Latest MS SQL Server vulnerabilities revealed

From: Cesar (cesarc56_at_yahoo.com)
Date: 04/30/03

  • Next message: Daniel Ahlberg: "GLSA: balsa (200304-10)" 
    Date: Tue, 29 Apr 2003 15:49:35 -0700 (PDT)
To: bugtraq@securityfocus.com

    There are available to download, a new POC tool, paper
    and presentation on the latest MS SQL Server bugs.

    Hunting Flaws in Microsoft SQL Server Presentation

    This presentation was delivered at the Black Hat 2003
    Windows Security Conference, and illustrates many new
    Microsoft SQL Server vulnerabilities. Improvements
    that were made to Microsoft SQL Server in the new SP3
    release to fix these vulnerabilities are also
    discussed. Also, a new tool to exploit the SQL
    Injection techniques described in the paper
    Manipulating Microsoft SQL Server Using SQL Injection
    was also introduced.

    http://www.appsecinc.com/news/briefing.html#hunting

    Hunting Flaws in Microsoft SQL Server White Paper

    This paper illustrates many new Microsoft SQL Server
    vulnerabilities and how they were found. It explores
    many of the issues discussed in its counterpart
    presentation.

    http://www.appsecinc.com/news/briefing.html#hunting2

    Data Thief

    Data Thief is a “proof-on-concept” tool used to
    demonstrate to web administrators and developers how
    easy it is to steal data from a web application that
    is vulnerable to SQL Injection. Data Thief is designed
    to retrieve the data from a Microsoft SQL Server
    back-end behind a web application with a SQL Injection
    vulnerability. Once a SQL Injection vulnerability is
    identified, Data Thief does all the work of listing
    the linked severs, laying out the database schema, and
    actually selecting the data from a table in the
    application.

    http://www.appsecinc.com/resources/freetools/

    Feedback is welcome.

    NEW SECURITY LIST: For people interested in SQL Server
    security, vulnerabilities, SQL injection, etc., I'm
    starting a new mailing list you can join at:

    http://groups.yahoo.com/group/sqlserversecurity/

    Enjoy!!

    Cesar

    __________________________________
    Do you Yahoo!?
    The New Yahoo! Search - Faster. Easier. Bingo.
    http://search.yahoo.com

  • Next message: Daniel Ahlberg: "GLSA: balsa (200304-10)"

    Relevant Pages

    • Latest MS SQL Server vulnerabilities revealed.
      ... Hunting Flaws in Microsoft SQL Server Presentation ... Microsoft SQL Server vulnerabilities. ... Manipulating Microsoft SQL Server Using SQL Injection ... Data Thief is a “proof-on-concept” tool used to ...
      (NT-Bugtraq)
    • [Full-Disclosure] Latest MS SQL Server vulnerabilities revealed.
      ... Hunting Flaws in Microsoft SQL Server Presentation ... Microsoft SQL Server vulnerabilities. ... Manipulating Microsoft SQL Server Using SQL Injection ... Data Thief is a “proof-on-concept” tool used to ...
      (Full-Disclosure)
    • Latest MS SQL Server vulnerabilities revealed.
      ... Hunting Flaws in Microsoft SQL Server Presentation ... Microsoft SQL Server vulnerabilities. ... Manipulating Microsoft SQL Server Using SQL Injection ... Data Thief is a “proof-on-concept” tool used to ...
      (Vuln-Dev)
    • [REVS] Manipulating Microsoft SQL Server Using SQL Injection
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... This paper will focus on advanced techniques that can be used in an attack ... on an application utilizing Microsoft SQL Server as a backend. ... This paper will not cover basic SQL syntax or SQL Injection. ...
      (Securiteam)