Bugtraq mailing list archives
Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
From: Razi Shaban <razishaban () gmail com>
Date: Fri, 6 Feb 2009 18:50:25 +0200
On Fri, Feb 6, 2009 at 2:10 PM, Daniel Kachakil <dani () kachakil com> wrote:
Hi, I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.
This isn't new, this is old news. It might be the first paper written about the topic, but these methods have been used for years.
Current thread:
- SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Daniel Kachakil (Feb 06)
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Razi Shaban (Feb 06)
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Roman Medina-Heigl Hernandez (Feb 09)
- Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!) Razi Shaban (Feb 06)