Full Disclosure mailing list archives
Re: SQL DB Structure Extraction vulnerabilities
From: Benji <me () b3nji com>
Date: Sun, 21 Mar 2010 20:10:25 +0000
I would love to, can you do an article about it please? Ive just about grasped email but I think I definitely have potential. Much love, Benji On Sun, Mar 21, 2010 at 7:56 PM, MustLive <mustlive () websecurity com ua>wrote:
*Hello Benji!*oh dude, I've missed you.Really? :-) To not miss me, you can read my site with help of Google Translate (and there is a link to Google Translate at every page of my site). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ----- Original Message ----- *From:* Benji <me () b3nji com> *To:* MustLive <mustlive () websecurity com ua> *Sent:* Saturday, March 20, 2010 9:30 PM *Subject:* Re: [Full-disclosure] SQL DB Structure Extraction vulnerabilities oh dude, I've missed you. On Wed, Mar 17, 2010 at 9:36 PM, MustLive <mustlive () websecurity com ua>wrote:Hello Full-Disclosure! Yesterday I wrote English version of my article SQL DB Structure Extraction vulnerabilities (http://websecurity.com.ua/4038/). There is such variety of Information Leakage vulnerabilities as SQL DB Structure Extraction. This vulnerability lie in that there is information leakage in web application about structure of the database. This information leakage can be of use at SQL Injection attack. Such vulnerability I found first time already in 2006 (at one site) and gave it this name. Such vulnerabilities I found at many web sites and also in many web applications. In the article I talked about SQL DB Structure Extraction, different variants of SQL Errors (three variants) and about difference between SQL DB Structure Extraction and SQL Error. You can read the article SQL DB Structure Extraction vulnerabilities at my site: http://websecurity.com.ua/4038/ Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SQL DB Structure Extraction vulnerabilities MustLive (Mar 18)
- Re: SQL DB Structure Extraction vulnerabilities Benji (Mar 20)
- Message not available
- Message not available
- Re: SQL DB Structure Extraction vulnerabilities Benji (Mar 21)
- Message not available
- Re: SQL DB Structure Extraction vulnerabilities julian steward (Mar 21)