Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Give Me a SQL Injection, I Shall PWN IIS and SQL Server

Black Hat via YouTube

Start learning Write review
Boot.dev Ad

Learn Backend Development Part-Time, Online

Learn More → Coursera Ad

40% Off All Coursera Courses

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore a comprehensive Black Hat conference talk that delves into the vulnerabilities of IIS and SQL Servers within the Microsoft ecosystem. Learn about SQL injection techniques, the relationship between IIS/SQL Server and the Microsoft JET database engine, and how these can be exploited from an attacker's perspective. Discover the potential for leveraging SQL injections in ACCESS databases beyond simply viewing unexpected data. Gain insights into circuit injection, cross-database attacks, and various attack scenarios involving Access and IIS/SQL Server. Witness demonstrations of exploits, including web shell injection and memory corruption vulnerabilities. Understand the security boundaries and implications for the Microsoft infrastructure in this 36-minute presentation by security experts Qi Deng, Bo Qu, and Tao Yan.

Syllabus

Introduction
Agenda
Who are we
Motivation
Circuit Injection
Jet Database Engine
Main Dish
Cross Database
MSJet
MS Excel
Summary
Attack Scenarios
Access Scenario
Analysis
Demo
Scenario 2 is and the second server
Example
Information
Web Shell
Core EX
Memory Copy
Destination Address Buffer
Page Description Object
Demonstration
Short Summary
Conclusion
Security Boundary

Taught by

Black Hat

Reviews

Start your review of Give Me a SQL Injection, I Shall PWN IIS and SQL Server

Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.