this might help:

http://www.notsosecure.com/folder2/2011/07/06/appsecusa-ctf-another-write-up/

More insight into the course:

http://www.toolswatch.org/2013/05/the-art-of-exploiting-injection-flaws-at-black-hat-vegas-2013/

here is a small podcast featuring me on pauldotcom, which gives an insight into the course

http://www.ustream.tv/recorded/31958833

Thanks Maxe,

Just for the benefit for anyone who is not familiar with course content, the topics which might be of interest to them which the course covers:

Oracle SQLI- how do execute code, how to do priv esc from web app, OOB
extraction might be of interest to you. Examples of burp pro missing
SQLI. Injection in order by/group by, 2nd order injection etc.
Stuff on XPATH is pretty awesome. I will show a new attack with which
you can not just read any arbitrary XML file on system but any file
with any extension.
LDAP- some really good example of auth bypass and blind ldap tool.
XXE- not too new stuff but good pointer on where to look for these.
Direct code injection- examples of recent ruby on rail and other
framework issues such as expression query language injection etc

Hope to meet some of the fellow ethicalhacker members at Black hat!

Sid

The popular course, The Art of Exploiting Injection Flaws will return to Black Hat Las Vegas in July 2013. The OWASP top 10 2013 RC has retained Injection flaw as still the top threat to web applications. Learn advanced SQLI, as well as some new, neat and ridiculous hacks in LDAP, XPATH, XXE, HQLI, direct code (ala RoR flaw) etc.

More details here:

http://blackhat.com/us-13/training/the-art-of-exploiting-injection-flaws.html

Identify, extract, escalate, execute.. need we say more?

A few seats still left in the course. The course has been completely re-written and contains only relevant/advanced instances/examples.

Such as SQLI in orderby, group by etc
SQL in stored procedures
double encoding
Injection in cookies, headers
OS code exec by UDF Injection
and loads more..

See you there!
https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

Thanks
Sid
www.notsosecure.com

here is a video preview of the training:

http://www.youtube.com/watch?v=6pg-lRv8XTQ

only a few seats left......

There are still a few seats left in the upcoming course on exploiting injection flaws at Appsec DC. The course will take place on April 2nd and 3rd.

The abstract of the course is:

OWASP rates injection flaws as the most critical vulnerability within the Top 10 most Critical Web Application Security Risks under the OWASP Top 10 project. http://www.owasp.org/index.php/Top_10_2010-A1. This hands-on session will only focus on the injection flaws and the attendees will get an “in-depth” understanding of the flaws arising from this vulnerability. The topics covered in the class are, SQL Injection, XPATH Injection, LDAP Injection, Hibernate Query Language Injection, Direct OS Code Injection, and XML Entity Injection. The workshop covers classical issues such as SQL Injection, which is an oldie yet very relevant in today’s scenario as well as some lesser known injection flaws such as LDAP, XPATH and XML Injection. During the 2 days course, the attendees will have access to a number of challenges for each flaw and they will learn a variety of exploitation techniques used by the attackers in the wild. Identify, extract, escalate, execute; we have got it all covered.

Please register here:
http://www.regonline.com/builder/site/Default.aspx?EventID=1021433

Course page:
http://appsecdc.org/training/

For more info contact me at:
sid-at-notsosecure(dot)com

Topics like sub-query are indeed covered. We start from very basic SQL Injection; authentication bypass and then gradually move to advanced topics such as blind injection, extracting data with out-of-band channels (like DNS), time based SQLI, heavy query, injection in order by, group by, limit etc. There are as many as 15 exercises to practice every technique. 

There are a few seats left on the course "The Art of exploiting SQL Injection" at Black hat Las Vegas. More details can be found here:

https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

Hello All,

This year at Black Hat Las vegas, I will be hosting a 1 day training course on the most popular web app hacking technique 'SQL Injection'.

Here is the abstract of the course:

"This is a full day hands on training course which will typically target penetration testers, security auditors/administrators and web developers to learn advanced exploitation techniques. SQL Injection, although now nearly 15 years old, still exists in over 30% of the web applications. This vulnerability could typically result in 3 scenarios:

Authentication Bypass
Extraction of arbitrary sensitive data from the database
Access and compromise of the internal network.
This training will target 3 databases:

MS-SQL
MySQL
Oracle

and discuss a variety of exploitation techniques to exploit each scenario. The aim of the training course is to address the following:

Understand the problem of SQL Injection
Learn a variety of advanced exploitation techniques which hackers use
Learn how to fix the problem
Identify, extract, escalate, execute; we have got it all covered.

More details can be found here:
https://www.blackhat.com/html/bh-us-12/training/courses/bh-us-12-training_exploiting-sql-injection.html

There are a few seats still left and the course will sell-out very soon. If you require more details feel free to contact me at sid-at-notsosecure-dot-com

Thanks
Sid

Overview: The two-day hands-on course will teach the audience the security problems related to Oracle database. The training covers a variety of security problems arising from flaws such as insecure design, insecure features/packages, insecure PL/SQL code, patch management, weak passwords etc. The second day will focus on securing and hardening databases using built-in oracle features along with a number of externally available scripts and tools. Implementing auditing solutions will also be a part of the training. The audience will have access to an infrastructure with a number of Oracle components deployed, and they will be encouraged to identify/exploit/patch security vulnerabilities as they learn them. The training will provide software developers understanding of writing secure PL/SQL code, DBAs the understanding of thorough auditing of the database and penetration testers the understanding of how to break the unbreakable Oracle.

Registration Page: http://blackhat.com/html/bh-us-11/training/kornbrust-siddharth-oracle.html

Course Teaser: http://www.youtube.com/watch?v=ovtMgkh2tAI

Dates: July 30-31, August 1-2

Limited Seats!!!!! A must-do for DBAs!
2 hours ago