최근 Milw0rm 사이트에 다양한  유형의 MSSQL Injection 공격 기법에 대해서 설명해 놓은 페이퍼가 올라왔습니다. 보기 드물만큼 아주 좋은 페이퍼여서 TXT파일을 PDF로 변환하여 올립니다.

다음은 페이퍼 목차입니다.


|=--------------------------------------------------------------------=|
|=----------------=[  Full MSSQL Injection PWNage  ]=-----------------=|
|=-----------------------=[ 28 January 2009 ]=------------------------=|
|=---------------------=[  By CWH Underground  ]=---------------------=|
|=--------------------------------------------------------------------=|


######
Info
######

Title : Full MSSQL Injection PWNage
Author : ZeQ3uL && JabAv0C
Team    : CWH Underground [www.milw0rm.com/author/1456]
Website : cwh.citec.us / www.citec.us
Date : 2009-01-28


##########
Contents
##########

  [0x00] - Introduction

  [0x01] - Know the Basic of SQL injection

[0x01a] - Introduction to SQL Injection Attack
[0x01b] - How to Test sites that are Vulnerable in SQL Injection
[0x01c] - Bypass Authentication with SQL Injection
[0x01d] - Audit Log Evasion
[0x01e] - (Perl Script) SQL-Google searching vulnerable sites

  [0x02] - MSSQL Normal SQL Injection Attack

[0x02a] - ODBC Error Message Attack with "HAVING" and "GROUP BY"
[0x02b] - ODBC Error Message Attack with "CONVERT"
[0x02c] - MSSQL Injection with UNION Attack
[0x02d] - MSSQL Injection in Web Services (SOAP Injection)

  [0x03] - MSSQL Blind SQL Injection Attack

[0x03a] - How to Test sites that are Vulnerable in Blind SQL Injection
[0x03b] - Determine data through Blind SQL Injection
[0x03c] - Exploit Query for get Table name
[0x03d] - Exploit Query for get Column name

  [0x04] - More Dangerous SQL Injection Attack

[0x04a] - Dangerous from Extended Stored Procedures
[0x04b] - Advanced SQL Injection Techniques
[0x04c] - Mass MSSQL Injection Worms

  [0x05] - MSSQL Injection Cheat Sheet

  [0x06] - SQL Injection Countermeasures

  [0x07] - References

  [0x08] - Greetz To

2009/07/16 19:59 2009/07/16 19:59

Trackback Address :: 이 글에는 트랙백을 보낼 수 없습니다