-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
1/37
mailto:[email protected] -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
2/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
3/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
4/37
http://www.wiretrip.net/rfp/policy.htmlhttp://www.zscaler.com/http://www.owasp.org/http://www.forristal.com/ -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
5/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
6/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
7/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
8/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
9/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
10/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
11/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
12/37
http://www.toolcrypt.org/index.html?dbgtoolhttp://www.toolcrypt.org/ -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
13/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
14/37
http://en.wikipedia.org/wiki/User-defined_function -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
15/37
http://www.0xdeadbeef.info/ -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
16/37
http://www.mysqludf.org/ -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
17/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
18/37
http://eu.wiley.com/WileyCDA/WileyTitle/productCd-0764578014.htmlhttp://www.davidlitchfield.com/http://daniele.bellucci.googlepages.com/http://www.leidecker.info/ -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
19/37
http://en.wikipedia.org/wiki/Stored_procedure -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
20/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
21/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
22/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
23/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
24/37
http://www.atlantacon.org/events_2001.htmlhttp://en.wikipedia.org/wiki/Sir_Dystichttp://www.blackhat.com/html/bh-usa-97/speakers.htmlhttp://www.linkedin.com/in/dbrezinski -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
25/37
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4037 -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
26/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
27/37
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5416 -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
28/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
29/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
30/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
31/37
-
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
32/37
http://nomoreroot.blogspot.com/ -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
33/37
http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.htmlhttp://sqlninja.sourceforge.net/http://lab.lonerunners.net/http://www.pornosecurity.org/http://sourceforge.net/projects/sqlmap/http://sourceforge.net/projects/sqlmap/ -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
34/37
http://www.microsoft.com/technet/security/Bulletin/MS08-068.mspxhttp://www.microsoft.com/technet/security/Bulletin/MS08-068.mspxhttp://www.microsoft.com/express/vc/http://technet.microsoft.com/en-us/library/bb491040.aspxhttp://www.nologin.org/Downloads/Papers/meterpreter.pdfhttp://www.0xdeadbeef.info/exploits/raptor_udf2.chttp://labs.mwrinfosecurity.com/files/Publications/mwri_security-implications-of-windows-access-tokens_2008-04-14.pdfhttp://www.xfocus.net/articles/200305/smbrelay.htmlhttp://upx.sourceforge.net/http://www.immunitysec.com/products-canvas.shtmlhttp://blog.metasploit.com/2008/11/ms08-067-metasploit-and-smb-relay.htmlhttp://www.milw0rm.com/exploits/7501http://www.milw0rm.com/exploits/7501http://gcc.gnu.org/http://download.matus.in/doc/Hacking/Navody/NT.AUTHENTIFICATION_WEAKNESS.TXThttp://media.wiley.com/product_ancillary/14/07645780/DOWNLOAD/578014_Code.ziphttp://www.coresecurity.com/content/microsoft-sql-server-spreplwritetovarbin-remote-heap-overflow-exploit-8http://www.coresecurity.com/content/microsoft-sql-server-spreplwritetovarbin-remote-heap-overflow-exploit-8http://www.argeniss.com/research/Churrasco2.ziphttp://www.argeniss.com/research/Churrasco.ziphttp://www.argeniss.com/research/TokenKidnapping.pdfhttps://www.sec-consult.com/files/20081209_mssql-sp_replwritetovarbin_memwrite.txthttps://www.sec-consult.com/files/20081209_mssql-sp_replwritetovarbin_memwrite.txthttps://svn.sqlmap.org/sqlmap/trunk/sqlmap/http://sqlmap.sourceforge.net/http://sqlmap.sourceforge.net/http://bernardodamele.blogspot.com/2009/01/debug-scripts-from-binaries.htmlhttp://www.motobit.com/tips/detpg_cmdshell/http://lab.lonerunners.net/blog/sqli-writing-files-to-disk-under-postgresql -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
