Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit

To: Cristian Stoica <security@xxxxxxxxxx>
Subject: Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit
From: Crispin Cowan <crispin@xxxxxxxxxx>
Date: Mon, 20 Feb 2006 17:33:01 -0800
Cc: unsecure@xxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, pen-test@xxxxxxxxxxxxxxxxx, "Angelos D. Keromytis" <angelos@xxxxxxxxxxxxxxx>
In-reply-to: <43F11641.5020801@xxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20060212231853.2381.qmail@xxxxxxxxxxxxxxxxx> <43F11641.5020801@xxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.6 (X11/20050715)

Cristian Stoica wrote:
>    I have a question:
>    If you use an ecryption algorithm to store/get data into/from the
> database you will not be able to do SQL injections ?
>    With a simple encryption algorithm, I do with php explode,
> transform the string into an array and run the algorithm on each
> member of the array.
There are actually several papers on this idea by Angelos Keromytis and
his students & colleagues:

@inproceedings
  (
    kc03,
    author = "Gaurav S. Kc and Angelos D. Keromytis and Vassilis
Prevelakis",
    title = "{Countering Code Injection Attacks With Instruction Set
            Randomization}",
    booktitle = "Proceedings of the 10th ACM Conference on Computer and
    Communications Security (CCS 2003)",
    address = "Washington, DC",
    month = "October",
    year = 2003,
  )

Crispin
-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
        Olympic Games: The Bi-Annual Festival of Corruption

Follow-Ups:
- Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit
  - From: Angelos D. Keromytis

References:
- Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit
  - From: unsecure
- Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit
  - From: Cristian Stoica

Prev by Date: how to crash apache/php in cpanel
Next by Date: Whitepaper by Amit Klein: "HTTP Response Smuggling"
Previous by thread: Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit
Next by thread: Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit
Index(es):
- Date
- Thread