- Page 2 and 3: Justin Clarke Lead Author and Techn
- Page 4 and 5: Lead Author and Technical Editor Ju
- Page 6 and 7: exploiting, and correcting software
- Page 8 and 9: Dafydd Stuttard is the author of th
- Page 10 and 11: Contents Chapter 1 What Is SQL Inje
- Page 12 and 13: Contents xi LAPSE. ................
- Page 14 and 15: Contents xiii Generic MySQL Binary
- Page 16 and 17: Contents xv Chapter 8 Code-Level De
- Page 18 and 19: Contents xvii Increase the Verbosit
- Page 20 and 21: Contents xix Ingres Cheat Sheet....
- Page 22 and 23: Chapter 1 What Is SQL Injection? So
- Page 24 and 25: What Is SQL Injection? • Chapter
- Page 26 and 27: What Is SQL Injection? • Chapter
- Page 28 and 29: What Is SQL Injection? • Chapter
- Page 30 and 31: execute the query against the datab
- Page 32 and 33: What Is SQL Injection? • Chapter
- Page 34 and 35: What Is SQL Injection? • Chapter
- Page 36 and 37: What Is SQL Injection? • Chapter
- Page 38 and 39: Incorrectly Handled Query Assembly
- Page 40 and 41: } } reader = cmd.ExecuteReader(); r
- Page 42 and 43: What Is SQL Injection? • Chapter
- Page 44 and 45: What Is SQL Injection? • Chapter
- Page 46 and 47: What Is SQL Injection? • Chapter
- Page 48 and 49: What Is SQL Injection? • Chapter
- Page 50 and 51: Chapter 2 Testing for SQL Injection
- Page 54 and 55: Testing for SQL Injection • Chapt
- Page 56 and 57: Testing for SQL Injection • Chapt
- Page 58 and 59: Testing for SQL Injection • Chapt
- Page 60 and 61: Testing for SQL Injection • Chapt
- Page 62 and 63: Testing for SQL Injection • Chapt
- Page 64 and 65: SELECT * FROM products WHERE idprod
- Page 66 and 67: Testing for SQL Injection • Chapt
- Page 68 and 69: Testing for SQL Injection • Chapt
- Page 70 and 71: Testing for SQL Injection • Chapt
- Page 72 and 73: Testing for SQL Injection • Chapt
- Page 74 and 75: Testing for SQL Injection • Chapt
- Page 76 and 77: Testing for SQL Injection • Chapt
- Page 78 and 79: Testing for SQL Injection • Chapt
- Page 80 and 81: Testing for SQL Injection • Chapt
- Page 82 and 83: Testing for SQL Injection • Chapt
- Page 84 and 85: Testing for SQL Injection • Chapt
- Page 86 and 87: Testing for SQL Injection • Chapt
- Page 88 and 89: Testing for SQL Injection • Chapt
- Page 90 and 91: Testing for SQL Injection • Chapt
- Page 92 and 93: Figure 2.15 Exploitation Terminatin
- Page 94 and 95: Testing for SQL Injection • Chapt
- Page 96 and 97: Testing for SQL Injection • Chapt
- Page 98 and 99: Testing for SQL Injection • Chapt
- Page 100 and 101: Time Delays Testing for SQL Injecti
- Page 102 and 103:
Testing for SQL Injection • Chapt
- Page 104 and 105:
Testing for SQL Injection • Chapt
- Page 106 and 107:
Testing for SQL Injection • Chapt
- Page 108 and 109:
Testing for SQL Injection • Chapt
- Page 110 and 111:
Testing for SQL Injection • Chapt
- Page 112 and 113:
Summary Testing for SQL Injection
- Page 114 and 115:
Testing for SQL Injection • Chapt
- Page 116 and 117:
Chapter 3 Reviewing Code for SQL In
- Page 118 and 119:
Reviewing Code for SQL Injection
- Page 120 and 121:
Reviewing Code for SQL Injection
- Page 122 and 123:
Reviewing Code for SQL Injection
- Page 124 and 125:
Reviewing Code for SQL Injection
- Page 126 and 127:
Reviewing Code for SQL Injection
- Page 128 and 129:
mssql_bind() − adds a parameter t
