector & FOCA 2.0
Chema Alonso1.7K views
Codemotion 2013: Feliz 15 aniversario, SQL InjectionCodemotion 2013: Feliz 15 aniversario, SQL Injection
Codemotion 2013: Feliz 15 aniversario, SQL Injection
Chema Alonso2.9K views
Defcon 18: FOCA 2Defcon 18: FOCA 2
Defcon 18: FOCA 2
Chema Alonso14.1K views
Hachetetepé dos puntos SLAAC SLAACHachetetepé dos puntos SLAAC SLAAC
Hachetetepé dos puntos SLAAC SLAAC
Chema Alonso11.3K views
FC00::1 (Algunos) Ataques en IPv6FC00::1 (Algunos) Ataques en IPv6
FC00::1 (Algunos) Ataques en IPv6
Chema Alonso5.7K views
WebBrowsing Fingerprinting y Privacidad en entornos de Big DataWebBrowsing Fingerprinting y Privacidad en entornos de Big Data
WebBrowsing Fingerprinting y Privacidad en entornos de Big Data
Chema Alonso3.5K views

Similar to Connection String Parameter Pollution Attacks

SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptCNSHacking4 views26 slides
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptLokeshK6610 views26 slides
It's a Dangerous World It's a Dangerous World
It's a Dangerous World MongoDB766 views39 slides
Top web apps security vulnerabilitiesTop web apps security vulnerabilities
Top web apps security vulnerabilitiesAleksandar Bozinovski225 views45 slides
ASP.NET security vulnerabilitiesASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesAleksandar Bozinovski6K views45 slides
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10Sastry Tumuluri760 views87 slides

Similar to Connection String Parameter Pollution Attacks(20)

SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
CNSHacking4 views
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
LokeshK6610 views
It's a Dangerous World It's a Dangerous World
It's a Dangerous World
MongoDB766 views
Top web apps security vulnerabilitiesTop web apps security vulnerabilities
Top web apps security vulnerabilities
Aleksandar Bozinovski225 views
ASP.NET security vulnerabilitiesASP.NET security vulnerabilities
ASP.NET security vulnerabilities
Aleksandar Bozinovski6K views
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10
Sastry Tumuluri760 views
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
FernandoVizer8 views
CONHESI 2021 - Exploiting Web APIsCONHESI 2021 - Exploiting Web APIs
CONHESI 2021 - Exploiting Web APIs
CiNPA Security SIG137 views
MySQL server securityMySQL server security
MySQL server security
Damien Seguy1.6K views
Low Hanging Fruit, Making Your Basic MongoDB Installation More SecureLow Hanging Fruit, Making Your Basic MongoDB Installation More Secure
Low Hanging Fruit, Making Your Basic MongoDB Installation More Secure
MongoDB197 views
Application of Machine Learning in CybersecurityApplication of Machine Learning in Cybersecurity
Application of Machine Learning in Cybersecurity
Pratap Dangeti481 views
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB World 2018: Low Hanging Fruit: Making Your Basic MongoDB Installation...
MongoDB527 views
Top Ten Java Defense for Web Applications v2Top Ten Java Defense for Web Applications v2
Top Ten Java Defense for Web Applications v2
Jim Manico37.2K views
Dynamic Database Credentials: Security Contingency PlanningDynamic Database Credentials: Security Contingency Planning
Dynamic Database Credentials: Security Contingency Planning
Sean Chittenden1.4K views
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
guest3379bd1.3K views
Intro to Php SecurityIntro to Php Security
Intro to Php Security
Dave Ross8.9K views
Web application securityWeb application security
Web application security
Ravi Raj890 views
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
Tony Amoyal2.1K views
Let's shield LiferayLet's shield Liferay
Let's shield Liferay
José A. Jiménez264 views
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
CiNPA Security SIG90 views

More from Chema Alonso

CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso42K views27 slides
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Chema Alonso48.2K views6 slides
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoChema Alonso16K views10 slides
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso3.5K views32 slides
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...Chema Alonso19.9K views14 slides
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarChema Alonso16K views2 slides

More from Chema Alonso(20)

CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
Chema Alonso42K views
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
Chema Alonso48.2K views
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
Chema Alonso16K views
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Chema Alonso3.5K views
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
New Paradigms of Digital Identity: Authentication & Authorization as a Servic...
Chema Alonso19.9K views
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
Chema Alonso16K views
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
Chema Alonso10.7K views
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
Chema Alonso23.6K views
Foca API v0.1Foca API v0.1
Foca API v0.1
Chema Alonso2.2K views
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Chema Alonso35.2K views
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of Magic
Chema Alonso2K views
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackers
Chema Alonso17.4K views
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Chema Alonso14.3K views
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
Chema Alonso26.5K views
El juego es el mismoEl juego es el mismo
El juego es el mismo
Chema Alonso2.3K views
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
Chema Alonso8.1K views
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
Chema Alonso33.1K views
Hacking con PythonHacking con Python
Hacking con Python
Chema Alonso46.4K views
Shuabang BotnetShuabang Botnet
Shuabang Botnet
Chema Alonso38.2K views
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu Windows
Chema Alonso24.2K views

Connection String Parameter Pollution Attacks