SQL injection attacks with the AMPA suite Online publication date: Sat, 26-Jul-2014
by Simone Cecchini; Diane Gan
International Journal of Electronic Security and Digital Forensics (IJESDF), Vol. 5, No. 2, 2013
Abstract: The suite of tools presented here was developed to exploit the lack of sanitisation found in user inputs that reached a target database and sometimes even the server. The focus for the design of the tools was a BLIND SQL injection, the verbosity of the attack and the possibility to inject a web shell which enabled Meterpreter to open a reverse connection. The tools demonstrate how dangerous SQL injection can be, specifically on the AMP platforms. The method of reporting and the ease of use meant that the AMPA suite was a good set of tools for professional penetration testers, who may also require flexibility and customisation from open source software. An attack using the suite will be presented and the results discussed.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Electronic Security and Digital Forensics (IJESDF):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com