RuhrSec 2025 | SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level

RuhrSec is the annual English speaking IT security conference with cutting-edge security talks by renowned experts. RuhrSec is organized by Hackmanit. 🔽 More information … ——— Talk // SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level Abstract // SQL injections seem to be a solved problem; databases even have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application's database connection. Using vulnerable database driver libraries as case studies, we will bring the concept of HTTP request smuggling to binary protocols. By corrupting the boundaries between protocol messages, we desynchronize an application and its database, allowing the insertion of malicious messages that lead to authentication bypasses, data leakage, and remote code execution. ——— Biography // Paul Gerste is a vulnerability researcher on Sonar's R&D team. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing and organizing CTFs with team FluxFingers. Speaker // Paul Gerste Mastodon – https://infosec.exchange/@pspaul X –   / pspaul95   ➡️ Slides - Download https://www.ruhrsec.de/downloads/slid... ——— 🚀 Subscribe to Our Channel:    / @hackmanit-it-security   👉 Read More About Interesting It Security Topics on Our Blog: https://hackmanit.de/en/blog-en ✍️ Want a Deeper Dive Training courses in Single Sign-On (OAuth, OpenID Connect, and SAML), Secure Web Development, TLS, and Web Services are available here: https://hackmanit.de/en/training/port... ——— 🌍 RuhrSec Conference Website: https://www.ruhrsec.de 🌍 Visit Our Website - Hackmanit: https://hackmanit.de/en ✖️ Follow RuhrSec on X:   / ruhrsec   ✖️ Follow Hackmanit on X:   / hackmanit   ✔ Follow RuhrSec on Linkedin:   / ruhrsec   ✔ Follow Hackmanit on Linkedin:   / hackmanit   Follow Hackmanit on XING: https://www.xing.com/pages/hackmanitgmbh ——— Thanks for your attention and support. Stay secure. 🫶 #SQL #nosql #sqli #sqlinjection #hacking #RuhrSec #itsecurity #itsicherheit #cybersecurity #cybersicherheit