1 / 12

Remote Web Application Disassembly with ODBC error messages

Remote Web Application Disassembly with ODBC error messages. Welcome!. David Litchfiel d. (dlitchfield@atstake.com). SUMMARY. 1. Basic Issue. 2. Web Application Disassembly. 3. Temporary Stored Procedures. 4. Risk Prevention. What is SQL ?. Structured Query Language.

onan
Download Presentation

Remote Web Application Disassembly with ODBC error messages

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Remote Web Application Disassemblywith ODBC error messages

  2. Welcome! David Litchfield (dlitchfield@atstake.com)

  3. SUMMARY 1. Basic Issue 2. Web Application Disassembly 3. Temporary Stored Procedures 4. Risk Prevention

  4. What is SQL ? Structured Query Language Database Server Strings Select * from tbl where name=‘string’

  5. Web Servers ASP & IIS Feeds Into a SQL Server

  6. Strings & Single Quotes SELECT * FROM TBL WHERE NAME = ‘FOO’ SELECT * FROM TBL WHERE NAME = ‘FO’O’ SELECT * FROM TBL WHERE NAME = ‘FO’ SELECT * FROM TBL2 --O’

  7. Web Application Disassembly Structure of the database - Table names - Columns - Data Types

  8. Let’s Start Single Quote Group By Compute Sum

  9. Creating a Log in Account ‘ insert into tblusers (username,password) values (‘foo’,’bar’) ACCOUNT CREATION SUCCESSFUL

  10. Temporary Stored Procedures XP_CMDSHELL CREATE PROC MS00-048 EXECUTE

  11. Risk Prevention Replace IIS App Properties

  12. QUESTIONS ? Thank You

More Related