Título: SQL Injection Attacks and Defense (PDF) Publicado por: 2Fac3R en 19 Octubre 2011, 22:53 pm Un manual muy completo de Ataques y defensa de las SQLi:
CONTENIDO: Citar Chapter 1 What Is SQL Injection?. 1 Introduction . 2 Understanding How Web Applications Work. 2 A Simple Application Architecture. 4 A More Complex Architecture. 5 Understanding SQL Injection. 6 High-Profile Examples. 10 Understanding How It Happens. 13 Dynamic String Building . 13 Incorrectly Handled Escape Characters. 14 Incorrectly Handled Types . 15 Incorrectly Handled Query Assembly. 17 Incorrectly Handled Errors. 18 Incorrectly Handled Multiple Submissions . 19 Insecure Database Configuration. 21 Summary. 24 Solutions Fast Track. 24 Frequently Asked Questions. 26 Chapter 2 Testing for SQL Injection. 29 Introduction . 30 Finding SQL Injection. 30 Testing by Inference. 31 Identifying Data Entry. 31 GET Requests . 31 POST Requests . 32 Other Injectable Data . 35 Manipulating Parameters . 36 Information Workf low. 39 Database Errors . 40 Commonly Displayed SQL Errors . 41 Microsoft SQL Server Errors. 41 MySQL Errors . 46 Oracle Errors . 49 ix More free ebooks : http://fast-file.blogspot.com x Contents Application Response. 51 Generic Errors. 51 HTTP Code Errors. 54 Different Response Sizes . 55 Blind Injection Detection. 56 Confirming SQL Injection. 60 Differentiating Numbers and Strings. 61 Inline SQL Injection . 62 Injecting Strings Inline. 62 Injecting Numeric Values Inline. 65 Terminating SQL Injection. 68 Database Comment Syntax. 69 Using Comments. 70 Executing Multiple Statements. 74 Time Delays. 79 Automating SQL Injection Discovery. 80 Tools for Automatically Finding SQL Injection . 81 HP WebInspect . 81 IBM Rational AppScan . 83 HP Scrawlr. 85 SQLiX . 87 Paros Proxy. 88 Summary. 91 Solutions Fast Track. 91 Frequently Asked Questions. 93 Chapter 3 Reviewing Code for SQL Injection . 95 Introduction . 96 Reviewing Source Code for SQL Injection. 96 Dangerous Coding Behaviors . 98 Dangerous Functions . 105 Following the Data. 109 Following Data in PHP. 110 Following Data in Java. 114 Following Data in C#. 115 Reviewing PL/SQL and T-SQL Code. 117 Automated Source Code Review. 124 Yet Another Source Code Analyzer (YASCA) . 125 Pixy. 126 AppCodeScan . 127 More free ebooks : http://fast-file.blogspot.com Contents xi LAPSE. 127 Security Compass Web Application Analysis Tool (SWAAT). 128 Microsoft Source Code Analyzer for SQL Injection. 128 Microsoft Code Analysis Tool .NET (CAT.NET). 129 Commercial Source Code Review Tools. 129 Ounce. 131 Source Code Analysis. 131 CodeSecure. 132 Summary. 133 Solutions Fast Track. 133 Frequently Asked Questions. 135 Chapter 4 Exploiting SQL Injection . 137 Introduction . 138 Understanding Common Exploit Techniques. 139 Using Stacked Queries. 141 Identifying the Database. 142 Non-Blind Fingerprint. 142 Banner Grabbing. 144 Blind Fingerprint. 146 Extracting Data through UNION Statements. 148 Matching Columns. 149 Matching Data Types . 151 Using Conditional Statements. 156 Approach 1: Time-based. 157 Approach 2: Error-based. 159 Approach 3: Content-based. 161 Working with Strings. 161 Extending the Attack . 163 Using Errors for SQL Injection. 164 Error Messages in Oracle . 167 Enumerating the Database Schema. 170 SQL Server . 171 MySQL. 177 Oracle. 180 Escalating Privileges. 183 SQL Server . 