Hi folks, I've written another SQL injection whitepaper; it can be found at http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf I'm aware that I'm running the risk of becoming a one-topic poster; if anyone's bored, I apologise. Other stuff is in the pipeline, I promise. :o) The paper clears up some points I glossed over in the previous paper and introduces some new techniques, notably the use of time delays as a communication channel to extract information from the database, and the many uses of OPENROWSET. If anyone has other examples of the use of time as a communication channel, I'd be extremely interested. It seems to me to be a powerful technique, since defence mechanisms tend to abstract it out. -chris.