35/37
http://dev.mysql.com/doc/refman/5.1/en/select.htmlhttp://dev.mysql.com/doc/refman/5.1/en/string-functions.htmlhttp://dev.mysql.com/doc/refman/5.1/en/load-data.htmlhttp://dev.mysql.com/doc/refman/5.1/en/privileges-provided.htmlhttp://dev.mysql.com/doc/refman/5.1/en/string-functions.html#function_load-filehttp://dev.mysql.com/doc/refman/5.1/en/information-functions.html#function_benchmarkhttp://dev.mysql.com/doc/refman/5.1/en/miscellaneous-functions.html#function_sleephttp://dev.mysql.com/doc/refman/5.1/en/adding-udf.htmlhttp://dev.mysql.com/doc/refman/5.1/en/server-system-variables.html#sysvar_plugin_dirhttp://dev.mysql.com/doc/refman/5.1/en/news-5-1-19.htmlhttp://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.htmlhttp://dev.mysql.com/doc/refman/5.0/en/releasenotes-cs-5-0-67.htmlhttp://dev.mysql.com/doc/refman/5.0/en/create-function-udf.htmlhttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-12.htmlhttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-25.htmlhttp://msdn.microsoft.com/en-us/library/ms175046.aspxhttp://msdn.microsoft.com/en-us/library/ms188365.aspxhttp://msdn.microsoft.com/en-us/library/aa260678(SQL.80).aspxhttp://msdn.microsoft.com/en-us/library/ms175046.aspxhttp://msdn.microsoft.com/en-us/library/ms175046(SQL.90).aspxhttp://msdn.microsoft.com/en-us/library/aa260689(SQL.80).aspxhttp://support.microsoft.com/kb/899298http://support.microsoft.com/kb/899298http://support.microsoft.com/kb/899298http://support.microsoft.com/kb/104829http://support.microsoft.com/kb/875352http://support.microsoft.com/kb/875352http://www.microsoft.com/technet/security/Bulletin/MS09-004.mspxhttp://www.microsoft.com/technet/security/Bulletin/MS09-004.mspx -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
36/37
http://metasploit.com/framework/http://rpbouman.blogspot.com/2007/09/creating-mysql-udfs-with-microsoft.htmlhttp://www.phrack.org/issues.html?id=8&issue=54http://www.phrack.org/issues.html?id=8&issue=54http://pgfoundry.org/projects/npgsqlhttp://www.postgresql.org/docs/8.3/static/xfunc-c.htmlhttp://www.postgresql.org/docs/8.3/static/xplang.htmlhttp://www.postgresql.org/docs/8.3/interactive/sql-update.htmlhttp://www.postgresql.org/docs/8.3/interactive/sql-insert.htmlhttp://www.postgresql.org/docs/8.3/interactive/sql-createfunction.htmlhttp://www.postgresql.org/docs/8.3/interactive/catalog-pg-largeobject.htmlhttp://www.postgresql.org/docs/8.3/interactive/lo-funcs.htmlhttp://www.postgresql.org/docs/8.3/interactive/largeobjects.htmlhttp://www.postgresql.org/docs/8.3/interactive/functions-string.htmlhttp://www.postgresql.org/docs/8.3/interactive/sql-copy.htmlhttp://www.postgresql.org/docs/8.3/interactive/functions-srf.htmlhttp://www.postgresql.org/docs/8.3/interactive/functions-datetime.html#FUNCTIONS-DATETIME-DELAYhttp://www.postgresql.org/docs/8.3/interactive/functions-datetime.html#FUNCTIONS-DATETIME-DELAYhttp://www.postgresql.org/docs/8.3/interactive/release-8-2.htmlhttp://www.owasp.org/index.php/OWASP_Backend_Security_Project_Testing_PostgreSQLhttp://www.owasp.org/index.php/Top_10_2007-A2http://www.owasp.org/index.php/Guide_to_SQL_Injectionhttp://www.leidecker.info/projects/pgshell.shtmlhttp://dev.mysql.com/downloads/connector/odbc/5.1.htmlhttp://dev.mysql.com/downloads/connector/net/5.2.htmlhttp://dev.mysql.com/doc/refman/6.0/en/create-function-udf.htmlhttp://dev.mysql.com/doc/refman/5.1/en/create-function-udf.htmlhttp://dev.mysql.com/doc/refman/5.1/en/update.htmlhttp://dev.mysql.com/doc/refman/5.1/en/insert.html -
7/31/2019 BlackHat Europe 09 Damele a G Advanced SQL Injection Whitepaper
37/37
http://en.wikipedia.org/wiki/Library_(computing)http://en.wikipedia.org/wiki/Dynamic-link_libraryhttp://www.mysqludf.org/lib_mysqludf_sys/index.phphttp://trac.metasploit.com/browser/framework3/trunk/modules/exploits/multi/handler.rbhttp://trac.metasploit.com/browser/framework3/trunk/modules/exploits/windows/smb/smb_relay.rb