| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 17 Mar 2010 23:36:48 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <full-disclosure@...ts.grok.org.uk> Subject: SQL DB Structure Extraction vulnerabilities Hello Full-Disclosure! Yesterday I wrote English version of my article SQL DB Structure Extraction vulnerabilities (http://websecurity.com.ua/4038/). There is such variety of Information Leakage vulnerabilities as SQL DB Structure Extraction. This vulnerability lie in that there is information leakage in web application about structure of the database. This information leakage can be of use at SQL Injection attack. Such vulnerability I found first time already in 2006 (at one site) and gave it this name. Such vulnerabilities I found at many web sites and also in many web applications. In the article I talked about SQL DB Structure Extraction, different variants of SQL Errors (three variants) and about difference between SQL DB Structure Extraction and SQL Error. You can read the article SQL DB Structure Extraction vulnerabilities at my site: http://websecurity.com.ua/4038/ Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists