Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL Injection - Waitfor delay

From: Krugger <merc4krugger () gmail com>
Date: Tue, 14 Oct 2008 10:12:45 +0100
Hi,

I am not aware of using waitfor delay to improve blind SQL injection
automation, but from the its own documentation you might come up with
something interesting.

"Each WAITFOR statement has a thread associated with it. If many
WAITFOR statements are specified on the same server, many threads can
be tied up waiting for these statements to run. SQL Server monitors
the number of threads associated with WAITFOR statements, and randomly
selects some of these threads to exit if the server starts to
experience thread starvation.

You can create a deadlock by running a query with WAITFOR within a
transaction that also holds locks preventing changes to the rowset
that the WAITFOR statement is trying to access. SQL Server identifies
these scenarios and returns an empty result set if the chance of such
a deadlock exists."

Deadlocking the database is something I have never been able to do,
but it does sound nice as a denial of service.

Krugger

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: