Out-of-band Sql Injection Attacks (#hacktrickconf)

•

3 likes•1,745 views

Ömer Çıtak

Software

Out-of-band
SQL Injection Attacks
Omer Citak
Hacktrick, May 2017

whoami
Security Researcher @ Netsparker Ltd.
Developer @ Another Times
Writer @ Ethical Hacking “Offensive & Defensive” Book
Blog: omercitak.com
All Social Platform: @Om3rCitak

sql injection
● Inband
○ Error Based
● Indirect Inference
○ Boolean Based
○ Blind (Time Based)
● Out-of-band
○ Blind (HTTP, DNS)

sql injection
● Inband
○ Error Based
....
ini_set('display_errors', 'On');
error_reporting(E_ALL);
$sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'";
$results = mysql_query($sql);
...

sql injection
● Indirect Inference
○ Boolean Based
....
ini_set('display_errors', 'Off');
error_reporting(~E_ALL);
$sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'";
$results = mysql_query($sql);
$row_count = mysql_num_rows($results);
if($row_count > 0)
echo 'user exist';
else
echo 'user not exist';
...

sql injection
● Indirect Inference
○ Boolean Based

sql injection
● Indirect Inference
○ Blind (Time Based)
....
ini_set('display_errors', 'Off');
error_reporting(~E_ALL);
$sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'";
$results = mysql_query($sql);
...

sql injection
● Indirect Inference
○ Blind (Time Based)

sql injection
● Indirect Inference
○ Blind (Time Based)
payload> ay' and if(substring(user(),1,1) = 'r', sleep(3), false) --

sql injection
● Indirect Inference
○ Blind (Time Based)
payload> ay' and if(substring(user(),1,1) = 'a', sleep(3), false) --

sql injection
● Out-of-band
○ Blind (HTTP, DNS)
....
ini_set('display_errors', 'Off');
error_reporting(~E_ALL);
$sql = "SELECT * FROM users WHERE (username like '%".$_GET["param"]."%')";
$results = pg_query($sql);
...

demo
● dependencies;
○ 1 DNS server => 207.154.219.61
■ Ubuntu 16
■ Spiderlab Responder
○ 1 app & database server => 207.154.246.88
■ Ubuntu 16
■ Php7
■ Postgresql 9.5
and 1 unit attacker

thanks
www.omercitak.com
All Social Platform: @Om3rCitak

Similar to Out-of-band Sql Injection Attacks (#hacktrickconf)

Out-of-band SQL Injection Attacks (#cypsec'17)

Ömer Çıtak

This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.

Web Security 101

Michael Peters

Php Security - OWASP

Mizno Kruge

PHP Secure Programming

Balavignesh Kasinathan

Greensql2007

Kaustav Sengupta

Code injection and green sql

Kaustav Sengupta

PHPUG Presentation

Damon Cortesi

DEFCON 23 - Lance buttars Nemus - sql injection on lamp

Felipe Prado

Prevention of SQL Injection Attack in Web Application with Host Language

IRJET Journal

SQL Injection in PHP

Dave Ross

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto

Pichaya Morimoto

The UNM Information Architects and the UNM Arts LAB invite you to to a presentation by ABQ Web Geeks' own Chris Kenworthy at the UNM SUB this Wednesday the 27th of August. Chris will be discussing SQL Injection and Cross Site Scripting Vulnerabilities. These types of attacks against websites are both common and potentially devastating. Chris will bring us up to speed on them and give us some tips on how to prevent them. Please mark your calendars for Wednesday, August 27 from 10:00 - 11:30 at the UNM Student Union Building, Lobo Rooms A & B.

Protecting Your Web SiteFrom SQL Injection & XSS

skyhawk133

ASP.NET Web Security

SharePointRadi

SQL Injection in action with PHP and MySQL

Pradeep Kumar

Simple web security

裕夫傅

Посмотрим на новый веб-фреймворк Microsoft с точки зрения безопасности. ASP.NET Core является продолжением развития платформы ASP.NET и, в отличие от старшего брата, код его полностью открыт и поддерживается сообществом. Архитектура фреймворка была переосмыслена, появились новые security features, часть существующих сильно переписана. В докладе поговорим об этих различиях и разберем как теперь работают встроенные механизмы защиты от XSS и CSRF, какие возможности криптографии доступны из коробки, как устроено управление сессиями. Доклад будет интересен в первую очередь разработчикам, пишущим защищенные ASP.NET-приложения, специалистам, проводящим security review .NET-проектов, и всем желающим разобраться в реализации компонентов безопасности на примере этой платформы.

