SecDocs Feed for author Muhaimin Dzulfakar http://secdocs.lonerunners.net Latest security documents RSS feed for author Muhaimin Dzulfakar en-us [Video] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/39-defcon-17">DEFCON 17</a> <br/> Sun, 07 Mar 2010 17:22:29 +0100 http://secdocs.lonerunners.net/documents/details/2171-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/2171-advanced-mysql-exploitation [Paper] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/39-defcon-17">DEFCON 17</a> <br/> Sun, 07 Mar 2010 17:22:27 +0100 http://secdocs.lonerunners.net/documents/details/2170-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/2170-advanced-mysql-exploitation [Slides] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/39-defcon-17">DEFCON 17</a> <br/> Sun, 07 Mar 2010 17:22:26 +0100 http://secdocs.lonerunners.net/documents/details/2169-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/2169-advanced-mysql-exploitation [Audio] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/39-defcon-17">DEFCON 17</a> <br/> Sun, 07 Mar 2010 17:22:24 +0100 http://secdocs.lonerunners.net/documents/details/2168-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/2168-advanced-mysql-exploitation [Video] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <a href="http://secdocs.lonerunners.net/tags/details/83-exploiting">exploiting</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/31-har-2009">HAR 2009</a> <br/><b>Abstract</b>: Attackers performing SQL injection on a MySQL platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution compared to other platforms. This talk will show that arbitrary code execution is possible on the MySQL platform and explain the techniques. In this presentation, the author will demonstrate the tool he wrote, titled MySqloit. This tool can be integrated with metasploit and is able to upload and execute shellcodes using a SQL Injection vulnerability in LAMP or WAMP environments. Tue, 06 Oct 2009 20:27:00 +0200 http://secdocs.lonerunners.net/documents/details/1356-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/1356-advanced-mysql-exploitation [Slides] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <a href="http://secdocs.lonerunners.net/tags/details/83-exploiting">exploiting</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/31-har-2009">HAR 2009</a> <br/><b>Abstract</b>: Attackers performing SQL injection on a MySQL platform must deal with several limitations and constraints. For example, the lack of multiple statements in one query makes MySQL an unpopular platform for remote code execution compared to other platforms. This talk will show that arbitrary code execution is possible on the MySQL platform and explain the techniques. In this presentation, the author will demonstrate the tool he wrote, titled MySqloit. This tool can be integrated with metasploit and is able to upload and execute shellcodes using a SQL Injection vulnerability in LAMP or WAMP environments. Tue, 06 Oct 2009 20:25:00 +0200 http://secdocs.lonerunners.net/documents/details/1355-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/1355-advanced-mysql-exploitation [Paper] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/30-black-hat-usa-2009">Black Hat USA 2009</a> <br/> Sat, 05 Sep 2009 19:27:00 +0200 http://secdocs.lonerunners.net/documents/details/1243-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/1243-advanced-mysql-exploitation [Slides] Advanced MySQL Exploitation <b>Authors</b>: <a href="http://secdocs.lonerunners.net/authors/details/463-muhaimin-dzulfakar">Muhaimin Dzulfakar</a> <br/><b>Tags</b>: <a href="http://secdocs.lonerunners.net/tags/details/10-mysql">MySQL</a> <a href="http://secdocs.lonerunners.net/tags/details/70-sql-injection">SQL injection</a> <br/><b>Event</b>: <a href="http://secdocs.lonerunners.net/events/details/30-black-hat-usa-2009">Black Hat USA 2009</a> <br/> Sat, 05 Sep 2009 19:21:00 +0200 http://secdocs.lonerunners.net/documents/details/1242-advanced-mysql-exploitation http://secdocs.lonerunners.net/documents/details/1242-advanced-mysql-exploitation