184 Privilege Escalation on Unpatched Servers . 189 Oracle. 190 More free ebooks : http://fast-file.blogspot.com xii Contents Stealing the Password Hashes . 192 SQL Server . 192 MySQL. 194 Oracle. 194 Oracle Components. 196 APEX. 196 Oracle Internet Directory . 197 Out-of-Band Communication . 198 E-mail. 199 Microsoft SQL Server . 199 Oracle. 202 HTTP/DNS. 203 File System. 203 SQL Server. 204 MySQL. 207 Oracle. 208 Automating SQL Injection Exploitation. 208 Sqlmap. 208 Sqlmap Example . 209 Bobcat. 211 BSQL . 212 Other Tools . 214 Summary. 215 Solutions Fast Track. 215 Frequently Asked Questions. 218 Chapter 5 Blind SQL Injection Exploitation. 219 Introduction . 220 Finding and Confirming Blind SQL Injection. 221 Forcing Generic Errors. 221 Injecting Queries with Side Effects. 222 Spitting and Balancing . 222 Common Blind SQL Injection Scenarios . 225 Blind SQL Injection Techniques. 225 Inference Techniques. 226 Increasing the Complexity of Inference Techniques. 230 Alternative Channel Techniques. 234 Using Time-Based Techniques. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235 Delaying Database Queries. 235 MySQL Delays . 235 More free ebooks : http://fast-file.blogspot.com Contents xiii Generic MySQL Binary Search Inference Exploits . 237 Generic MySQL Bit-by-Bit Inference Exploits. 237 SQL Server Delays. 238 Generic SQL Server Binary Search Inference Exploits. 240 Generic SQL Server Bit-by-Bit Inference Exploits . 240 Oracle Delays . 240 Time-Based Inference Considerations. 241 Using Response-Based Techniques. 242 MySQL Response Techniques. 242 SQL Server Response Techniques. 244 Oracle Response Techniques. 246 Returning More Than One Bit of Information. 247 Using Alternative Channels. 249 Database Connections. 250 DNS Exfiltration . 251 E-mail Exfiltration. 255 HTTP Exfiltration. 256 Automating Blind SQL Injection Exploitation. 258 Absinthe . 258 BSQL Hacker . 260 SQLBrute . 263 Sqlninja. 264 Squeeza. 265 Summary. 267 Solutions Fast Track. 267 Frequently Asked Questions. 270 Chapter 6 Exploiting the Operating System. 271 Introduction . 272 Accessing the File System. 273 Reading Files. 273 MySQL. 274 Microsoft SQL Server . 280 Oracle. 289 Writing Files . 291 MySQL. 292 Microsoft SQL Server . 295 Oracle. 300 Executing Operating System Commands. 301 Direct Execution . 301 More free ebooks : http://fast-file.blogspot.com xiv Contents Oracle. 301 DBMS_SCHEDULER. 302 PL/SQL Native. 302 Other Possibilities. 303 Alter System Set Events. 303 PL/SQL Native 9i. 303 Buffer Overflows. 304 Custom Application Code. 304 MySQL. 304 Microsoft SQL Server . 305 Consolidating Access . 309 Summary. 312 Solutions Fast Track. 312 Frequently Asked Questions. 314 Endnotes. 315 Chapter 7 Advanced Topics . 317 Introduction . 318 Evading Input Filters . 318 Using Case Variation. 319 Using SQL Comments. 319 Using URL Encoding . 320 Using Dynamic Query Execution. 322 Using Null Bytes. 323 Nesting Stripped Expressions . 324 Exploiting Truncation. 324 Bypassing Custom Filters . 326 Using Non-Standard Entry Points. 327 Exploiting Second-Order SQL Injection. 329 Finding Second-Order Vulnerabilities. 332 Using Hybrid Attacks. 335 Leveraging Captured Data. 335 Creating Cross-Site Scripting . 335 Running Operating System Commands on Oracle . 336 Exploiting Authenticated Vulnerabilities. 337 Summary. 338 Solutions Fast Track. 338 Frequently Asked Questions. 