.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core

NETFest

Security: Odoo Code Hardening

Odoo

This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We will explore several of the OWASP top 10 attack vectors, such as SQL injection, XSS, CSRF, and session hijacking. Each topic will be approached from the perspective of an attacker to learn how these vulnerabilities are detected and exploited using several realistic examples. We will then apply this knowledge to learn how web applications can be secured against such vulnerabilities.

Hacking Your Way To Better Security - php[tek] 2016

Colin O'Dell

Php & Web Security - PHPXperts 2009

mirahman

Ppt on sql injection

ashish20012

Similar to Out-of-band Sql Injection Attacks (#hacktrickconf) (20)

Out-of-band SQL Injection Attacks (#cypsec'17)

Web Security 101

Php Security - OWASP

PHP Secure Programming

Greensql2007

Code injection and green sql

PHPUG Presentation

DEFCON 23 - Lance buttars Nemus - sql injection on lamp

Prevention of SQL Injection Attack in Web Application with Host Language

SQL Injection in PHP

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto

Protecting Your Web SiteFrom SQL Injection & XSS

ASP.NET Web Security

SQL Injection in action with PHP and MySQL

Simple web security

.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core

Security: Odoo Code Hardening

Hacking Your Way To Better Security - php[tek] 2016

Php & Web Security - PHPXperts 2009

Ppt on sql injection

Recently uploaded

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI

ABDERRAOUF MEHENNI

Diamond Application Development Crafting Solutions with Precision

SolGuruz

Document contains steps to getting ups and running quickly with MyTimeClock Employee Scheduling and Time Keeping Cloud Software as a Service Solution, Web version. Try MyTimeClock or any of our other software packages risk-free by registering for a FREE ACCOUNT at https://register.myintellisource.com/. If you would like more information about our company or its software, follow us on Facebook, Instagram, LinkedIn, Twitter, or YouTube, visit our home page at https://www.myintellisource.com/, or send us an email at cs@myintellisource.com. Take care and have a great day.

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...

MyIntelliSource, Inc.

Introducing MyIntelliAccount™ Cloud Accounting Software as a Service (SaaS) , the complete system for simplifying business accounting needs. MyIntelliAccount Cloud Accounting SaaS is an easy to understand and easy to use application and system designed for the Web with supporting applications for iOS and Android devices. Designed to work like a natural extension of your web browser, the user interface for MyIntelliAccount Cloud Accounting SaaS is intuitive and thoughtfully organized to help you easily navigate and access your business accounting information. Because our company takes the time to research, study, and understand the applications we develop, we are confident that once you use MyIntelliAccount Cloud Accounting SaaS , you will be asking yourself how you ever got along without it.

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...

MyIntelliSource, Inc.

