Skip navigation

SQL injection attacks with the AMPA suite

SQL injection attacks with the AMPA suite

Cecchini, Simone and Gan, Diane ORCID: 0000-0002-0920-7572 (2013) SQL injection attacks with the AMPA suite. International Journal of Electronic Security and Digital Forensics, 5 (2). pp. 139-160. ISSN 1751-911X (Print), 1751-9128 (Online) (doi:https://doi.org/10.1504/IJESDF.2013.055051)

Full text not available from this repository.

Abstract

The suite of tools presented here was developed to exploit the lack of sanitisation found in user inputs that reached a target database and sometimes even the server. The focus for the design of the tools was a BLIND SQL injection, the verbosity of the attack and the possibility to inject a web shell which enabled Meterpreter to open a reverse connection. The tools demonstrate how dangerous SQL injection can be, specifically on the AMP platforms. The method of reporting and the ease of use meant that the AMPA suite was a good set of tools for professional penetration testers, who may also require flexibility and customisation from open source software. An attack using the suite will be presented and the results discussed.

Item Type: Article
Additional Information: [1] Published in International Journal of Electronic Security and Digital Forensics (2013) Vol. 5, No. 2 - Special Issue: on Cybercrime Prevention, Detection and Response. Guest Editors: Dr. Ameer Al-Nemrat and Dr. George R. S. Weir.
Uncontrolled Keywords: PHP, MySQL, Apache, BLIND SQL injection, UNION SELECT, PHP shell, AMP platforms, injecting through proxy, SQLInjector, SQLInstillator, AMPAnasia, Meterpreter reverse shell, AMPAsuite, web application security, security flaws, SQL injection attacks
Subjects: Q Science > QA Mathematics
Pre-2014 Departments: School of Computing & Mathematical Sciences
Related URLs:
Last Modified: 14 Oct 2016 09:24
URI: http://gala.gre.ac.uk/id/eprint/9963

Actions (login required)

View Item View Item