Difference between revisions of "Talk:SQL injection"

Revision as of 02:35, 9 August 2012

Modern day SQL injection obstacles and countermeasures

SQL injection/countermeasures

Configuration & environment challenges

SQL injection/countermeasures/environment

IDS, IPS, and web application firewalls

SQL injection/countermeasures/environment/security systems

Common web application firewall HTTPD modules

SQL injection/countermeasures/environment/common web application firewalls

Improper sanitizing

SQL injection/countermeasures/sanitizing

Partial sanitizing

SQL injection/countermeasures/sanitizing/partial

Deprecated sanitizing

SQL injection/countermeasures/sanitizing/deprecated

Basic remote tests for SQL injection vulnerabilities

SQL injection/testing

Injection points

SQL injection/testing/injection locations

Input testing

SQL injection/testing/inputs

Your first where clause injection

SQL injection/testing/inputs/where clause

Reconstructing injected queries

SQL injection/testing/query reconstruction

Bypassing modern SQL injection security measures

SQL injection/evasion

Basic signature evasion

SQL injection/evasion/basic signatures

Whitespace placement

SQL injection/evasion/basic signatures/whitespaces

Integer and string size delimiters

SQL injection/evasion/basic signatures/scalar sizes

Switching up the data types

SQL injection/evasion/basic signatures/data types

Arithmetic tests

SQL injection/evasion/basic signatures/arithmetic tests

Capitalization

SQL injection/evasion/basic signatures/case sensitivity

Extending conditional statements

SQL injection/evasion/basic signatures/conditional statements

Defeating partial sanitizing

SQL injection/evasion/sanitizing

       5.2.1 Quotes
       5.2.2 Whitespace filtering

Bypassing XSS filters during SQL injection

SQL injection/evasion/xss filters

       5.3.1 Testing with BETWEEN
       5.3.2 Testing with Regular Expression Operators (REGEXP, ~, and RLIKE)

6 Intermediate SQL injection

   6.1 Automation theory
   6.2 Basic Injection : Union Select
       6.2.1 Determining the number of columns
       6.2.2 Extracting data
   6.3 Intermediate testing: "SELECT" ... LIMIT clause injections
   6.4 Intermediate injection: information retrieval via verbose errors

7 Advanced: manual boolean enumeration

   7.1 Using Ascii codes and the ascii() function for enumeration
       7.1.1 substring()
       7.1.2 Version fingerprinting with ascii-based enumeration
           7.1.2.1 In theory
           7.1.2.2 In Practice
   7.2 Using Regular Expressions for Boolean enumeration
       7.2.1 Getting started with regular expressions
       7.2.2 Version fingerprinting using compatible regular expressions

8 Expert: Timing attacks for automated boolean enumeration

   8.1 MySQL boolean timing attacks
       8.1.1 benchmark() and related issues
       8.1.2 Evasive sleep() based boolean enumeration with regular expressions
           8.1.2.1 Testing for the ability to sleep():
           8.1.2.2 Controlling sleep() for enumeration:
           8.1.2.3 Using sleep() to map a table name with regular expressions
   8.2 PostgreSQL Boolean Timing Attacks
       8.2.1 Testing for access to pg_sleep()
       8.2.2 Using pg_sleep() with alternative comparisons for evasive boolean enumeration

9 Expert: Automated Single-byte exfiltration

   9.1 Timing-based single-byte exfiltration
   9.2 The comparative precomputation attack

10 Further penetration

   10.1 Obtaining direct database access
   10.2 Obtaining filesystem access
   10.3 Obtaining code execution

11 Cheat Sheets

   11.1 Vulnerability testing
       11.1.1 Universal true and false statements
   11.2 MySQL syntax reference
       11.2.1 Mysql versions >= 5 user schema mapping (unprivileged)
       11.2.2 Privileged MySQL (any version) user
   11.3 PostgreSQL syntax reference
       11.3.1 PostgreSQL schema mapping
   11.4 Microsoft SQL syntax reference
       11.4.1 Microsoft SQL schema mapping (unprivileged)
       11.4.2 Privileged microsoft SQL injection

12 Patching SQL Injection Vulnerabilities

@@ Line 23: / Line 23: @@
 :Reconstructing injected queries
 :*[[SQL injection/testing/query reconstruction]]
+Bypassing modern SQL injection security measures
+*[[SQL injection/evasion]]
+:Basic signature evasion
+:*[[SQL injection/evasion/basic signatures]]
+::Whitespace placement
+::*[[SQL injection/evasion/basic signatures/whitespaces]]
+::Integer and string size delimiters
+::*[[SQL injection/evasion/basic signatures/scalar sizes]]
+::Switching up the data types
+::*[[SQL injection/evasion/basic signatures/data types]]
+::Arithmetic tests
+::*[[SQL injection/evasion/basic signatures/arithmetic tests]]
+::Capitalization
+::*[[SQL injection/evasion/basic signatures/case sensitivity]]
+::Extending conditional statements
+::*[[SQL injection/evasion/basic signatures/conditional statements]]
+Defeating partial sanitizing
-Bypassing modern SQL injection security measures
+* [[SQL injection/evasion/sanitizing]]
-.1 Basic signature evasion
-.1.1 Whitespace placement
-.1.2 Integer and string size delimiters
-.1.3 Switching up the data types
-.1.4 Arithmetic tests
-.1.5 Capitalization
-.1.6 Extending conditional statements
-.2 Defeating partial sanitizing
 .2.1 Quotes
 .2.2 Whitespace filtering
-.3 Bypassing XSS filters during SQL injection
+Bypassing XSS filters during SQL injection
+* [[SQL injection/evasion/xss filters]]
 .3.1 Testing with BETWEEN
 .3.2 Testing with Regular Expression Operators (REGEXP, ~, and RLIKE)

Difference between revisions of "Talk:SQL injection"

Revision as of 02:35, 9 August 2012

Navigation menu

Views

Personal tools

Wiki

Community

Search

Tools