advertisement

DoS Attacks Using Sql Wildcards

50 %
50 %
advertisement
Information about DoS Attacks Using Sql Wildcards

Published on August 13, 2008

Author: fmavituna

Source: slideshare.net

Description

DoS Attacks Using Sql Wildcards
advertisement

DO S A TTACKS USING SQL W ILDCARDS Ferruh Mavituna www.portcullis-security.com This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications1. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks: 1- An SQL Server Backend; 2- More than 300 records in the database and around 500 bytes of data per row; 3- An application level search feature. As you might notice I have just described 90% of Microsoft SQL Server based CMSs, blogs, CRMs and e-commerce web applications. Other databases could be vulnerable depending on how the applications implement search functionalities although common implementation of the search functionality in SQL Server back-end applications is vulnerable. S EARCH Q UERIES The SQ

Add a comment

Related pages

O TTACKS SING WILDCARDS - Home | Portcullis Labs

6 Ferruh Mavituna, DoS Attacks Using SQL Wildcards An infinite loop with some expensive functions17 will consume the CPU as soon as the connection
Read more

DoS Attacks Using SQL Wildcards Revealed | ZDNet

Yesterday, Ferruh Mavituna of Portcullis released a whitepaper entitled "DoS Attacks Using SQL Wildcards", with some insightful comments on how it's ...
Read more

Strictly Software: SQL Denial of Service Attacks

SQL Denial of Service (DOS) attacks - Using SQL for DOS Attacks ... that are also used as wildcards in LIKE statements are either escaped or stripped out. ...
Read more

DoS Attacks Using SQL Wildcards | Portcullis Labs

This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in ...
Read more

DoS attacks using SQL Wildcards - White Paper - CXSecurity.com

This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers using only the search field present in most common web ...
Read more

How to use wildcard characters in the SQL-SELECT statement ...

How to use wildcard characters in the SQL-SELECT statement in Visual FoxPro Email ... wildcard character usedwith MS-DOS.
Read more

Testing for SQL Wildcard Attacks (OWASP-DS-001) - OWASP

Testing for SQL Wildcard Attacks: ... To test against application layer DoS attacks, ... DoS Attacks Using SQL Wildcards;
Read more

Files ≈ Packet Storm

DoS Attacks Using SQL Wildcards - This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. tags | paper MD5 ...
Read more

Bryan Avery - Blog | Denial Of Service (DoS) attacks via ...

SQL Wildcard attacks force the underlying database to carry out CPU-intensive queries by using several wildcards. This vulnerability generally exists in ...
Read more