sqlmap-users

[sqlmap-users] sqlmap 0.7 to be released at Black Hat Europe 2009

[Bernardo D. A. G. <ber...@gm...>]

Hi,

I have been selected as a speaker[1] for Black Hat Europe 2009
Briefings[2]! I am scheduled[3] to talk on April 16 at 12:00.

My presentation is titled "Advanced SQL Injection exploitation to
operating system full control" and the abstract is as follows:

--8<--
Over ten years have passed since a famous hacker coined the term "SQL
injection" and it is still considered one of the major web application
threats, affecting over 70% of web application on the Net. A lot has
been said on this specific vulnerability, but not all of the aspects
and implications have been uncovered, yet.

It's time to explore new ways to get complete control over the
database management system's underlying operating system through a SQL
injection vulnerability in those over-looked and theoretically not
exploitable scenarios: From the command execution on MySQL and
PostgreSQL to a stored procedure's buffer overflow exploitation on
Microsoft SQL Server. These and much more will be unveiled and
demonstrated with my own tool's [sqlmap] new version that I will
release at the Conference.
--8<--

The Conference will take place on April 14 - 17, 2009 at Moevenpick
Hotel City Centre in Amsterdam (The Netherlands), don't miss it if you
can!

[1] http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele
[2] http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html
[3] http://www.blackhat.com/html/bh-europe-09/bh-eu-09-schedule.html

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] sqlmap 0.7 to be released at Black Hat Europe 2009

[Kristian E. H. <kri...@gm...>]

Congrats Bernado!

As the only monetarily donating user to the sqlmap project (am I
still?), I must advise that you hook up with Anthony Lineberry when
you get there.  He's from LA too and I caught his talk when I was
speaking at the Southern CAlifornia Linux Expo (SCALE) last month.
Awesome stuff and a chill dude...

http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Lineberry
http://scale7x.socallinuxexpo.org/conference-info/speakers/anthony-lineberry
http://scale7x.socallinuxexpo.org/conference-info/speakers/kristian-erik-hermansen-0

Good luck with your talk :-D

Cheers,


On Fri, Apr 3, 2009 at 2:56 PM, Bernardo Damele A. G.
<ber...@gm...> wrote:
> Hi,
>
> I have been selected as a speaker[1] for Black Hat Europe 2009
> Briefings[2]! I am scheduled[3] to talk on April 16 at 12:00.
>
> My presentation is titled "Advanced SQL Injection exploitation to
> operating system full control" and the abstract is as follows:
>
> --8<--
> Over ten years have passed since a famous hacker coined the term "SQL
> injection" and it is still considered one of the major web application
> threats, affecting over 70% of web application on the Net. A lot has
> been said on this specific vulnerability, but not all of the aspects
> and implications have been uncovered, yet.
>
> It's time to explore new ways to get complete control over the
> database management system's underlying operating system through a SQL
> injection vulnerability in those over-looked and theoretically not
> exploitable scenarios: From the command execution on MySQL and
> PostgreSQL to a stored procedure's buffer overflow exploitation on
> Microsoft SQL Server. These and much more will be unveiled and
> demonstrated with my own tool's [sqlmap] new version that I will
> release at the Conference.
> --8<--
>
> The Conference will take place on April 14 - 17, 2009 at Moevenpick
> Hotel City Centre in Amsterdam (The Netherlands), don't miss it if you
> can!
>
> [1] http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele
> [2] http://www.blackhat.com/html/bh-europe-09/bh-eu-09-main.html
> [3] http://www.blackhat.com/html/bh-europe-09/bh-eu-09-schedule.html
>
> Cheers,
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobiles: +447788962949 (UK), +393493821385 (IT)
> PGP Key ID: 0x05F5A30F
>
> ------------------------------------------------------------------------------
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Kristian Erik Hermansen

Re: [sqlmap-users] sqlmap 0.7 to be released at Black Hat Europe 2009

[Bernardo D. A. G. <ber...@gm...>]

Hi Kristian,

On Fri, Apr 3, 2009 at 23:16, Kristian Erik Hermansen
<kri...@gm...> wrote:
> Congrats Bernado!

Thanks!

> As the only monetarily donating user to the sqlmap project (am I
> still?), I must advise that you hook up with Anthony Lineberry when
> you get there.  He's from LA too and I caught his talk when I was
> speaking at the Southern CAlifornia Linux Expo (SCALE) last month.
> Awesome stuff and a chill dude...

Thanks for this tip and yes, you're still the only monetarily donating
user, other than OWASP during the Spring of Code back in 2007 ;)

> http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Lineberry
> http://scale7x.socallinuxexpo.org/conference-info/speakers/anthony-lineberry
> http://scale7x.socallinuxexpo.org/conference-info/speakers/kristian-erik-hermansen-0

Cheers,
-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobiles: +447788962949 (UK), +393493821385 (IT)
PGP Key ID: 0x05F5A30F