340 More free ebooks : http://fast-file.blogspot.com Contents xv Chapter 8 Code-Level Defenses. 341 Introduction . 342 Using Parameterized Statements. 342 Parameterized Statements in Java. 344 Parameterized Statements in .NET (C#). 345 Parameterized Statements in PHP. 347 Parameterized Statements in PL/SQL. 348 Validating Input. 349 Whitelisting. 349 Blacklisting. 351 Validating Input in Java. 353 Validating Input in .NET. 354 Validating Input in PHP. 354 Encoding Output. 355 Encoding to the Database. 355 Encoding for Oracle . 356 Oracle dbms_assert. 357 Encoding for Microsoft SQL Server. 359 Encoding for MySQL. 360 Canonicalization . 362 Canonicalization Approaches. 363 Working with Unicode . 364 Designing to Avoid the Dangers of SQL Injection. 365 Using Stored Procedures. 366 Using Abstraction Layers. 367 Handling Sensitive Data. 368 Avoiding Obvious Object Names. 369 Setting Up Database Honeypots . 370 Additional Secure Development Resources. 371 Summary. 373 Solutions Fast Track. 373 Frequently Asked Questions. 375 Chapter 9 Platform-Level Defenses. 377 Introduction . 378 Using Runtime Protection. 378 Web Application Firewalls. 379 Using ModSecurity. 380 Configurable Rule Set. 380 Request Coverage. 383 More free ebooks : http://fast-file.blogspot.com xvi Contents Request Normalization. 383 Response Analysis. 384 Intrusion Detection Capabilities. 385 Intercepting Filters. 386 Web Server Filters. 386 Application Filters. 389 Implementing the Filter Pattern in Scripted Languages . 390 Filtering Web Service Messages. 391 Non-Editable versus Editable Input Protection. 391 URL/Page-Level Strategies. 392 Page Overriding . 392 URL Rewriting . 393 Resource Proxying/Wrapping . 393 Aspect-Oriented Programming (AOP) . 393 Application Intrusion Detection Systems (IDSs). 394 Database Firewall. 394 Securing the Database . 395 Locking Down the Application Data. 395 Use the Least-Privileged Database Login. 395 Revoke PUBLIC Permissions. 396 Use Stored Procedures. 396 Use Strong Cryptography to Protect Stored Sensitive Data . 397 Maintaining an Audit Trail. 398 Oracle Error Triggers. 398 Locking Down the Database Server. 400 Additional Lockdown of System Objects. . . . . . . . . . . . . . . . . . . . . . . . 400 Restrict Ad Hoc Querying. 401 Strengthen Controls Surrounding Authentication . 401 Run in the Context of the Least-Privileged Operating System Account . 401 Ensure That the Database Server Software Is Patched. 402 Additional Deployment Considerations. 403 Minimize Unnecessary Information Leakage. 403 Suppress Error Messages. 403 Use an Empty Default Web Site. 406 Use Dummy Host Names for Reverse DNS Lookups. 406 Use Wildcard SSL Certificates . 407 Limit Discovery via Search Engine Hacking. 407 Disable Web Services Description Language (WSDL) Information. 408 More free ebooks : http://fast-file.blogspot.com Contents xvii Increase the Verbosity of Web Server Logs . 409 Deploy the Web and Database Servers on Separate Hosts. 409 Configure Network Access Control. 409 Summary. 410 Solutions Fast Track. 410 Frequently Asked Questions. 412 Chapter 10 References. 415 Introduction . 416 Structured Query Language (SQL) Primer. 416 SQL Queries. 416 SELECT Statement. 417 UNION Operator. 417 INSERT Statement. 418 UPDATE Statement. 418 DELETE Statement. 418 DROP Statement . 420 CREATE TABLE Statement . 