SFX-SQLi (Select For XML SQL injection)

Posted April 6th, 2010. Filed under Security Stuff

SFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.

This technique is based on the FOR XML clause, which is able to convert the content of a table into a single string, so its contents could be appended to some field injecting a subquery into a vulnerable input of a web application.

Paper : click
Mai multe informatii aici : http://www.kachakil.com/papers/sfx-sqli-en.htm . Source code + binary + test.

Leave a Comment

Powered by HaxTor | CopyWrong © 2011