Razi Shaban escribió: >> I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL >> injection technique which allows to extract the whole information of a >> Microsoft SQL Server 2005/2008 database in an extremely fast and efficient >> way. > > This isn't new, this is old news. It might be the first paper written > about the topic, but these methods have been used for years. Please, Razi, could you name any reference? I suppose that if the method is well-known, as you're suggesting, it shouldn't be difficult at all to find at least one. I can't believe no tool is implementing such a great idea, if it is "old news". -- Saludos, -Roman PGP Fingerprint: 09BB EFCD 21ED 4E79 25FB 29E1 E47F 8A7D EAD5 6742 [Key ID: 0xEAD56742. Available at KeyServ]