420 ALTER TABLE Statement. 420 GROUP BY Statement. 421 ORDER BY Clause. 421 Limiting the Result Set . 421 SQL Injection Quick Reference. 422 Identifying the Database Platform. 422 Identifying the Database Platform via Time Delay Inference . 423 Identifying the Database Platform via SQL Dialect Inference. 423 Combining Multiple Rows into a Single Row. 424 Microsoft SQL Server Cheat Sheet. 425 Enumerating Database Configuration Information and Schema. 425 Blind SQL Injection Functions: Microsoft SQL Server . 427 Microsoft SQL Server Privilege Escalation . 427 OPENROWSET Reauthentication Attack. 428 Attacking the Database Server: Microsoft SQL Server. 429 System Command Execution via xp_cmdshell . 429 xp_cmdshell Alternative. 430 Cracking Database Passwords. 430 Microsoft SQL Server 2005 Hashes . 431 File Read/Write. 431 More free ebooks : http://fast-file.blogspot.com xviii Contents MySQL Cheat Sheet . 431 Enumerating Database Configuration Information and Schema . 431 Blind SQL Injection Functions: MySQL. 432 Attacking the Database Server: MySQL . 433 System Command Execution. 433 Cracking Database Passwords. 434 Attacking the Database Directly. 434 File Read/Write. 434 Oracle Cheat Sheet . 435 Enumerating Database Configuration Information and Schema . 435 Blind SQL Injection Functions: Oracle. 436 Attacking the Database Server: Oracle. 437 Command Execution . 437 Reading Local Files. 437 Reading Local Files (PL/SQL Injection Only) . 438 Writing Local Files (PL/SQL Injection Only). 439 Cracking Database Passwords. 440 Bypassing Input Validation Filters . 440 Quote Filters. 440 HTTP Encoding . 442 Troubleshooting SQL Injection Attacks. 443 SQL Injection on Other Platforms. 446 PostgreSQL Cheat Sheet. 446 Enumerating Database Configuration Information and Schema . 447 Blind SQL Injection Functions: PostgreSQL. 448 Attacking the Database Server: PostgreSQL. 448 System Command Execution. 448 Local File Access. 449 Cracking Database Passwords. 449 DB2 Cheat Sheet. 449 Enumerating Database Configuration Information and Schema . 449 Blind SQL Injection Functions: DB2. 450 Informix Cheat Sheet. 451 Enumerating Database Configuration Information and Schema . 451 Blind SQL Injection Functions: Informix. 452 More free ebooks : http://fast-file.blogspot.com Contents xix Ingres Cheat Sheet. 452 Enumerating Database Configuration Information and Schema . 452 Blind SQL Injection Functions: Ingres . 453 Microsoft Access. 453 Resources . 453 SQL Injection White Papers. 453 SQL Injection Cheat Sheets. 454 SQL Injection Exploit Tools. 454 Password Cracking Tools. 455 Solutions Fast Track. 456 Index. 459 DESCARGAR -- > http://www.multiupload.com/E5REDO8VFI Título: Re: SQL Injection Attacks and Defense (PDF) Publicado por: adastra en 19 Octubre 2011, 23:06 pm Gracias 2Fac3R!
Tiene buena pinta, le hecharé un vistazo. :o :o Título: Re: SQL Injection Attacks and Defense (PDF) Publicado por: Sorke en 20 Octubre 2011, 04:57 am Sinceramente, increíble, muchas gracias 2Fac3R!!
Título: Re: SQL Injection Attacks and Defense (PDF) Publicado por: berz3k en 21 Octubre 2011, 06:04 am Es una publicacion de Syngress Publishing, Inc. desde el 2009 faltan cosa, apenas me lo estoy leyendo
-berz3k. Título: Re: SQL Injection Attacks and Defense (PDF) Publicado por: cibergolen en 28 Octubre 2011, 13:53 pm Me duelen los ojos de leer ;-)
Se agradece! Un saludo |