Chapter 7 – Advanced Topics

Publisher Summary This chapter explores more advanced techniques that one can use to enhance SQL injection attacks, and to overcome obstacles that one may encounter. It is also discusses methods for evading input validation filters, and highlights at various ways in which one can bypass defenses, such as Web application firewalls. Web applications frequently employ input filters that are designed to defend against common attacks, including SQL injection. These filters exist within the application's own code, in the form of custom input validation, or may be implemented outside the application, in the form of Web application firewalls (WAFs) or intrusion prevention systems (IPSs). One can use inline comment sequences to create snippets of SQL which are syntactically unusual but perfectly valid, and which bypass various kinds of input filters.