[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SFX-SQLi: A new SQL injection technique for MSSQL (dumps a table in one request!)
On Fri, Feb 6, 2009 at 2:10 PM, Daniel Kachakil <dani@xxxxxxxxxxxx> wrote:
> I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL
> injection technique which allows to extract the whole information of a
> Microsoft SQL Server 2005/2008 database in an extremely fast and efficient
This isn't new, this is old news. It might be the first paper written
about the topic, but these methods have been used for years.