Description: https://www.defcon.org/images/defcon-17/dc-17-presentations/defcon-17-joseph_mccray-adv_sql_injection.pdf
SQL Injection is a vulnerability that is often missed by web application security scanners, and it's a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.
Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.
The key areas are: IDS Evasion, Web Application Firewall Bypass Privilege Escalation Re-Enabling stored procedures Obtaining an interactive command-shell Data Exfiltration via DNS
Tags: securitytube , defcon , def con , hacking , hackers , information security , convention , computer security , DC 17 , Defcon 17 , dc-17 ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.