DoS Attacks Using SQL Wildcards Revealed Comments

ZDNet Blogs by Dancho Danchev - May 20, '08 11:18am
Add to Favorites Add to Live.com Add to Google Add to del.icio.us Add to Yahoo! Add to Digg Add to Reddit Add to Technorati Add to StumbleUpon Yesterday, Ferruh Mavituna of Portcullis released a whitepaper entitled "DoS Attacks Using SQL Wildcards", with someĀ  insightful comments on how it's possible to multiply the attack tactics discussed to the point where not even a botnet would be needed to successfully accomplish them. Summary of the paper : This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers. This can be achieved using only the search field present in most common web applications. If an application has the following properties then it is highly possibly vulnerable to wildcard attacks: 1 - An SQL Server Backend; 2 - More than 300 records in the database and around 500 bytes of data per row; 3 - An application...
Be the first to comment this.
Name: (required)
Email:   (not displayed, optional)
URL:     (optional)
          Remember info in safe cookie
Comments: (all HTML will be stripped)

Security Code:
© 2007 · wiredb.com · All trademarks are properties of their respective owners.