| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
SQL Injection vulnerabilities are old-hat, but there are many web
applications in production that are still prone to this flaw. One subclass of
these are websites that serve PDF documents from dynamically-built URLs. We
demonstrate that, in certain cases, trusted websites prone to SQLi that also
deliver binary file content such as PDFs can be used surreptitiously for
stealthy data extraction and obfuscated malware delivery, even when database
security is otherwise configured properly. The talk is based on findings from a
real-world application penetration test.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast