TUCoPS :: Web :: Apps :: hack1112.htm

BENCHMARK() is not the only way to determine successfull MySQL injection
BENCHMARK() is not the only way to determine successfull MySQL injection 

Hello,

As far as the timing attack using BENCHMARK() is concerned, the same effect
can be achieved as follows:

1. Inject GET_LOCK(1, 60);
(this injection will return immediately regardless of success)

2. Inject GET_LOCK(1, 5);
(if successfull, this injection will return in 5 seconds rather than
immediately)

This method provides exact delays independent of CPU speed, does not load
the processor and does not require selecting an appropriate expression to
BENCHMARK().

Philip Stoev

> Whitepaper
> **********
>
> We have written a paper that accompanies this advisory. The paper
> provides details of various MySQL lockdown techniques, and a review of
> common attacks on MySQL, including SQL injection. The paper can be found
> at
>
> http://www.ngssoftware.com/papers/HackproofingMySQL.pdf 

----------------------------------------
My Inbox is protected by SPAMfighter
14126 spam mails have been blocked so far.
Download free www.spamfighter.com today!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH