19th-20th November 2011 - Melbourne, Australia
SQL Injection vulnerabilities are common and relatively well-known, however, most current discussion of SQL injection attacks focus on WAF bypass or gaining more access to the system (e.g. code execution). This talk focuses on how to be more efficient in retrieving the information stored within the database. This talk contains three major components:
Firstly: How to reduce the size of SQL injection attacks, for example, replacing "or 1=1" with "or 1" in MySQL, as well as how some functions can help reduce exploit size.
Secondly: How to retrieve more information with only a single request, for example, how to utilise information encoding, compression functions and previous knowledge (such as data-type and format) to retrieve more data.
Finally: How to retrieve more information using more states; blind SQL injection exploitation is based on boolean states, but in some situations, more states can be created.
Louis and Luke work as security consultants for Securus Global in Melbourne.
Their research mainly focuses on web and database security issues.
They spend their day saving the internet and their night bypassing your WAF.