On Fri, Feb 6, 2009 at 2:10 PM, Daniel Kachakil <[email protected]> wrote: > Hi, > > I am glad to release SFX-SQLi (Select For XML SQL injection), a new SQL > injection technique which allows to extract the whole information of a > Microsoft SQL Server 2005/2008 database in an extremely fast and efficient > way. >
This isn't new, this is old news. It might be the first paper written about the topic, but these methods have been used for years.
