March 6, 2017

The Characteristics of Modern SQL Injection Tools

Most of automatic SQL injection tools always leave many artifacts behind which is very useful when you need to identify the attacks in a large amount of access log. This is what I found when I did forensics on web attacks case. I will update this post as soon as possible if I find something new.

SQLi Dumper
  • Mixed-uppercase-lowercase command: uNion, aLl, sElEcT, cOnCat, uSeR(), vErSiOn(), dAtAbAsE(), fRoM, tAbLeS, tAble_sChEmA, tAbLe_nAmE, dIsTiNcT, gRoUp_cOnCaT, wHeRe, etc. 
  • Fixed hex? 0x217e21, 0x332150 
Havij
  • Fixed hex? 0x31303235343830303536%2C0x31303235343830303536
sqlmap

No comments:

Post a Comment