Graduation Year
2015
Document Type
Thesis
Degree
M.S.C.S.
Degree Name
MS in Computer Science (M.S.C.S.)
Degree Granting Department
Engineering
Major Professor
Yicheng Tu, Ph.D.
Committee Member
Jay Ligatti, Ph.D.
Committee Member
Yao Liu, Ph.D.
Keywords
Security, Web Attacks, Microsoft SQL Server, Inferential, Bisection
Abstract
SQL Injections are still a prominent threat on the web. Using a custom built tool, BlindCanSeeQL (BCSQL), we will explore how to automate Blind SQL attacks to discover database schema using fewer requests than the standard methods, thus helping avoid detection from overloading a server with hits. This tool uses a web crawler to discover keywords that assist with autocompleting schema object names, along with improvements in ASCII bisection to lower the number of requests sent to the server. Along with this tool, we will discuss ways to prevent and protect against such attacks.
Scholar Commons Citation
Wheeler, Ryan, "BlindCanSeeQL: Improved Blind SQL Injection For DB Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists" (2015). USF Tampa Graduate Theses and Dissertations.
https://digitalcommons.usf.edu/etd/6050