Binary data fetching through SQLi
Posted on February 23, 2009 in Research • Tagged with binary data, blob, data casting, SQL Injection • 5 min read
Table of contents
1. Introduction
2. How BLOB storage works
3. Casting binary data
3.1 MySQL
3.2 PostgreSQL
3.3 SQL Server
4. References
1. Introduction
Exploiting a SQL injection flaw in a web application can give the attacker full control of the remote DBMS. One of the major consequences of exploiting consists in fetching all or part of the data stored in the database.
In several cases, like a web application that stores images on the database, the attacker has to deal with binary data.
Follows some techniques to fetch binary data via a SQL injection flaw …
Continue reading