A follow up presentation to show more in-depth format string exploitation techniques. Continue reading
This presentation has given in Intercon 2007 (Portcullis’s internal conference), Talks about exploiting and identifying most common XSS vulnerabilities in real world.
Slides presented by Alberto Revelli at OwaspDay II in Rome, 31/03/2008. They describe some SQL Injection tricks that can be used to get a full access to the DB server’s operating system. The examples are mainly focused on MS SQL Server, but the concepts are valid for other DBMS as well.