BugTraq
Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit Feb 12 2006 11:18PM
unsecure writeme com (1 replies)
Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit Feb 13 2006 11:29PM
Cristian Stoica (security netcms biz) (1 replies)
Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit Feb 21 2006 01:33AM
Crispin Cowan (crispin novell com) (1 replies)
Cristian Stoica wrote:
> I have a question:
> If you use an ecryption algorithm to store/get data into/from the
> database you will not be able to do SQL injections ?
> With a simple encryption algorithm, I do with php explode,
> transform the string into an array and run the algorithm on each
> member of the array.
There are actually several papers on this idea by Angelos Keromytis and
his students & colleagues:

@inproceedings
(
kc03,
author = "Gaurav S. Kc and Angelos D. Keromytis and Vassilis
Prevelakis",
title = "{Countering Code Injection Attacks With Instruction Set
Randomization}",
booktitle = "Proceedings of the 10th ACM Conference on Computer and
Communications Security (CCS 2003)",
address = "Washington, DC",
month = "October",
year = 2003,
)

Crispin
--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/
Director of Software Engineering, Novell http://novell.com
Olympic Games: The Bi-Annual Festival of Corruption

[ reply ]
Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit Feb 21 2006 03:18PM
Angelos D. Keromytis (angelos cs columbia edu)


 

Privacy Statement
Copyright 2010, SecurityFocus