English

Data Retrieval over DNS in SQL Injection Attacks

Cryptography and Security 2013-03-14 v1 Databases Networking and Internet Architecture
Authors: Miroslav Stampar
View on arXiv PDF

Abstract

This paper describes an advanced SQL injection technique where DNS resolution process is exploited for retrieval of malicious SQL query results. Resulting DNS requests are intercepted by attackers themselves at the controlled remote name server extracting valuable data. Open source SQL injection tool sqlmap has been adjusted to automate this task. With modifications done, attackers are able to use this technique for fast and low profile data retrieval, especially in cases where other standard ones fail.

Cite

@article{arxiv.1303.3047,
  title  = {Data Retrieval over DNS in SQL Injection Attacks},
  author = {Miroslav Stampar},
  journal= {arXiv preprint arXiv:1303.3047},
  year   = {2013}
}

Comments

7 pages, 3 figures, 1 table. Presented at PHDays 2012 security conference, Moscow, Russia

Related papers

View all related →
Databases · Computer Science
Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database
Vrushali Randhe, Archana Chougule, Debajyoti Mukhopadhyay
2013-11-27
Cryptography and Security · Computer Science
Intrusion Detection Framework for SQL Injection
Israr Ali, Syed Hasan Adil, Mansoor Ebrahim
2020-09-30
Cryptography and Security · Computer Science
DNS Tunneling: A Deep Learning based Lexicographical Detection Approach
Franco Palau, Carlos Catania, Jorge Guerra, Sebastian Garcia +1
2020-06-16
Cryptography and Security · Computer Science
Collaborative SQL-injections detection system with machine learning
M Lodeiro-Santiago, C Caballero-Gil, P Caballero-Gil
2022-09-15
Cryptography and Security · Computer Science
A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies
Diallo Abdoulaye Kindy, Al-Sakib Khan Pathan
2013-06-18
Networking and Internet Architecture · Computer Science
Framework of SQL Injection Attack
Neha Patwari, Parvati Bhurani
2012-07-09
Cryptography and Security · Computer Science
Analysis of SQL Injection Detection Techniques
Jai Puneet Singh
2016-05-11
Cryptography and Security · Computer Science
Detecting and Mitigating SQL Injection Vulnerabilities in Web Applications
Sagar Neupane
2025-06-24
Cryptography and Security · Computer Science
DNS Tunneling: Threat Landscape and Improved Detection Solutions
Novruz Amirov, Baran Isik, Bilal Ihsan Tuncer, Serif Bahtiyar
2025-07-15
Cryptography and Security · Computer Science
A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques
Minzhao Lyu, Hassan Habibi Gharakheili, Vijay Sivaraman
2024-07-08
Cryptography and Security · Computer Science
A Highly Accurate Query-Recovery Attack against Searchable Encryption using Non-Indexed Documents
Marc Damie, Florian Hahn, Andreas Peter
2023-06-28
Cryptography and Security · Computer Science
Does Your DNS Recursion Really Time Out as Intended? A Timeout Vulnerability of DNS Recursive Servers
Zheng Wang
2017-02-15
Cryptography and Security · Computer Science
Injection Attacks Reloaded: Tunnelling Malicious Payloads over DNS
Philipp Jeitner, Haya Shulman
2022-05-12
Cryptography and Security · Computer Science
A wrinkle in time: A case study in DNS poisoning
Harel Berger, Amit Z. Dvir, Moti Geva
2019-06-27
Cryptography and Security · Computer Science
Exploiting Leakage in Password Managers via Injection Attacks
Andrés Fábrega, Armin Namavari, Rachit Agarwal, Ben Nassi +1
2024-08-14
Cryptography and Security · Computer Science
Monitoring Security of Enterprise Hosts via DNS Data Analysis
Jawad Ahmed
2022-05-19
Cryptography and Security · Computer Science
ss2DNS: A Secure DNS Scheme in Stage 2
Ali Sadeghi Jahromi, AbdelRahman Abdou, Paul C. van Oorschot
2025-06-27
Cryptography and Security · Computer Science
Advancing SQL Injection Detection for High-Speed Data Centers: A Novel Approach Using Cascaded NLP
Kasim Tasdemir, Rafiullah Khan, Fahad Siddiqui, Sakir Sezer +3
2024-10-28
Cryptography and Security · Computer Science
Survey of Network Intrusion Detection Methods from the Perspective of the Knowledge Discovery in Databases Process
Borja Molina-Coronado, Usue Mori, Alexander Mendiburu, José Miguel-Alonso
2022-10-07
Cryptography and Security · Computer Science
Information-Based Heavy Hitters for Real-Time DNS Data Exfiltration Detection and Prevention
Yarin Ozery, Asaf Nadler, Asaf Shabtai
2023-07-07
Cryptography and Security · Computer Science
Take up DNSSEC When Needed
Zheng Wang
2016-02-29
Cryptography and Security · Computer Science
From IP to transport and beyond: cross-layer attacks against applications
Tianxiang Dai, Philipp Jeitner, Haya Shulman, Michael Waidner
2022-05-13
Machine Learning · Computer Science
C-RADAR: A Centralized Deep Learning System for Intrusion Detection in Software Defined Networks
Osama Mustafa, Khizer Ali, Talha Naqash
2024-09-02
Cryptography and Security · Computer Science
Survey and Analysis of DNS Filtering Components
Jonathan Magnusson
2024-01-09
Databases · Computer Science
Preventing SQL Injection attack using pattern matching algorithm
Swapnil Kharche, Jagdish patil, Kanchan Gohad, Bharti Ambetkar
2015-04-28
R2 v1 2026-06-21T23:41:09.820Z