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

5 Signs You Need a Fashion PLM Software.pdf

Wave PLM

👉 𝑾𝑰𝑳𝑳 𝑷𝑹𝑶𝑽𝑰𝑫𝑬 𝒀𝑶𝑼 𝑾𝑰𝑻𝑯 𝑺𝑬𝑿𝒀 𝑴𝑶𝑫𝑬𝑳𝑺 𝑾𝑯𝑶 𝑾𝑰𝑳𝑳 𝑫𝑨𝑵𝑪𝑬 & 𝑫𝑹𝑰𝑵𝑲 𝑾𝑰𝑻𝑯 𝒀𝑶𝑼 𝑨𝑵𝑫 𝑨𝑳𝑺𝑶 𝑷𝑹𝑶𝑽𝑰𝑫𝑬 𝒀𝑶𝑼 𝑺𝑬𝑿𝑼𝑨𝑳 𝑩𝑶𝑫𝒀 𝑻𝑶 𝑩𝑶𝑫𝒀 𝑴𝑨𝑺𝑺𝑨𝑮𝑬 𝑾𝑰𝑻𝑯 𝑺𝑬𝑿. 👉𝒀𝑶𝑼 𝑴𝑨𝒀 𝑻𝑨𝑲𝑬 𝑻𝑯𝑬𝑴 𝑶𝑼𝑻 𝑭𝑶𝑹 𝑨 𝑷𝑨𝑹𝑻𝒀 𝑶𝑹 𝑨𝑳𝑺𝑶 𝑭𝑶𝑹 𝑨𝑵𝒀 𝑷𝑹𝑰𝑽𝑨𝑻𝑬 𝑷𝑨𝑹𝑻𝑰𝑬𝑺. 👉𝑻𝑯𝑬𝑺𝑬 𝑮𝑰𝑹𝑳𝑺 𝑨𝑹𝑬 𝑰𝑵𝑻𝑬𝑹𝑬𝑺𝑻𝑬𝑫 𝑰𝑵 𝑯𝑨𝑽𝑰𝑵𝑮 𝑺𝑶𝑴𝑬 𝑭𝑼𝑵 𝑾𝑰𝑻𝑯 𝒀𝑶𝑼 𝑨𝑵𝑫 𝑾𝑰𝑳𝑳 𝑬𝑵𝑺𝑼𝑹𝑬 𝑻𝑯𝑨𝑻 𝒀𝑶𝑼 𝑯𝑨𝑽𝑬 𝑪𝑶𝑴𝑷𝑳𝑬𝑻𝑬 𝑭𝑼𝑵. 28/April/2024 {{🎗️SCH🎗️}} 8923113531 How to book call girls The Booking process is particularly time-saving and more comfortable for us. Below mentioned are the steps you need to follow to hire our call girl: Step 1 - Visit our Call Girls Service website Step 2 - check for the portfolios of our sexy and hot call girls Step 3 - check on the services provided by the specific call girls Step 4 - Once you have selected the call girls and respective services, go to the contact us page. Step 5 - on the contact page, you will get our phone number, WhatsApp number, and email address. You can choose any one of them to connect with us. Call Us – 8923113531 ✣ ✤ ✥ ✦ 𝑻𝑰𝑴𝑬 𝑾𝑨𝑺𝑻𝑬𝑹𝑺 𝑨𝑵𝑫 𝑩𝑨𝑹𝑮𝑨𝑰𝑵𝑬𝑹𝑺 𝑨𝑹𝑬 𝑷𝑳𝑬𝑨𝑺𝑬 𝑬𝑿𝑪𝑼𝑺𝑬, 𝑾𝑬 𝑹𝑬𝑺𝑷𝑬𝑪𝑻 𝒀𝑶𝑼𝑹 𝑺𝑨𝑭𝑬𝑻𝒀 𝑨𝑵𝑫 𝑷𝑹𝑰𝑽𝑨𝑪𝒀 𝑨𝑵𝑫 𝑬𝑿𝑷𝑬𝑪𝑻 𝑻𝑯𝑬 𝑺𝑨𝑴𝑬 𝑭𝑹𝑶𝑴 𝒀𝑶𝑼.✣ ✤ ✥ ✦ Duration Normal Girls Housewives High-Profile Models (Celebrities) 1 Shot ₹ 8,000 ₹ 10,000 ₹ 15,000 2 Shots ₹ 15,000 ₹ 15,000 ₹ 25,000 Full Day ₹ 35,000 ₹ 35,000 ₹ 40,000 Full Night ₹ 40,000 ₹ 40,000 ₹ 50,000 Weekend ₹ 45,000 ₹ 45,000 ₹ 50,000 Party Nights ₹ 50,000 ₹ 50,000 ₹ 60,000

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️

anilsa9823

Unlocking the Future of AI Agents with Large Language Models

aagamshah0812

In an era where security concerns are paramount, the integration of artificial intelligence (AI) into CCTV cameras has revolutionized surveillance capabilities. One of the most significant advancements is the ability to achieve real-time threat detection, enabling immediate responses to potential security breaches. This blog explores how AI is reshaping surveillance through real-time threat detection and the implications of this technology.

Optimizing AI for immediate response in Smart CCTV

shikhaohhpro

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

HR Software Buyers Guide in 2024 - HRSoftware.com

Fatema Valibhai

Hand gesture recognition PROJECT PPT.pptx

bodapatigopi8531

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Conference: Engage2024 in Antwerp Type: Workshop Speakers: Florian Vogler, Henning Kunz, Christoph Adler Title: Navigating the Future with The Hitchhiker's Guide to Notes and Domino 14 Abstract: Embark on an exhilarating journey with industry trailblazers Florian Vogler, Henning Kunz, and Christoph Adler in this not-to-be-missed workshop at the forefront of the tech universe. Get ready for a thrilling kick-off as we navigate the current state of the HCL universe, setting the stage for an exploration of the groundbreaking Notes and Domino 14. Discover the latest enhancements and revolutionary features that will redefine your experience. In this interactive session, unlock a treasure trove of tips and tricks to elevate your utilization of version 14, both with and without the game-changing panagenda MarvelClient. Brace yourself for also diving into Nomad, Nomad Web, and VoltMX, expanding your horizons in the expansive HCL landscape. Be a part of this exclusive opportunity to stay ahead in the ever-evolving world of HCL technologies. Your journey to mastering Notes and Domino 14 begins here. And remember, in the spirit of intergalactic exploration, don't forget to bring your towel!

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

panagenda

Looking for an efficient way to manage your finances? Look no further than our money management app. With easy-to-use features, you can track your expenses, create budgets, and monitor your savings goals all in one place. Our app provides real-time updates on your spending habits and helps you make smarter financial decisions. Take control of your finances today with our user-friendly money management app.

