290 likes | 540 Views
Advanced SQL Injection with SQLol. Daniel Crowley. Whom?. Daniel Crowley Trustwave SpiderLabs @ dan_crowley dcrowley@trustwave.com. What?. SQLol A configurable SQLi test-bed A tool for Research Education Testing http://github.com/SpiderLabs/SQLol. Why?.
E N D
Advanced SQL Injection with SQLol Daniel Crowley
Whom? Daniel CrowleyTrustwave SpiderLabs @dan_crowleydcrowley@trustwave.com
What? SQLolA configurable SQLi test-bedA tool for Research EducationTestinghttp://github.com/SpiderLabs/SQLol
Why? Existing test-beds areInflexibleSimplifiedReal-world scenarios areVariedDangerous
Why? Klingon version Heghlu'meHQaQjajvam
Why? Shakespearean version I humbly posit that the current state(With much respect to work which does precede)Of test-beds made with vulns to demonstrateIs lacking some in flexibility.
Why? Shakespearean version Two options are presented present-day,As far as when one deals with SQL:A blind injection (bool or time delay)And UNION statement hax (oh gee, how swell…)
Why? Shakespearean version Imagine we could choose how queries readAnd how our input sanitizes, oh!How nimble and specific we could beTo recreate our ‘sploit scenarios.
Why? Shakespearean version And thus is S-Q-L-O-L conceived:That we can study how to pwnDBs.
Why? tl;dr version ‘Cuz.
HOW ABOUT A DEMONSTRATION?
Deploying SQLol MAKE THE MAGIC HAPPEN
Requirements Web server of your choice with PHPADODB-supported database
Deployment Un-tar SQLol inside web root
Deployment Modify includes/database.config.php
Deployment Run database reset script
Future features Custom sanitization routinesStored procedure injectionsDatabase privilege optionsMore challenges
Like SQLol? Try XMLmao!Possible future test beds?cryptOMGrofLDAP(asLDAP)KTHXbypassXSSmh
Questions? dcrowley@trustwave.comTwitter: @dan_crowleyCode:http://github.com/SpiderLabs/SQLolhttp://www.surveymonkey.com/sourceboston12