Dual Stage SQL Injection Attacks
Eve, Martin Paul (2009) Dual Stage SQL Injection Attacks. martineve.com ,
2009-01-27-dual-stage-sql-injection-attacks.markdown - Published Version
Available under License Creative Commons Attribution.
I came across quite an interesting SQL Injection scenario today. The software in which the vulnerability resides will remain anonymous until fixed, but an abstracted version of the scenario can safely be outlined below. The objective of the software is to restrict user accounts to certain IP addresses when accessing a bulletin board. This shows how this can be bypassed using a dual-stage SQL injection attack.
|School:||Birkbeck Schools and Departments > School of Arts > English and Humanities|
|Research Centre:||Contemporary Literature, Centre for|
|Depositing User:||Martin Paul Eve|
|Date Deposited:||20 Nov 2016 17:11|
|Last Modified:||07 Dec 2016 15:37|
Additional statistics are available via IRStats2.