Right Money Management App For Your Financial Goals

Jhone kinadey

Foundation models are machine learning models which are easily capable of performing variable tasks on large and huge datasets. FMs have managed to get a lot of attention due to this feature of handling large datasets. It can do text generation, video editing to protein folding and robotics. In case we believe that FMs can help the hospitals and patients in any way, we need to perform some important evaluations, tests to test these assumptions. In this review, we take a walk through Fms and their evaluation regimes assumed clinical value. To clarify on this topic, we reviewed no less than 80 clinical FMs built from the EMR data. We added all the models trained on structured and unstructured data. We are referring to this combination of structured and unstructured EMR data or clinical data.

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

harshavardhanraghave

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live Booking Contact Details :- WhatsApp Chat :- [+91-9999965857 ] The Best Call Girls Delhi At Your Service Russian Call Girls Delhi Doing anything intimate with can be a wonderful way to unwind from life's stresses, while having some fun. These girls specialize in providing sexual pleasure that will satisfy your fetishes; from tease and seduce their clients to keeping it all confidential - these services are also available both install and outcall, making them great additions for parties or business events alike. Their expert sex skills include deep penetration, oral sex, cum eating and cum eating - always respecting your wishes as part of the experience (29-April-2024(PSS)

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

Recently uploaded (20)

How To Use Server-Side Rendering with Nuxt.js

Microsoft AI Transformation Partner Playbook.pdf

SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI

Diamond Application Development Crafting Solutions with Precision

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...

Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

5 Signs You Need a Fashion PLM Software.pdf

CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️

Unlocking the Future of AI Agents with Large Language Models

Optimizing AI for immediate response in Smart CCTV

TECUNIQUE: Success Stories: IT Service provider

HR Software Buyers Guide in 2024 - HRSoftware.com

Hand gesture recognition PROJECT PPT.pptx

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...

Right Money Management App For Your Financial Goals

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live

Out-of-band Sql Injection Attacks (#hacktrickconf)

1. Out-of-band SQL Injection Attacks Omer Citak Hacktrick, May 2017

2. whoami Security Researcher @ Netsparker Ltd. Developer @ Another Times Writer @ Ethical Hacking “Offensive & Defensive” Book Blog: omercitak.com All Social Platform: @Om3rCitak

3. http

4. http

5. http

6. http

7. http - server side

8. server side

9. sql injection ● Inband ○ Error Based ● Indirect Inference ○ Boolean Based ○ Blind (Time Based) ● Out-of-band ○ Blind (HTTP, DNS)

10. sql injection ● Inband ○ Error Based .... ini_set('display_errors', 'On'); error_reporting(E_ALL); $sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'"; $results = mysql_query($sql); ...

11. sql injection ● Inband ○ Error Based

12. sql injection ● Indirect Inference ○ Boolean Based .... ini_set('display_errors', 'Off'); error_reporting(~E_ALL); $sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'"; $results = mysql_query($sql); $row_count = mysql_num_rows($results); if($row_count > 0) echo 'user exist'; else echo 'user not exist'; ...

13. sql injection ● Indirect Inference ○ Boolean Based

14. sql injection ● Indirect Inference ○ Blind (Time Based) .... ini_set('display_errors', 'Off'); error_reporting(~E_ALL); $sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'"; $results = mysql_query($sql); ...

15. sql injection ● Indirect Inference ○ Blind (Time Based)

16. sql injection ● Indirect Inference ○ Blind (Time Based) payload> ay' and if(substring(user(),1,1) = 'r', sleep(3), false) --

17. sql injection ● Indirect Inference ○ Blind (Time Based) payload> ay' and if(substring(user(),1,1) = 'a', sleep(3), false) --

18. sql injection ● Out-of-band ○ Blind (HTTP, DNS) .... ini_set('display_errors', 'Off'); error_reporting(~E_ALL); $sql = "SELECT * FROM users WHERE (username like '%".$_GET["param"]."%')"; $results = pg_query($sql); ...

19. demo ● dependencies; ○ 1 DNS server => 207.154.219.61 ■ Ubuntu 16 ■ Spiderlab Responder ○ 1 app & database server => 207.154.246.88 ■ Ubuntu 16 ■ Php7 ■ Postgresql 9.5 and 1 unit attacker

20. demo

21. where is the guvenlik?

22. thanks www.omercitak.com All Social Platform: @Om3rCitak

Out-of-band Sql Injection Attacks (#hacktrickconf)

Recommended

Recommended

More Related Content

Similar to Out-of-band Sql Injection Attacks (#hacktrickconf)

Similar to Out-of-band Sql Injection Attacks (#hacktrickconf) (20)

More from Ömer Çıtak

More from Ömer Çıtak (11)

Recently uploaded

Recently uploaded (20)

Out-of-band Sql Injection Attacks (#hacktrickconf)