lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: 9 Sep 2008 11:22:20 -0000
From: douglen@...mail.com
To: bugtraq@...urityfocus.com
Subject: SQL Smuggling

After our corporate website reshuffling, I thought that now would be a good time to send this here too...
We released a research paper a few months ago, regarding a sub-class of SQL Injection that has not received attention till now. The crux is that when it comes to SQLi, protection and detection do not typically take the architecture into account; this can allow smuggling attacks which are not blocked or discovered.

The paper can be found at:
http://www.ComsecGlobal.com/framework/Upload/SQL_Smuggling.pdf 

>From the paper:
"This paper will present a new class of attack, called SQL Smuggling. SQL Smuggling is a sub-class of SQL Injection attacks that rely on differences between contextual interpretation performed by the application platform and the database server.  While numerous instances of SQL Smuggling are commonly known, it has yet to be examined as a discrete class of attacks, with a common root cause. The root cause in fact has not yet been thoroughly investigated; this research is a result of a new smuggling technique, presented in this paper. It is fair to assume that further study of this commonality will likely lead to additional findings in this area. 

SQL Smuggling attacks can effectively bypass standard protective mechanisms and succeed in injecting malicious SQL to the database, in spite of these protective mechanisms. This paper explores several situations wherein these protective mechanisms are not as effective as assumed, and thus may be bypassed by malicious attackers. This in effect allows an attacker to succeed in "smuggling" his SQL Injection attack through the applicative protections, and attack the database despite those protections.  "

Of course, I'm looking forward to hearing about other instances of this...

Cheers,
AviD

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