AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
An Approach for SQL Injection Vulnerability Detection
ITNG '09 Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations
Combining static and dynamic reasoning for bug detection
TAP'07 Proceedings of the 1st international conference on Tests and proofs
Evaluation of SQL Injection Detection and Prevention Techniques
CICSYN '10 Proceedings of the 2010 2nd International Conference on Computational Intelligence, Communication Systems and Networks
SQL Injections: The blackhat's toolbox: SQL injections
Network Security
| Hi-index | 0.00 |
The suite of tools presented here was developed to exploit the lack of sanitisation found in user inputs that reached a target database and sometimes even the server. The focus for the design of the tools was a BLIND SQL injection, the verbosity of the attack and the possibility to inject a web shell which enabled Meterpreter to open a reverse connection. The tools demonstrate how dangerous SQL injection can be, specifically on the AMP platforms. The method of reporting and the ease of use meant that the AMPA suite was a good set of tools for professional penetration testers, who may also require flexibility and customisation from open source software. An attack using the suite will be presented and the results discussed.