Description: We've looked at a lot of SQL Injection primers on SecurityTube lately, however, here is something really interesting - could a malicious hacker use SQL Injection and create a worm? In this talk titled "SQL Injection Worms for Fun and Profit" given at Blackhat 2008, Justin Clarke discusses in detail about such a worm which hit the Internet and took down a couple of thousand hosts. According to him, this worm was the tip of the iceberg and 1.0 in comparison to what could have been achieved. This worm was easy to clean up, block and used a very simple and detectable mechanism to propogate. He argues, that an SQL worm could be designed to be much more powerful and could result in even a full OS compromise. In this presentation, he talks about how an SQL worm can be weaponized to do more malicious things if the author desires so.<br><br>His presentation can be downloaded here and a high resolution video is available here. <br><br><br></div>
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.