Irregular Expressions:

SQL injection

1

March 29, 2011  9:50 PM

Blind SQL Injection on mysql.com



Posted by: Dan O'Connor
blind sql injection, mysql hack, SQL injection

Weekend break-in at mysql.com, there is a posting on the full disclosure mailing list here; http://seclists.org/fulldisclosure/2011/Mar/309 The posting includes the structure of the db also usernames and password hashes.  I don't see any postings from mysql.com acknowledging the...

August 16, 2010  5:02 PM

The SQL CAST statement..



Posted by: Dan O'Connor
sql, sql cast, SQL injection

http://isc.sans.edu/diary.html?storyid=9397 I have played with this before, the most effective method I found of blocking these was looking for the CAST statement itself. The statement at least from the ones that I was playing with all had a "CAST", "SET", "VARCHAR", and "EXEC".  I found...


July 8, 2010  11:50 AM

thepiratebay.org



Posted by: Dan O'Connor
SQL injection, thepiratebay.org

There appears to have been more then a few SQL injection vulnerabilities on thepiratebay.org, http://krebsonsecurity.com/2010/07/pirate-bay-hack-exposes-user-booty/ The group responsible says that none of the information gained was sold or disseminated.  Still if you had an account there I...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: