tag:blogger.com,1999:blog-7122745763234660283.post5790043002357425626..comments2010-11-09T14:24:40.712-08:00Minded Securityhttp://www.blogger.com/profile/01503616812076743415noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-7122745763234660283.post-67253890142802421362010-11-09T14:24:40.712-08:002010-11-09T14:24:40.712-08:00@Stefano, really nice trick. The only problem of this trick AFAIK is that MySQL needs to be restarted after you create the trigger files in order to work.Nuno Loureirohttp://blog.sig9.netnoreply@blogger.comtag:blogger.com,1999:blog-7122745763234660283.post-58084452208400113472010-04-22T03:22:52.627-07:002010-04-22T03:22:52.627-07:00@Stefano, yes definitely. I will plan to add support for it.<br /><br />@Luca: to complete Ferruh&#39;s cheatsheet you can merge the details of my paper. The new bits follow:<br />* Oracle by design does not support stacked queries in any language.<br />* MySQL only on ASP.NET.<br />* PostgreSQL on ASP/ASP.NET/PHP, don&#39;t really know in JSP/Java.Bernardo Damele A. G.http://www.blogger.com/profile/09559797097905287612noreply@blogger.comtag:blogger.com,1999:blog-7122745763234660283.post-47988862320409189372010-04-21T08:43:04.436-07:002010-04-21T08:43:04.436-07:00@luca <br />agree, this is, in fact, more than a stacked query :)<br /><br />Is more a raising in the impact.<br />And I expect people to get some good exploitable crash on table formats to gain shell access.Minded Securityhttp://www.blogger.com/profile/01503616812076743415noreply@blogger.comtag:blogger.com,1999:blog-7122745763234660283.post-6786936221110186992010-04-21T08:36:33.686-07:002010-04-21T08:36:33.686-07:00As Bernardo has already pointed out, stacked queries depend on the language/dbms combination. <br /><br />It will be really useful to complete the &quot;Language/Database Stacked Query Support Table&quot; in Ferruh&#39;s cheatsheet http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/<br /><br />Cheers!Luca Carettonihttp://www.blogger.com/profile/09957564681262364569noreply@blogger.comtag:blogger.com,1999:blog-7122745763234660283.post-43599277760790401492010-04-21T06:07:17.377-07:002010-04-21T06:07:17.377-07:00nice one!<br /><br />sid<br />www.notsosecure.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-7122745763234660283.post-28216102566922905262010-04-21T03:56:33.930-07:002010-04-21T03:56:33.930-07:00Bernardo, <br />very fast response! :)<br />I already read your very good paper but I missed the ASP.NET &quot;feature&quot;!<br />Good to know that.<br /><br />Thanks a lot and keep up the good work.<br />(do you think this technique could be a new feature on SQLMap? :)<br /><br />StefanoStefano Di Paolahttp://www.blogger.com/profile/18241677936736054546noreply@blogger.comtag:blogger.com,1999:blog-7122745763234660283.post-66334721034964723672010-04-21T03:44:27.922-07:002010-04-21T03:44:27.922-07:00Stefano,<br /><br />Nice post!<br />By the way, not only MSSQL supports stacked queries via SQL injection: on MySQL/ASP.NET and PostgreSQL with ASP/ASP.NET/PHP it is possible to use stacked queries via SQL injection too.<br />If you are interested, see my whitepaper, http://sqlmap.sourceforge.net/doc/BlackHat-Europe-09-Damele-A-G-Advanced-SQL-injection-whitepaper.pdf for details.<br /><br />BernardoBernardohttp://bernardodamele.blogspot.comnoreply@blogger.com