[Full-disclosure] SQL DB Structure Extraction vulnerabilities
me at b3nji.com
Sat Mar 20 19:30:46 GMT 2010
oh dude, I've missed you.
On Wed, Mar 17, 2010 at 9:36 PM, MustLive <mustlive at websecurity.com.ua>wrote:
> Hello Full-Disclosure!
> Yesterday I wrote English version of my article SQL DB Structure Extraction
> vulnerabilities (http://websecurity.com.ua/4038/).
> There is such variety of Information Leakage vulnerabilities as SQL DB
> Structure Extraction. This vulnerability lie in that there is information
> leakage in web application about structure of the database. This
> leakage can be of use at SQL Injection attack.
> Such vulnerability I found first time already in 2006 (at one site) and
> it this name. Such vulnerabilities I found at many web sites and also in
> many web applications.
> In the article I talked about SQL DB Structure Extraction, different
> variants of SQL Errors (three variants) and about difference between SQL DB
> Structure Extraction and SQL Error.
> You can read the article SQL DB Structure Extraction vulnerabilities at my
> site: http://websecurity.com.ua/4038/
> Best wishes & regards,
> Administrator of Websecurity web site
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.