BIROn - Birkbeck Institutional Research Online

    Dual Stage SQL Injection Attacks

    Eve, Martin Paul (2009) Dual Stage SQL Injection Attacks. ,

    [img] Text
    2009-01-27-dual-stage-sql-injection-attacks.markdown - Published Version of Record
    Available under License Creative Commons Attribution.

    Download (5kB)


    I came across quite an interesting SQL Injection scenario today. The software in which the vulnerability resides will remain anonymous until fixed, but an abstracted version of the scenario can safely be outlined below. The objective of the software is to restrict user accounts to certain IP addresses when accessing a bulletin board. This shows how this can be bypassed using a dual-stage SQL injection attack.


    Item Type: Article
    School: Birkbeck Faculties and Schools > Faculty of Humanities and Social Sciences > School of Creative Arts, Culture and Communication
    Research Centres and Institutes: Contemporary Literature, Centre for
    Depositing User: Martin Eve
    Date Deposited: 20 Nov 2016 17:11
    Last Modified: 24 Aug 2023 13:53


    Activity Overview
    6 month trend
    6 month trend

    Additional statistics are available via IRStats2.

    Archive Staff Only (login required)

    Edit/View Item Edit/View Item