March 6, 2017

The Characteristics of Modern SQL Injection Tools

Most of automatic SQL injection tools always leave many artifacts behind which is very useful when you need to identify the attacks in a large amount of access log. This is what I found when I did forensics on web attacks case. I will update this post as soon as possible if I find something new.

SQLi Dumper
  • Mixed-uppercase-lowercase command: uNion, aLl, sElEcT, cOnCat, uSeR(), vErSiOn(), dAtAbAsE(), fRoM, tAbLeS, tAble_sChEmA, tAbLe_nAmE, dIsTiNcT, gRoUp_cOnCaT, wHeRe, etc. 
  • Fixed hex? 0x217e21, 0x332150 
  • Fixed hex? 0x31303235343830303536%2C0x31303235343830303536

No comments:

Post a Comment