Black Hat Briefings, Usa 2007 [audio] Presentations From The Security Conference.

Dynamic content for Web applications is typically managed through database engines, including registration information, credit cards medical records and other private information. The web applications typically interface with web users and allow them to make only certain queries from the database while they safeguard the privacy where expected, for example, they may allow to add data in a column of the database but not to view the complete contents of this column. We will describe a new technique that allows executing a timing attack which recovers entries from a private column in a database and only requires the ability to insert data in this private column. During the presentation, we will show the experiments that lead us to developing exploit code for the MySQL engine that demonstrates this technique, give details for the audience to understand the underlying algorithm, analyze the results and discuss future work. We will also discuss how to protect from or detect this exploit.