- Page 130 and 131:
OdbcCommand() − used to construct
- Page 132 and 133:
Reviewing Code for SQL Injection
- Page 134 and 135:
Reviewing Code for SQL Injection
- Page 136 and 137:
Reviewing Code for SQL Injection
- Page 138 and 139:
Reviewing PL/SQL and T-SQL Code Rev
- Page 140 and 141:
Reviewing Code for SQL Injection
- Page 142 and 143:
Reviewing Code for SQL Injection
- Page 144 and 145:
Reviewing Code for SQL Injection
- Page 146 and 147:
Reviewing Code for SQL Injection
- Page 148 and 149:
■■ ■■ ■■ ■■ URL: ht
- Page 150 and 151:
■■ ■■ Platform: Windows Pri
- Page 152 and 153:
Reviewing Code for SQL Injection
- Page 154 and 155:
Summary Reviewing Code for SQL Inje
- Page 156 and 157:
Frequently Asked Questions Reviewin
- Page 158 and 159:
Chapter 4 Exploiting SQL Injection
- Page 160 and 161:
Exploiting SQL Injection • Chapte
- Page 162 and 163:
Exploiting SQL Injection • Chapte
- Page 164 and 165:
Exploiting SQL Injection • Chapte
- Page 166 and 167:
Exploiting SQL Injection • Chapte
- Page 168 and 169:
Exploiting SQL Injection • Chapte
- Page 170 and 171:
Exploiting SQL Injection • Chapte
- Page 172 and 173:
Exploiting SQL Injection • Chapte
- Page 174 and 175:
Exploiting SQL Injection • Chapte
- Page 176 and 177:
Exploiting SQL Injection • Chapte
- Page 178 and 179:
Exploiting SQL Injection • Chapte
- Page 180 and 181:
Exploiting SQL Injection • Chapte
- Page 182 and 183:
Approach 3: Content-based Exploitin
- Page 184 and 185:
Exploiting SQL Injection • Chapte
- Page 186 and 187:
Exploiting SQL Injection • Chapte
- Page 188 and 189:
Error Messages in Oracle Exploiting
- Page 190 and 191:
Exploiting SQL Injection • Chapte
- Page 192 and 193:
Exploiting SQL Injection • Chapte
- Page 194 and 195:
Exploiting SQL Injection • Chapte
- Page 196 and 197:
Exploiting SQL Injection • Chapte
- Page 198 and 199:
MySQL Exploiting SQL Injection •
- Page 200 and 201:
Such a query will return output sim
- Page 202 and 203:
Exploiting SQL Injection • Chapte
- Page 204 and 205:
SELECT name,spare4 FROM sys.user$ w
- Page 206 and 207:
Exploiting SQL Injection • Chapte
- Page 208 and 209:
[+] Bruteforcing the sa password. T
- Page 210 and 211:
Exploiting SQL Injection • Chapte
- Page 212 and 213:
Exploiting SQL Injection • Chapte
- Page 214 and 215:
Exploiting SQL Injection • Chapte
- Page 216 and 217:
Exploiting SQL Injection • Chapte
- Page 218 and 219:
select user_name,web_password_raw f
- Page 220 and 221:
Exploiting SQL Injection • Chapte
- Page 222 and 223:
Exploiting SQL Injection • Chapte
- Page 224 and 225:
HTTP/DNS Exploiting SQL Injection
- Page 226 and 227:
Exploiting SQL Injection • Chapte
- Page 228 and 229:
Exploiting SQL Injection • Chapte
- Page 230 and 231:
Exploiting SQL Injection • Chapte
- Page 232 and 233:
Exploiting SQL Injection • Chapte
- Page 234 and 235:
Exploiting SQL Injection • Chapte
- Page 236 and 237:
Summary Exploiting SQL Injection
- Page 238 and 239:
Escalating Privileges Exploiting SQ
- Page 240 and 241:
Chapter 5 Blind SQL Injection Explo
- Page 242 and 243:
Blind SQL Injection Exploitation
- Page 244 and 245:
Blind SQL Injection Exploitation
- Page 246 and 247:
Common Blind SQL Injection Scenario
- Page 248 and 249:
Blind SQL Injection Exploitation
- Page 250 and 251:
Blind SQL Injection Exploitation
- Page 252 and 253:
