Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US
Posted by: notsosecure
Date: May 03, 2012 02:18PM

Hello All,

Still a few seats left on the Advanced SQL Injection course at Black Hat.

The course details and registration page can be found here:

https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

There is a small video preview here:

http://www.youtube.com/watch?v=6pg-lRv8XTQ

Identify, extract, escalate, execute; we have got it all covered.....

Options: ReplyQuote
Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US
Posted by: notsosecure
Date: June 03, 2012 04:07AM

A few seats still left in the course. The course has been completely re-written and contains only relevant/advanced instances/examples.

Such as:

SQLI in orderby, group by etc
SQL in stored procedures
double encoding/decoding
GBK and other encoding
Injection in cookies, headers
OS code exec by UDF Injection
2nd order injection
and loads more..


http://blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

See you there!
Thanks
Sid
www.notsosecure.com

Options: ReplyQuote
Re: The Art of Exploiting SQL Injection: 1 day hands on training at Black Hat US
Posted by: notsosecure
Date: June 05, 2012 02:12AM

a little sneak preview:

can you spot the problem here:

http://pastebin.com/h4M5xVjT

does your favourite SQLI tool know how to exploit this?

Thanks
Sid

Options: ReplyQuote


Sorry, only registered users may post in this forum.