Re: SFX-SQLi: A new SQL injection technique for SQL Server (dumps a table in one request!)

[seclists <seclists () 126 com>]

The Chinese version MSSQL Injection FOR MSSQL 2005 & 2008 can be found at 
http://www.pcsec.org/archives/SFX-SQLi-A-new-SQL-injection-technique-for-MSSQL-dumps-a-table-in-one-request.html
 


在2009-02-08?00:02:21，"Daniel?Kachakil"?<dani () kachakil com>?写道：
> Hi,
>
> I?am?glad?to?release?SFX-SQLi?(Select?For?XML?SQL?injection),?a?new?SQL?
> injection?technique?which?allows?to?extract?the?whole?information?of?a?
> Microsoft?SQL?Server?2005/2008?database?in?an?extremely?fast?and?efficient?
> way.
>
> This?technique?is?based?on?the?FOR?XML?clause,?which?is?able?to?convert?the?
> content?of?a?table?into?a?single?string,?so?its?contents?could?be?appended?
> to?some?field?injecting?a?subquery?into?a?vulnerable?input?of?a?web?
> application.?In?most?cases,?this?method?can?dump?all?the?contents?of?any?
> table?using?only?ONE?REQUEST?to?the?web?server,?without?the?need?of?any?
> special?permission?on?the?DBMS.
>
> I?have?written?a?paper?describing?how?the?technique?works?and?in?which?
> fundamentals?it?is?based,?and?I?have?also?developed?a?tool?which?implements?
> this?technique?as?a?proof?of?concept?(with?the?source?code?included).
>
> You?can?get?them?through?this?URL:
>
> http://www.kachakil.com/papers/SFX-SQLi-en.htm
>
> Regards,
> ??Daniel?Kachakil?
>
>
> _______________________________________________
> Full-Disclosure?-?We?believe?in?it.
> Charter:?http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted?and?sponsored?by?Secunia?-?http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/