DocumentCode :
2793532
Title :
Fast SQL blind injections in high latency networks
Author :
Focardi, R. ; Luccio, F.L. ; Squarcina, M.
Author_Institution :
Univ. Ca´ Foscari Venezia, Venice, Italy
fYear :
2012
fDate :
2-5 Oct. 2012
Firstpage :
1
Lastpage :
6
Abstract :
SQL injections are probably the most common vulnerability in Internet applications. They allow for injecting user selected input in database queries, getting access to sensitive data. Blind SQL Injections have the characteristic of never returning data directly. Instead, they give a 1-bit information about the success of the query. Queries can be iterated so to dump a whole database but this typically requires a long time. In the case of high latency networks this might become too long and more likely noticed by system administrators. We improve standard Blind SQL Injection techniques by considering probability-based and dictionary-based searches and by parallelising the queries. We show that these improvements make the attack much faster and effective even in high-latency networks.
Keywords :
Internet; SQL; dictionaries; probability; query processing; Internet applications; database queries; dictionary-based searches; fast SQL blind injections; high latency networks; high-latency networks; iterative queries; probability-based searches; query parallelisation; sensitive data access; standard blind SQL Injection; system administrators; Databases; Dictionaries; Electronic mail; Particle separators; Probabilistic logic; Probability distribution; Standards;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Satellite Telecommunications (ESTEL), 2012 IEEE First AESS European Conference on
Conference_Location :
Rome
Print_ISBN :
978-1-4673-4687-0
Electronic_ISBN :
978-1-4673-4686-3
Type :
conf
DOI :
10.1109/ESTEL.2012.6400112
Filename :
6400112
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2793532
بازگشت