Secdocs

Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Advanced MySQL Exploitation

General Info
Type
Slides
Tags
exploiting, MySQL, SQL injection
Authors
Muhaimin Dzulfakar
Event
HAR 2009
Indexed on
Mar 25, 2013
File details
URL
https://har2009.org/program/attachments/135_advanced_mysql_exploitation_slides.pptx
File name
135_advanced_mysql_exploitation_slides.pptx
File size
674.0 KB
MD5
b9cd314b8c8e3ea18e7117c860939d1c
SHA1
3004012edec9fc674a7c5aa80dcb3973f907eb53
Abstract

Attackers performing SQL injection on a MySQL platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution compared to other platforms. This talk will show that arbitrary code execution is possible on the MySQL platform and explain the techniques. In this presentation, the author will demonstrate the tool he wrote, titled MySqloit. This tool can be integrated with metasploit and is able to upload and execute shellcodes using a SQL Injection vulnerability in LAMP or WAMP environments.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.

Statistics

Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.

Contribute

To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !