BIROn - Birkbeck Institutional Research Online

    Dual Stage SQL Injection Attacks

    Eve, Martin Paul (2009) Dual Stage SQL Injection Attacks. martineve.com ,

    [img] Text
    2009-01-27-dual-stage-sql-injection-attacks.markdown - Published Version
    Available under License Creative Commons Attribution.

    Download (5kB)

    Abstract

    I came across quite an interesting SQL Injection scenario today. The software in which the vulnerability resides will remain anonymous until fixed, but an abstracted version of the scenario can safely be outlined below. The objective of the software is to restrict user accounts to certain IP addresses when accessing a bulletin board. This shows how this can be bypassed using a dual-stage SQL injection attack.

    Metadata

    Item Type: Article
    School: Birkbeck Schools and Departments > School of Arts > English and Humanities
    Research Centre: Contemporary Literature, Centre for
    Depositing User: Martin Paul Eve
    Date Deposited: 20 Nov 2016 17:11
    Last Modified: 07 Dec 2016 15:37
    URI: http://eprints.bbk.ac.uk/id/eprint/16833

    Statistics

    Downloads
    Activity Overview
    13Downloads
    145Hits

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item