Research and Development

This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks:

1- An SQL Server Backend;
2- More than 300 records in the database and around 500 bytes of data per row;
3- An application level search feature.

As you might notice I have just described 90% of Microsoft SQL Server based CMSs, blogs, CRMs and e-commerce web applications. Other databases could be vulnerable depending on how the applications implement search functionalities although common implementation of the search functionality in SQL Server back-end applications is vulnerable.

DoS Attacks Using SQL Wildcards
567.2 KiB
MD5 hash: 51a158a1e160f74d3c8e54ce364c873b

Request to be added to the Portcullis Labs newsletter

We will email you whenever a new tool, or post is added to the site.

Your Name (required)

Your Email (required)