DEFCON 16: Time-Based Blind SQL Injection using heavy queries

Speakers: Chema Alonso, Microsoft MVP Windows Security,Informática64 José Parada, Microsoft IT Pro Evangelist,Microsoft This presentation describes how attackers could take advantage of SQL Injection vulnerabilities using time-based blind SQL injection. The goal is to stress the importance of establishing secure development best practices for Web applications and not only to entrust the site security to the perimeter defenses. This article shows exploitation examples for some versions of Microsoft SQL Server, Oracle DB Engine,MySQL and Microsoft Access database engines, nevertheless the presented technique is applicable to any other database product in the market. This work shows a NEW POC Tool. For more information visit: To download the video visit:

Be Sociable, Share!

Technorati Tags: , , , , , ,

3 thoughts on “DEFCON 16: Time-Based Blind SQL Injection using heavy queries

  1. Cheers favorable on the proficient information. Narmally fair-minded wen up! My spouse and i repeatedly accomplish certainly not expanding in those nevertheless stew over anyone does a new animatedly buddy-buddy despoile along with I’m undoubted a lot of people suavity your a lesser amount of at just about any rate.

  2. This is certainly many of these a fantastic contraption who you might be rendering and also deliver it again apart for the purpose of free of charge. I just really like looking at sites who realize typically the worth from providing some high quality source for the purpose of zero cost. It might be typically the old what close to is available around regular …

  3. This is a comment to the website owner. Does your website get enough traffic or rank for search terms with Google? Well we can help! We can provide you with a safe tiered link building system! This will help your rankings in the search engines and make your website more visible to your target audience. Take a quick look as I am sure you will be interested.

Leave a Reply

Your email address will not be published. Required fields are marked *