Bugtraq mailing list archives

BENCHMARK() is not the only way to determine successfull MySQL injection

From: "Philip Stoev" <philip () stoev org>
Date: Tue, 6 Jul 2004 13:16:15 +0300

Hello,

As far as the timing attack using BENCHMARK() is concerned, the same effect
can be achieved as follows:

1. Inject GET_LOCK(1, 60);
(this injection will return immediately regardless of success)

2. Inject GET_LOCK(1, 5);
(if successfull, this injection will return in 5 seconds rather than
immediately)

This method provides exact delays independent of CPU speed, does not load
the processor and does not require selecting an appropriate expression to
BENCHMARK().

Philip Stoev

Whitepaper
**********

We have written a paper that accompanies this advisory. The paper
provides details of various MySQL lockdown techniques, and a review of
common attacks on MySQL, including SQL injection. The paper can be found
at

http://www.ngssoftware.com/papers/HackproofingMySQL.pdf


----------------------------------------
My Inbox is protected by SPAMfighter
14126 spam mails have been blocked so far.
Download free www.spamfighter.com today!

Current thread:

MySQL Authentication Bypass NGSSoftware Insight Security Research (Jul 05)
- BENCHMARK() is not the only way to determine successfull MySQL injection Philip Stoev (Jul 06)