1. Is the byte greater than 127? No
- Page 254 and 255:
Blind SQL Injection Exploitation
- Page 256 and 257:
Using Time-Based Techniques Blind S
- Page 258 and 259:
Blind SQL Injection Exploitation
- Page 260 and 261:
Blind SQL Injection Exploitation
- Page 262 and 263:
Blind SQL Injection Exploitation
- Page 264 and 265:
Blind SQL Injection Exploitation
- Page 266 and 267:
Blind SQL Injection Exploitation
- Page 268 and 269:
Blind SQL Injection Exploitation
- Page 270 and 271:
Blind SQL Injection Exploitation
- Page 272 and 273:
Blind SQL Injection Exploitation
- Page 274 and 275:
Blind SQL Injection Exploitation
- Page 276 and 277:
Blind SQL Injection Exploitation
- Page 278 and 279:
SELECT * FROM unknowntable UNION SE
- Page 280 and 281:
Blind SQL Injection Exploitation
- Page 282 and 283:
Blind SQL Injection Exploitation
- Page 284 and 285:
Figure 5.13 Extracting Database Log
- Page 286 and 287:
Blind SQL Injection Exploitation
- Page 288 and 289:
Summary Blind SQL Injection Exploit
- Page 290 and 291:
Blind SQL Injection Exploitation
- Page 292 and 293:
Chapter 6 Exploiting the Operating
- Page 294 and 295:
Exploiting the Operating System •
- Page 296 and 297:
Exploiting the Operating System •
- Page 298 and 299:
Exploiting the Operating System •
- Page 300 and 301:
Exploiting the Operating System •
- Page 302 and 303:
Exploiting the Operating System •
- Page 304 and 305:
Exploiting the Operating System •
- Page 306 and 307:
[operating systems] multi(0)disk(0)
- Page 308 and 309:
Figure 6.13 Enabling CLR Integratio
- Page 310 and 311:
Oracle Exploiting the Operating Sys
- Page 312 and 313:
) c / ) ) ), bfilename('GETPWDIR',
- Page 314 and 315:
As expected, this creates sp.txt fi
- Page 316 and 317:
Exploiting the Operating System •
- Page 318 and 319:
Exploiting the Operating System •
- Page 320 and 321:
2 443 [+] Calling msfpayload3 to c
- Page 322 and 323:
DBMS_ADVISOR is probably the shorte
- Page 324 and 325:
EXECUTE IMMEDIATE q'!drop directory
- Page 326 and 327:
Microsoft SQL Server Exploiting the
- Page 328 and 329:
Exploiting the Operating System •
- Page 330 and 331:
Figure 6.22 Creating an UNSAFE Bina
- Page 332 and 333:
Exploiting the Operating System •
- Page 334 and 335:
Executing Operating System Commands
- Page 336 and 337:
Endnotes Exploiting the Operating S
- Page 338 and 339:
Chapter 7 Advanced Topics Solutions
- Page 340 and 341:
Using Case Variation Advanced Topic
- Page 342 and 343:
4. The application URL decodes the
- Page 344 and 345:
Advanced Topics • Chapter 7 323 D
- Page 346 and 347:
Advanced Topics • Chapter 7 325 I
- Page 348 and 349:
Advanced Topics • Chapter 7 327 w
- Page 350 and 351:
Advanced Topics • Chapter 7 329 N
- Page 352 and 353:
Advanced Topics • Chapter 7 331 m
- Page 354 and 355:
Advanced Topics • Chapter 7 333 1
- Page 356 and 357:
Using Hybrid Attacks Advanced Topic
- Page 358 and 359:
Exploiting Authenticated Vulnerabil
- Page 360 and 361:
Advanced Topics • Chapter 7 339
- Page 362 and 363:
Chapter 8 Code-Level Defenses Solut
- Page 364 and 365:
Code-Level Defenses • Chapter 8 3
- Page 366 and 367:
Code-Level Defenses • Chapter 8 3
- Page 368 and 369:
Code-Level Defenses • Chapter 8 3
- Page 370 and 371:
END; Execute immediate 'SELECT coun
- Page 372 and 373:
Code-Level Defenses • Chapter 8 3
