Advanced SQL Injection In SQL Server Applications

Introduction

Structured Query Language (‘SQL’) is a textual language used to interact with relational
databases. There are many varieties of SQL; most dialects that are in common use at the
moment are loosely based around SQL-92, the most recent ANSI standard. The typical
unit of execution of SQL is the ‘query’, which is a collection of statements that typically
return a single ‘result set’. SQL statements can modify the structure of databases (using
Data Definition Language statements, or ‘DDL’) and manipulate the contents of databases
(using Data Manipulation Language statements, or ‘DML’). In this paper, we will be
specifically discussing Transact-SQL, the dialect of SQL used by Microsoft SQL Server.
SQL Injection occurs when an attacker is able to insert a series of SQL statements into a
‘query’ by manipulating data input into an application.

Table of Contents

  • [Abstract] …
  • [Introduction]…
  • [Obtaining Information Using Error Messages] …
  • [Leveraging Further Access]…
  • [xp_cmdshell] …
  • [xp_regread]…
  • [Other Extended Stored Procedures] …
  • [Linked Servers]…
  • [Custom extended stored procedures]…
  • [Importing text files into tables] …
  • [Creating Text Files using BCP]…
  • [ActiveX automation scripts in SQL Server]…
  • [Stored Procedures]…
  • [Advanced SQL Injection]…
  • [Strings without quotes]…
  • [Second-Order SQL Injection]…
  • [Length Limits]…
  • [Audit Evasion]…
  • [Defences]…
  • [Input Validation]…
  • [SQL Server Lockdown]…
  • [References]…
  • Appendix A - ‘SQLCrack’…
  • (sqlcrack.sql)…

Download: Advanced SQL Injection in SQL Applications.pdf (312.1 KB)

Happy learning!

3 Likes