Mercadotecnia

Solo disponible en BuenasTareas
  • Páginas : 27 (6511 palabras )
  • Descarga(s) : 0
  • Publicado : 4 de septiembre de 2012
Leer documento completo
Vista previa del texto
Advanced SQL Injection In SQL Server
Applications
Chris Anley [chris@ngssoftware.com]

An NGSSoftware Insight Security Research (NISR) Publication
©2002 Next Generation Security Software Ltd
http://www.ngssoftware.com

Table of Contents
[Abstract] ............................................................................................................................ 3[Introduction] ...................................................................................................................... 3
[Obtaining Information Using Error Messages] ................................................................. 7
[Leveraging Further Access]............................................................................................. 12
[xp_cmdshell]............................................................................................................... 12
[xp_regread] .................................................................................................................. 13
[Other Extended Stored Procedures] ............................................................................ 13
[LinkedServers]............................................................................................................ 14
[Custom extended stored procedures] ........................................................................... 14
[Importing text files into tables] ................................................................................... 15
[Creating Text Files using BCP]................................................................................... 15
[ActiveX automation scripts in SQL Server] ................................................................ 15
[Stored Procedures] ........................................................................................................... 17
[Advanced SQL Injection] ................................................................................................18
[Strings without quotes] ................................................................................................ 18
[Second-Order SQL Injection] ...................................................................................... 18
[Length Limits] ............................................................................................................. 20
[Audit Evasion]............................................................................................................. 21
[Defences] ......................................................................................................................... 21
[Input Validation].......................................................................................................... 21
[SQL Server Lockdown]............................................................................................... 23
[References] ...................................................................................................................... 24
Appendix A - 'SQLCrack' ................................................................................................. 25
(sqlcrack.sql)................................................................................................................. 25

Page 2

[Abstract]
This document discusses in detail the common 'SQL injection' technique, as it applies to
the popular Microsoft Internet Information Server/Active Server Pages/SQL Server
platform. It discusses the various ways in which SQL can be 'injected' into the application
and addressessome of the data validation and database lockdown issues that are related
to this class of attack.
The paper is intended to be read by both developers of web applications which
communicate with databases and by security professionals whose role includes auditing
these web applications.
[Introduction]
Structured Query Language ('SQL') is a textual language used to interact with relational...
tracking img