Home / Series / BSides Las Vegas / Aired Order / Season 2012 / Episode 14

Mirror Mirror - Reflected PDF Attacks Using SQL Injection

SQL Injection vulnerabilities are old-hat, but there are many web applications in production that are still prone to this flaw. One subclass of these are websites that serve PDF documents from dynamically-built URLs. We demonstrate that, in certain cases, trusted websites prone to SQLi that also deliver binary file content such as PDFs can be used surreptitiously for stealthy data extraction and obfuscated malware delivery, even when database security is otherwise configured properly. The talk is based on findings from a real-world application penetration test.

English
  • Originally Aired July 25, 2012
  • Created July 4, 2019 by
    Administrator admin
  • Modified July 4, 2019 by
    Administrator admin
Name Type Role
Shawn Asmus Guest Star
Kristov Widak Guest Star