Data Retrieval over DNS in SQL Injection Attacks

Authors: Miroslav Stampar

arXiv: 1303.3047v1 - DOI (cs.CR)
7 pages, 3 figures, 1 table. Presented at PHDays 2012 security conference, Moscow, Russia
License: NONEXCLUSIVE-DISTRIB 1.0

Abstract: This paper describes an advanced SQL injection technique where DNS resolution process is exploited for retrieval of malicious SQL query results. Resulting DNS requests are intercepted by attackers themselves at the controlled remote name server extracting valuable data. Open source SQL injection tool sqlmap has been adjusted to automate this task. With modifications done, attackers are able to use this technique for fast and low profile data retrieval, especially in cases where other standard ones fail.

Submitted to arXiv on 12 Mar. 2013

Explore the paper tree

Click on the tree nodes to be redirected to a given paper and access their summaries and virtual assistant

Also access our AI generated Summaries, or ask questions about this paper to our AI assistant.

Look for similar papers (in beta version)

By clicking on the button above, our algorithm will scan all papers in our database to find the closest based on the contents of the full papers and not just on metadata. Please note that it only works for papers that we have generated summaries for and you can rerun it from time to time to get a more accurate result while our database grows.