Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > network management > Content
Hot Articles
The share network manage
Can Inforenz crack the c
NUUO Surveillance Softwa
NUUO helps prevent accid
Aladdin's HASP Secures C
North Somerset Council p
BT4 Internet Settings sk
The discovery discovers
Batch open 3389 port pro
The share network manage
Pubwin2007 explains all
The computer password ex
SQL pours into the new t
VoIP security crack anal
OpenSSH Buffer Managemen
Recommend Articles
The expert analyzes ten
Safeguard system clean n
Graphic solution IE8 man
SQL pours into the new t
Why can't hundreds of th
Prevents the hacker to i
Teaches you to close the
The share network manage
Chats in local area netw
About the network connec
Let the network transmis
Explains in detail virtu
To hoodlum software and
Careful system initiatio
The common wooden horse
New Articles
The GHOST of Win7 before
Windows 7 of VMware wire
Examples of skills again
360 security experts war
Give oneself of the Inte
Ensure the Web applicati
Banned WVS scanner scann
By 2010, the introductio
Website backlinks going
Win7 desktop screen
Protection were cloud se
Ensure the effective DNS
Talk about ADSL safety p
Expose a seo's attack mo
Linux (RHEL5) regular se
SQL pours into the new threat: Will challenge the operating system security
  Add date: 07/09/2008   Publishing date: 07/09/2008   Hits: 39
Total 2 pages, Current page:1, Jump to page:
 
Recent SQL pours into the attack to demonstrate that uses the multistage attacks which SQL pours into to be possible to provide to operating system's interactive GUI (graphical user interface) visits.

    A Europe's researcher discovered that SQL pours into and is not only to attack the database and the homepage, this area of influence huge attack storm may also take enters operating system's stepping-stone.

    The Portcullis computer security's high-level seepage tested personnel Alberto Revelli to demonstrate one kind of multistage attack on Tuesday at London's EUSecWest congress, it used may fundamentally give the aggressor to carry on alternately GUI way visit to the first floor operating system.

    Revelli is also called by the people “icesurfer”, he pointed out that the now database management system has some tools and the function module, may direct and the operating system and the network joint. He said that “this means that if I may pour into through SQL attack a Web application procedure, not only I on limit to the memory in the database data, moreover I may also try to obtain main engine's interactive visit which (database management system) is at to DBMS.”

    His attack, unifies SQL to pour into methods and so on attack, IPS, to Web application procedure firewall's escape, the goal is explains system manager's password for the force, takes its attack the Web application procedure the preliminary stage. Revelli said that “in these situations, the Web application procedure is achieves the true goal one kind of stepping-stone, is also arrives deploys DBMS the main engine.”Demonstrates before EUSec, he one is maintaining really secretly some details.

    He said that this kind of attack permits the aggressor on the system which receives destroys the run command, and may see the attack the result. “usually in the situation, this kind of attack can cause to enter DOS (disk operating system) to prompt the symbol, it not very formidable. My viewpoint has the possibility to go forward again one step, will obtain in many situations visit to long-distance database server tabletop presente in figures and diagrams.”

    Revelli will use Microsoft's SQL Server in its demonstration to take the demonstration, but he said that this kind of attack is suitable for all data bank technology. These weakness and not only exist in the database software, moreover the Web application procedure, the firewall ruleset, other dispositions also cause this kind possibly to attack into. “will constitute this kind of attack each constituent to use each crack or construction different part some kind of wrong disposition.”

    Once the aggressor has obtained to the database long-distance access, he may examine the document, seizes the data, closes the database, even captures the network thoroughly.

    This week Revelli also plans issued that his Sqlninja attacks a tool's new edition, he will use this kind of tool in the demonstration.

 
Other pages: : 1 * 2 * Next>>
Prev:Graphic solution IE8 many security features are not hung horse influence (figure) Next:Why can't hundreds of thousands of equipment block the hacker attack

Comment:

Category: Home > network management
Home