| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <001b01c46342$46717ad0$0100a8c0@tamara> Date: Tue, 6 Jul 2004 13:16:15 +0300 From: "Philip Stoev" <philip@...ev.org> To: "NGSSoftware Insight Security Research" <nisr@...tgenss.com>, <bugtraq@...urityfocus.com>, <vulnwatch@...nwatch.org> Subject: BENCHMARK() is not the only way to determine successfull MySQL injection Hello, As far as the timing attack using BENCHMARK() is concerned, the same effect can be achieved as follows: 1. Inject GET_LOCK(1, 60); (this injection will return immediately regardless of success) 2. Inject GET_LOCK(1, 5); (if successfull, this injection will return in 5 seconds rather than immediately) This method provides exact delays independent of CPU speed, does not load the processor and does not require selecting an appropriate expression to BENCHMARK(). Philip Stoev > Whitepaper > ********** > > We have written a paper that accompanies this advisory. The paper > provides details of various MySQL lockdown techniques, and a review of > common attacks on MySQL, including SQL injection. The paper can be found > at > > http://www.ngssoftware.com/papers/HackproofingMySQL.pdf ---------------------------------------- My Inbox is protected by SPAMfighter 14126 spam mails have been blocked so far. Download free www.spamfighter.com today!
Powered by blists - more mailing lists