download

PDF slides
MD5: FEDD665E8D631ED67E4E210108715974
SHA1:F882D851586D57961C1730D456D8A7BEFC787A45

Author

: AR

GUI Access Through SQL Injection

Slides presented by Alberto Revelli at OwaspDay II in Rome, 31/03/2008. They describe some SQL Injection tricks that can be used to get a full access to the DB server's operating system. The examples are mainly focused on MS SQL Server, but the concepts are valid for other DBMS as well.

Last Updated : 01/04/2008 15:30:22

Related Applications

BSQL brute forcer V2Updated version of the Blind SQL Injection Brute Forcer from www.514.es. Works against PostgreSQL, MySQL, MSSQL and Oracle and supports custom SQL Queries.
BSQL HackerBSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
Deep Blind SQL InjectionDeep Blind SQL Injection is a new way to exploit Blind SQL Injections with a 66% reduction in the number of requests.
OWASP AU 2009 SlidesSlides from OWASP Appsec Australia 2009.