SQL injection attacks with the AMPA suite
    
    Cecchini, Simone and Gan, Diane ORCID: https://orcid.org/0000-0002-0920-7572
  
(2013)
SQL injection attacks with the AMPA suite.
    International Journal of Electronic Security and Digital Forensics, 5 (2).
     pp. 139-160.
     ISSN 1751-911X (Print), 1751-9128 (Online)
  
  
	 (doi:10.1504/IJESDF.2013.055051)
  
Abstract
The suite of tools presented here was developed to exploit the lack of sanitisation found in user inputs that reached a target database and sometimes even the server. The focus for the design of the tools was a BLIND SQL injection, the verbosity of the attack and the possibility to inject a web shell which enabled Meterpreter to open a reverse connection. The tools demonstrate how dangerous SQL injection can be, specifically on the AMP platforms. The method of reporting and the ease of use meant that the AMPA suite was a good set of tools for professional penetration testers, who may also require flexibility and customisation from open source software. An attack using the suite will be presented and the results discussed.
| Item Type: | Article | 
|---|---|
| Additional Information: | [1] Published in International Journal of Electronic Security and Digital Forensics (2013) Vol. 5, No. 2 - Special Issue: on Cybercrime Prevention, Detection and Response. Guest Editors: Dr. Ameer Al-Nemrat and Dr. George R. S. Weir. | 
| Uncontrolled Keywords: | PHP, MySQL, Apache, BLIND SQL injection, UNION SELECT, PHP shell, AMP platforms, injecting through proxy, SQLInjector, SQLInstillator, AMPAnasia, Meterpreter reverse shell, AMPAsuite, web application security, security flaws, SQL injection attacks | 
| Subjects: | Q Science > QA Mathematics | 
| Pre-2014 Departments: | School of Computing & Mathematical Sciences | 
| Related URLs: | |
| Last Modified: | 14 Oct 2016 09:24 | 
| URI: | http://gala.gre.ac.uk/id/eprint/9963 | 
Actions (login required)
|  | View Item | 
 Tools
 Tools Tools
 Tools