D4rkn3S Posted August 25, 2015 Share Posted August 25, 2015 Introduction SQL Injections are without question one of the most dangerous web vulnerabilities around. With all of our information stored in databases, almost every detail about our lives is at the mercy of a simple HTTP request. As a solution, many companies implement Web Application Firewalls and Intrusion Detection/Prevention Systems to try to protect themselves. Unfortunately, these counter measures are not sufficient and can easily be circumvented. This is all possible due to optimization and obfuscation techniques which have been perfected over the last 15 years since the discovery of this lethal vulnerabil ity. Even though firewalls cannot not be relied on to prevent all attacks, some firewalls can be effective when used as a monitoring tool. It is not unheard of for an attacker to be detected and blocked during mid-attack, due to firewall triggers and an alert security team. Because of this, a SQL Injection that has been optimized and obfuscated has a much higher probability of being successful; it will extract the data faster and remain undetected for longer. In this paper we will discuss and compare a variety of optimization methods which can be highly effective when exploiting Blind SQL Injections. We will also introduce SQL queries which can be used to dump the whole database with just one request, making it an extremely easy to quickly retrieve data while going unnoticed. Furthermore, we will be reviewing several obfuscation techniques wh ich can make a SQL Injection unrecognizable to firewalls. When combined, these techniques create a deadly attack which can be devastating. [HIDE-THANKS] This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] Link to comment Share on other sites More sharing options...
Guest Posted December 21, 2015 Share Posted December 21, 2015 Re: SQL Injection Optimization and Obfuscation Techniques thank you bro Link to comment Share on other sites More sharing options...
CrypterHacker Posted December 21, 2015 Share Posted December 21, 2015 Re: SQL Injection Optimization and Obfuscation Techniques thank you bro READ THE RULES http://level23hacktools.com/forum/showthread.php?27696-Reglas-Rules-Leer-Las-Reglas-Generales-Del-Foro!&p=55279#post55279 11.- You are not allowed to ask people to (Very good, thank you, great share, nice share, down, etc.) your post or give you reputation. On the first instance the user will be warned and if the user continues to ask they will be banned. Link to comment Share on other sites More sharing options...
Recommended Posts