Whitepaper - Blindfolded SQL Injection

From: WebCohort Research (research@webcohort.com)
Date: Mon Sep 01 2003 - 14:51:41 EDT


WebCohort Presents "Blindfolded SQL Injection" - a white paper
describing how SQL Injection can be performed without deatiled error
messages:

Description:
-----------
Until today, exploiting SQL Injection attacks depended on having the Web
Server return detailed error messages or having any other source of
information. As a result, many security administrators supressed these
error messages, assuming this would protect them from SQL Injection
exploitation. This white paper shows, however, that supressing the error
messages does not provide real protection. The research done at
WebCohort reveales a set of techniques that can be easily used by
attackers in order to bypass this obstacle, making it clear that more
substantial measures must be taken against SQL Injection attacks.

Authors:
-------
Ofer Maor, Senior Security Consultant, WebCohort Technologies. Amichai
Shulman, CTO, WebCohort Technologies.

Download:
--------
The whitepaper can be obtained at
http://www.webcohort.com/Blindfolded_SQL_Injection.pdf

Table of Contents:
-----------------
Overview 3
Identifying Injections 5
   Recognizing Errors 5
   Locating Errors 6
   Identifying SQL Injection Vulnerable Parameters 6
Performing the Injection 8
   Getting the Syntax Right 8
   Identifying the Database 9
   Exploiting the Injection 10
UNION SELECT Injections 11
   Counting the Columns 11
   Identifying Columns Types 13
Summary 15

---
WebCohort Technologies
http://www.webcohort.com/
U.S. Toll Free: 1-866-592-1289
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT