2020
En honor a la Biblia vol. 1
2016
Uniendo generaciones
2016
Uniendo generaciones
Desde 1974
2020
2016
2016
Desde 1974
In a standard SQL injection, an attacker inserts malicious SQL statements into entry fields, hoping the application will execute them. When direct data retrieval is blocked, "blind" techniques are used. By using a CASE statement, the attacker forces the server to respond differently based on whether a condition—like 2165=2165 —is true. While this specific example is a "tautology" (a statement that is always true), it serves as a baseline to confirm that the database is processing the injected logic. If the server behaves normally, the attacker knows the injection point is active. The Role of Information Schema
The Logic of the Breach: SQL Injection and Modern Cybersecurity In a standard SQL injection, an attacker inserts
The inclusion of INFORMATION_SCHEMA.CHARACTER_SETS in the ELSE clause is a strategic move. The INFORMATION_SCHEMA is a standard database structure that contains metadata about all other databases, tables, and columns. By referencing it, an attacker can verify the type of database management system (DBMS) being used—such as MySQL or PostgreSQL—and determine if they have the permissions necessary to crawl the system’s metadata. Defensive Implications While this specific example is a "tautology" (a
Si quieres conocer más de nuestro ministerio, o si quieres invitarnos a participar en un evento, no dudes en escribirnos.