The majority of recent net applications and sites use some style of dynamic content. This content may be within the style of articles, blog posts, comments, guest books, looking carts, product lists, ikon galleries, personal details, usernames, passwords the list goes on. whether or not the online server is Apache on UNIX or IIS on Windows, if its running a server facet scripting language like PHP, ASP, JSP, CFM it's doubtless there's a info within the background storing all this dynamic content.
SQL Injection involves bypassing the traditional strategies of accessing the info content and injecting SQL queries and statements on to the info through the online application so as to steal, manipulate or delete the content. System access is even potential in several instances wherever the info is in a position to realize access to system resources, this will find yourself with entire system compromise and attackers in your network (not solely stealing all of your data).
Have you looked closely at the complete URL of the websites you visit?
Have you looked closely at the full URL of the websites you visit?
Notice the ?itemid=944 … this is a parameter that is sent via the web application to the database in order to retrieve the content you are looking at.
Through HTTP GET based SQL injection we can manipulate these parameters to send unintended statements into the Database. For example; Instead of retrieving article number 1, why don’t you show me article number 1 AND all the users and passwords in your database….
The online sql injection test from techbypass.blogspot.com will test each parameter on the url for possible SQL injection using the excellent tool SQLmap.
The only data obtained with this test if a vulnerable parameter is
found is the database version. Sqlmap can also be used to show the
results of much more devastating requests such as retrieving all the
data / specific tables of data from the database or even the insertion
of code execution commands and shells.
SQL Injection Vulnerabilities are also very prevalent in the form fields of web applications.
Form based sql injection is conceptually the same, the only difference
being the rogue SQL statements are inserted via a POST request on the
form submit rather than the HTTP GET parameter.Username / Password forms are a well known point of attack. One type of attack allows the bypassing of the password part of the login.
This tells the database to not worry about the rest of the SQL query (the password part) and just perform the function of “if username = googleadmin and a=a –” (then give the user access to the system). Oops!
SQL Injection can also be used to attack other points of web applications, even cookie parameters – however HTTP GET and HTTP POST requests are the most common vectors.
So how can it be fixed?It is simple in theory, not so easy in practice as can be seen by the on going attacks with SQL injection based compromises resulting in literally millions of database records lost.
All
user editable points of input into a web application must have the
input’s sanitised to prevent the execution of unauthorised SQL code. The
OWASP site has some excellent information if you are looking for more detailed technical resources.
0 comments:
Post a Comment