Mysql cheat sheet blind sql injection functions
| intercepting filters | reading files | Index |
|
|---|---|---|---|
|
.NET binary, 286 |
386–387 CREATE ASSEMBLY function, 287
UrlScan and WebKnight, 387–388 Internet information server (IIS), 310
J RDBMS, 281
Java applications
coding behavior recognition, 103–104 dangerous funtions, 107–108
K union query, 282
keyword-blocking filter, 319–320 writing files
binary files, 295–297
M bulk copy program (BCP), 296 Microsoft access
databases, 453
csc.exe, 300 Microsoft code analysis tool .NET (CAT. DOS copy
command, 297 NET), 129 dynamic link library (DLL), 298 Microsoft SQL
Server echo commands, 297
database
file compiling, 300 O’Boyle string, 359
filesystemobject, 295
preceding characters, 360 meterpreter, 298
transact-SQL code, 359 remote database server, 298–300 wildcard
character, 360
sp_oacreate, 295 encoding output, database, 359–360 UNIX,
298
operating system commands worms, 297
.NET binary, 307–308
ipconfig command, 305
surface area configuration, 306
| 466 | ||
|---|---|---|
|
||
|
server 2005 hashes, 431 vulnerable intranet application, 276
xp_cmdshell, 429–430 writing files
MySQL hackproofing, 295
administrative privileges, 177 LOAD DATA INFILE command, 292
out-of-band communication, 198–199 output tables, 178–179
password hashes, 192
PASSWORD( ) function, 194open Web application security project (OWASP), 10–11, 371
Operating system exploition
database programmers, 272hackproofing, 278 Oracle, 301–304
HEX( ) function, 279
LOAD DATA INFILE command, 274 LOAD_FILE function, 275, 279–280
|
Index |
|
|---|---|---|
|
||
|
blind SQL injection functions, 436–437 | |
| database configuration information and | ||
|
dbms_assert, 357
O’Boyle, 356
preceding functions, 358
quote character, 357
database schema enumeration,encoding output, database, 356–359 escalating privileges, 183–184
built-in database, 117
data definition language (DDL)EXECUTE function, 119–120
information_schema database, 123
LIKE statement, 118
sp_helptext, 120–121
SQL Server 2008 database, 122–123 stored procedures, 121–122
user-controlled data, 119
Oracle response techniques, 246–247out-of-band communication, 198–199
password hashes, 192 P
PL/SQL code, 190 parameterized statement privilege types, 181–182 .NET (C#)
reading files
ADO.NET framework, 345 access files, 289 OleDbClient, 346
Java, 289–291 Java
select statements, 290 hibernate, 345
utl_ file_dir database, 289, 291
JDBC framework, 344 writing files PHP
binary code, 300 data objects, 347
DBMS_ADVISOR, 301 PDO package, 348
$input variable, 113–114 $sql variable, 112–113
awk function, 110
grep strings, 112database server attacking
cracking database passwords, 449 local file access, 449
system command execution, 448Aspect-oriented Programming (AOP), MySQL
393–394 FALSE inference, 243
CASE statement, 246 reviewing source code
techniques $param, 97–98
URL/page-level strategies
HTTP Handler configuration, 392 page overriding, 392–393
substitute servlet configuration, 393 web application firewall (WAF),command-line utilities, 124
control fl ow graph (CFG), 125 LAPSE, 127–128
lexical analysis, 124–125
Microsoft analyzer, 128–129
|
Index |
|
|
|---|---|---|---|
| authid clause, 117 |
static analysis, 131–132
yet another source code analyzer
(YASCA), 125–126
coding behavior recognition
build and execute statements, 99
C# applications, 104–105
dynamic string-building techniques, 98 EXECUTE function, 100–101EXECUTE function, 119–120
information_schema database, 123
LIKE statement, 118
sp_helptext, 120–121
SQL Server 2008 database, 122–123 stored procedures, 121–122
user-controlled data, 119
security-sensitive function, 96–97string concatenation, 99 user-controlled input, 101 dangerous funtions
sanitizing filters, 324
SDL. See Microsoft security
development lifecycleHTTP request and response, 329–330 second-order vulnerabilities, 332–333
data process Secure sockets layer (SSL), 407
Java, 114–115 simple object access protocol (SOAP),
PHP, 110–114 310–311
built-in command, 16
