Eve, Martin Paul (2009) Dual Stage SQL Injection Attacks. eve.gd ,
![[img]](https://eprints.bbk.ac.uk/style/images/fileicons/text.png) |
Text
2009-01-27-dual-stage-sql-injection-attacks.markdown - Published Version of Record Available under License Creative Commons Attribution. Download (5kB) |
Official URL: https://eve.gd/2009/01/27/dual-stage-sql-injection...
Abstract
I came across quite an interesting SQL Injection scenario today. The software in which the vulnerability resides will remain anonymous until fixed, but an abstracted version of the scenario can safely be outlined below. The objective of the software is to restrict user accounts to certain IP addresses when accessing a bulletin board. This shows how this can be bypassed using a dual-stage SQL injection attack.
Metadata
| Item Type: | Article |
|---|---|
| School: | Birkbeck Faculties and Schools > Faculty of Humanities and Social Sciences > School of Creative Arts, Culture and Communication |
| Research Centres and Institutes: | Contemporary Literature, Centre for |
| Depositing User: | Martin Eve |
| Date Deposited: | 20 Nov 2016 17:11 |
| Last Modified: | 24 Aug 2023 13:53 |
| URI: | https://eprints.bbk.ac.uk/id/eprint/16833 |
Statistics
Downloads
Activity Overview
6 month trend
6 month trend
Additional statistics are available via IRStats2.
Archive Staff Only (login required)
Edit/View Item