- Page 374 and 375:
Validating Input in Java Code-Level
- Page 376 and 377:
Code-Level Defenses • Chapter 8 3
- Page 378 and 379:
Code-Level Defenses • Chapter 8 3
- Page 380 and 381:
Code-Level Defenses • Chapter 8 3
- Page 382 and 383:
Code-Level Defenses • Chapter 8 3
- Page 384 and 385:
Code-Level Defenses • Chapter 8 3
- Page 386 and 387:
Code-Level Defenses • Chapter 8 3
- Page 388 and 389:
Code-Level Defenses • Chapter 8 3
- Page 390 and 391:
Code-Level Defenses • Chapter 8 3
- Page 392 and 393:
UTL_SMTP.HELO(v_connection,'mailhos
- Page 394 and 395:
Summary Code-Level Defenses • Cha
- Page 396 and 397:
Code-Level Defenses • Chapter 8 3
- Page 398 and 399:
Chapter 9 Platform-Level Defenses S
- Page 400 and 401:
Platform-Level Defenses • Chapter
- Page 402 and 403:
Platform-Level Defenses • Chapter
- Page 404 and 405:
Figure 9.3 Whitelist Rule to Patch
- Page 406 and 407:
Platform-Level Defenses • Chapter
- Page 408 and 409:
Platform-Level Defenses • Chapter
- Page 410 and 411:
Application Filters Platform-Level
- Page 412 and 413:
Platform-Level Defenses • Chapter
- Page 414 and 415:
Platform-Level Defenses • Chapter
- Page 416 and 417:
Platform-Level Defenses • Chapter
- Page 418 and 419:
Use Strong Cryptography to Protect
- Page 420 and 421:
Platform-Level Defenses • Chapter
- Page 422 and 423:
Platform-Level Defenses • Chapter
- Page 424 and 425:
Platform-Level Defenses • Chapter
- Page 426 and 427:
Platform-Level Defenses • Chapter
- Page 428 and 429:
Platform-Level Defenses • Chapter
- Page 430 and 431:
Platform-Level Defenses • Chapter
- Page 432 and 433:
Additional Deployment Consideration
- Page 434 and 435:
Platform-Level Defenses • Chapter
- Page 436 and 437:
Chapter 10 References Solutions in
- Page 438 and 439:
References • Chapter 10 417 For t
- Page 440 and 441:
References • Chapter 10 419 It is
- Page 442 and 443:
GROUP BY Statement References • C
- Page 444 and 445:
References • Chapter 10 423 you a
- Page 446 and 447:
References • Chapter 10 425 Table
- Page 448 and 449:
Blind SQL Injection Functions: Micr
- Page 450 and 451:
References • Chapter 10 429 the S
- Page 452 and 453:
Microsoft SQL Server 2005 Hashes Re
- Page 454 and 455:
References • Chapter 10 433 Table
- Page 456 and 457:
References • Chapter 10 435 If MA
- Page 458 and 459:
References • Chapter 10 437 Table
- Page 460 and 461:
TYPE oracle_loader DEFAULT DIRECTOR
- Page 462 and 463:
References • Chapter 10 441 When
- Page 464 and 465:
References • Chapter 10 443 Table
- Page 466 and 467:
Table 10.20 Continued. Troubleshoot
- Page 468 and 469:
Enumerating Database Configuration
- Page 470 and 471:
Local File Access References • Ch
- Page 472 and 473:
References • Chapter 10 451 Infor
- Page 474 and 475:
References • Chapter 10 453 Table
- Page 476 and 477:
■■ ■■ ■■ ■■ Referen
- Page 478 and 479:
Troubleshooting SQL Injection Attac
- Page 480 and 481:
A abstract syntax tree (AST), 125 a
- Page 482 and 483:
Index 461 confirming and terminatin
- Page 484 and 485:
Index 463 errors application error,
- Page 486 and 487:
Index 465 intercepting filters appl
- Page 488 and 489:
Index 467 APEX, 196-197 Oracle inte
- Page 490 and 491:
Index 469 mysql_query( ) function,
- Page 492 and 493:
Index 471 blind SQL injection funct
- Page 494:
Index 473 transformation functions,