Alberto Revelli

Name: Alberto

Surname: Revelli

About speaker: Alberto Revelli (aka icesurfer) lives and works in London, where he enjoys the bad weather and the astronomically expensive cost of living. He is a senior penetration tester for Portcullis Computer Security, where he mostly deals with web applications and anything else that happens to tickle his passion for breaking things.

He is Technical Director of the Italian Chapter of OWASP, has co-authored the OWASP Testing Guide 2.0, and he has developed the tool sqlninja (, probably believing that there were not enough SQL Injection tools out there, already.

Talk: Building the bridge between the WebApp and the OS: GUI access through SQL Injection


The speech will focus on some advanced techniques of SQL Injection, showing a few tricks to transform an application-level vulnerability into a full access to the underlying operating system. The examples will mostly focus on SQL Server, but the concepts are valid for all DB technologies. Some of the topics that will be illustrated include:

  • how to bruteforce the ’sa’ password using the remote DB’s own CPU resources,
  • how to obfuscate our queries (and even run quote-free ones),
  • how to use SQL Injection to upload executables, to disable Data.

Execution Prevention, and also to set up a DNS tunnel to exchange data, if needed A live demo will also be presented, showing how to combine all previous techniques in order to go all the way from a SQL Injection to a graphical access to the DB server.