Date: Tue, 21 Sep 2004 01:49:14 +0200
From: Stefano Di Paola <[email protected]>
To: Bugtraq <[email protected]>
Subject: And More Advanced SQL Injection...
Cc: VulnDev <[email protected]>,
WebAppSec <[email protected]>,
penTest <[email protected]>
Good morning,
I'm proud to announce that a new White Paper has been released.
English version can be downloaded on : http://www.wisec.it/docs.php
Title:
"...and More Advanced Sql Injection
SiXSS, SiHRS and the Client Side SQL Injection"
Abstract:
How much a Sql Injection is a hard vulnerability?
It is supposed to be a way of gaining server side informations,
execution of arbitrary commands, gaining of admin privileges in a web
based forum and so on..
In short SQL Injection is supposed to be a server side vulnerability but
sometimes it could be a client side one too.
Public and home-made CMS (Content Management System) are widely used on
web servers, for a lot of reasons; one reason for all is text and URLs
indexing and retrieving.
This paper addresses a couple of alternative ways of using SQL
Injection.
Let's suppose we are the developers of a CMS (Content Management System)
and this CMS was used by a bank...
Let's suppose we accidentally left a SQL Injection vulnerability on a
page.
But wait! No problem! We created a user with no file permissions and so
on, no sensitive information on the database, no web forum and nothing
left on the server...
It may still remain some problems...
Hope you will enjoy.
Any comments will be appreciated.
Regards,
Stefano Di Paola
....----oOOo-------oOOo----....
Stefano Di Paola
Software Engineer
stefano.dipaola_at_wisec_dot_it
stefano.dipaola1_at_tin_dot_it
--------------------------------
