[转载]Manipulating Microsoft SQL Server Using SQL Injection
原始出处:[url]http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf[/url]This paper will not cover basic SQL syntax or SQL Injection. It is assumed that the reader has a strong understanding of these topics already. This paper will focus on advanced techniques that can be used in an attack on a (web) application utilizing Microsoft SQL Server as a backend. These techniques demonstrate how an attacker could use a SQL Injection vulnerability to retrieve the database content from behind a firewall and penetrate the internal network.
页:
[1]