.

SQL / OS / LDAP Injection

<<

Civilsurvivor

User avatar

Newbie
Newbie

Posts: 3

Joined: Thu Apr 19, 2012 7:34 am

Post Thu Apr 19, 2012 7:39 am

SQL / OS / LDAP Injection

*I hope this is in the correct section, if not can a moderate take me to the correct section*

Hi, Im currently writing a report for university around SQL / OS / LDAP injections, would any of you fine people have any suggestions to papers, journals, books or reports people have written that would be worth the read towards my research?

Cheers!
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Apr 19, 2012 8:41 am

Re: SQL / OS / LDAP Injection

Welcome to the forums.

Is this in the context of web applications? If so, The Web App Hackers Handbook (2nd) covers all of those items extensively: http://www.amazon.com/The-Web-Applicati ... b_title_bk

www.exploit-db.com hosts a lot of papers, and they likely have some on those topics (the quality here can vary quite a bit). The SANS Reading Room hosts the papers that have been written for their Gold certifications, and they may also have some papers of interest: http://www.sans.org/reading_room/
The day you stop learning is the day you start becoming obsolete.
<<

Civilsurvivor

User avatar

Newbie
Newbie

Posts: 3

Joined: Thu Apr 19, 2012 7:34 am

Post Thu Apr 19, 2012 10:53 am

Re: SQL / OS / LDAP Injection

Thank you, its in contex to the type of attacks in general, i might shorten the report to SQL / OS since ive struggled finding LDAP information.

I use SANS quite requently but thank you for getting back to me ill be sure to look at the exploit db and i have a similar book to the web app hackers handbook
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Apr 19, 2012 1:55 pm

Re: SQL / OS / LDAP Injection

WAHH2 contains LDAP as well. Even if you have a similar book, I'd encourage you to pick that one up too. It's easily the best book on the subject.

Also, once you understand these types of injection attacks from the perspective of a web application, you should find the same principles are also applicable to other technologies.
The day you stop learning is the day you start becoming obsolete.
<<

Civilsurvivor

User avatar

Newbie
Newbie

Posts: 3

Joined: Thu Apr 19, 2012 7:34 am

Post Thu Apr 19, 2012 5:49 pm

Re: SQL / OS / LDAP Injection

haha, the reason why it's so similar because it's the first edition of the book, borrowed it from a friend, thank you for the information!
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Apr 20, 2012 2:23 am

Re: SQL / OS / LDAP Injection

If you want to learn more about the nature of these attacks i suggest you look at the very first disclosure of the vulnerabilitiy. A nice example would be smashing the stack for fun and profit regarding to buffer overflows (http://insecure.org/stf/smashstack.html) which gives great information about how the attack actually works. Now there are several sites and papers that outline these attacks for you. Almost all show you the how, but most are missing the why, which i think you are looking for.

after some googling i saw that even wikipedia has a nice writeup explaining SQL-injection. i guess the underground is not the only place any more to find such information.

Oh and remember that OWASP has alot of information also.
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net

Return to Programming

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software