Bugtraq mailing list archives
BENCHMARK() is not the only way to determine successfull MySQL injection
From: "Philip Stoev" <philip () stoev org>
Date: Tue, 6 Jul 2004 13:16:15 +0300
Hello, As far as the timing attack using BENCHMARK() is concerned, the same effect can be achieved as follows: 1. Inject GET_LOCK(1, 60); (this injection will return immediately regardless of success) 2. Inject GET_LOCK(1, 5); (if successfull, this injection will return in 5 seconds rather than immediately) This method provides exact delays independent of CPU speed, does not load the processor and does not require selecting an appropriate expression to BENCHMARK(). Philip Stoev
Whitepaper ********** We have written a paper that accompanies this advisory. The paper provides details of various MySQL lockdown techniques, and a review of common attacks on MySQL, including SQL injection. The paper can be found at http://www.ngssoftware.com/papers/HackproofingMySQL.pdf
---------------------------------------- My Inbox is protected by SPAMfighter 14126 spam mails have been blocked so far. Download free www.spamfighter.com today!
Current thread:
- MySQL Authentication Bypass NGSSoftware Insight Security Research (Jul 05)
- BENCHMARK() is not the only way to determine successfull MySQL injection Philip Stoev (Jul 06)