Penetration Testing mailing list archives

Re: SQL Injection - Waitfor delay

From: xelerated <xelerated () gmail com>
Date: Thu, 16 Oct 2008 16:53:18 -0400

Thank you all for the valuable information!



On Thu, Oct 16, 2008 at 4:45 PM, Haroon Meer <haroon () sensepost com> wrote:

Hiya(s)

On 16 Oct 2008, at 4:33, p1g <killfactory () gmail com> wrote:


Check out the DefCon site. There was a session that covered some these
techniques.

On Mon, Oct 13, 2008 at 9:42 AM, xelerated <xelerated () gmail com> wrote:


Hi all,
I am trying to find more information about a SQL Injection using
"waitfor delay".


Check out http://www.sensepost.com/research/squeeza for a tool that
automates this (and a paper that covers the concept in depth)

/mh

--
Haroon Meer
haroon () sensepost com
+27 83 786 6637



** CRM114 Whitelisted by: From haroon () sensepost com **


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------

Current thread:

SQL Injection - Waitfor delay xelerated (Oct 13)
- Re: SQL Injection - Waitfor delay rajat swarup (Oct 13)
- Re: SQL Injection - Waitfor delay Krugger (Oct 14)
- Re: SQL Injection - Waitfor delay p1g (Oct 16)
  - Re: SQL Injection - Waitfor delay Anthony Cicalla (Oct 16)
  - Re: SQL Injection - Waitfor delay Haroon Meer (Oct 16)
    - Re: SQL Injection - Waitfor delay xelerated (Oct 16)
- Re: SQL Injection - Waitfor delay Robin Wood (Oct 16)
- <Possible follow-ups>
- Re: SQL Injection - Waitfor delay Parity (Oct 14)
  - Re: SQL Injection - Waitfor delay Anthony Cicalla (Oct 15)