Give Me a SQL Injection, I Shall PWN IIS and SQL Server

Comments off | Server By · 26/06/2023



Give Me a SQL Injection, I Shall PWN IIS and SQL Server

Give Me a SQL Injection, I Shall PWN IIS and SQL Server

IIS and SQL Servers play very important roles in the Microsoft Ecosystem. They have been considered unbreakable for many years, and over one decade has passed since the last severe IIS memory corruption vulnerability was disclosed. Are they unbreakable? What about having a SQL injection? Can a SQL injection in the ACCESS database only be used to view unexpected data in the database? What is the relationship between IIS/SQL Server and the ancient (~30 years old) Microsoft JET database engine from the attacker’s perspective? This presentation will answer all of those questions…..

By:
Qi Deng, Bo Qu, & Tao Yan

Full Abstract & Presentation Materials:
https://www.blackhat.com/asia-21/briefings/schedule/#give-me-a-sql-injection-i-shall-pwn-iis-and-sql-server-22251

53GB.COM GPTSTORE CPU Yougpt Gptsio Gpt-store-Nav