Re-Playing with (Blind) SQL Injection

ShmooCon V - 2009

Presented by: Scott Moulton, Marsh Ray
Date: Sunday February 08, 2009
Time: 10:00 - 11:00
Location: Back Room
Track: Break It!

<p>SQL Injections is getting old. The 25th of December 2008 it was ten years since the first word about it, but... ten years after it still works. This session is about how to use SQL Injection techniques in some special scenarios. SQL Injeciton in mathematical functions, SQL Injectios to download quickly the whole database, Time-Based blind sql injection without delay functions and how to use Blind SQL Injections to download files from server. This session have a lot of demos and several tools. It's cool, is'n't?</p>

Links

Jose Palazon

Jose Palazon (palako) is responsible for Mobile security worldwide at Yahoo!. He is 8+ years experienced in security advisory and training, covering private companies, government and academics in both areas. His areas of expertise include mobile, web and unix systems security as well as digital forensics.

Chema Alonso

Chema Alonso is a Computer Engineer by the Rey Juan Carlos University and System Engineer by the Politécnica University of Madrid. He has been working as security consultant last eight years and had been awarded as Microsoft Most Valuable Professional since 2005 to present time. He is a Microsoft frequent speaker in Security Conferences. He writes monthly in several Spanish Technical Magazines as "Windows TI Magazine", "PC Actual" or "Hackin9". He is currently working on his PhD thesis under the direction of Dr. Antonio Guzmán and Dr. Marta Beltran.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats