© Mika Specta, 123RF.com

© Mika Specta, 123RF.com

Discovering SQL injection vulnerabilities

Poison

Article from ADMIN 13/2013
By
Hardly a day goes by without reports of hackers breaking into government, military, or enterprise servers. If you analyze the details of the hacker's approach, you will see that, in 90 percent of all cases, SQL injection was the root cause of a server's compromise.

Within a couple of hours, an experienced Internet attack specialist can bring your server infrastructure to its knees. In many cases, the barn door through which the attackers gain entry is a classic bug in a web application: an SQL injection vulnerability. SQL injection, which has been known for around 12 years, is still one of the hacker's most popular tools.

This article presents real-life examples of SQL injection attack vectors, explains how carelessness can cause them, and shows how far-reaching the impact can be. I will start by demonstrating these SQL attack techniques manually, then I'll show how to use the SQLmap tool to look for vulnerable code.

Typical Attack Vectors

One feature that nearly all web applications have in common is the connection to one or multiple databases. Whether it is used for retrieving email, shopping on the web, or reading news, there will always be at least one database back end. And, no matter which programming language the web application was written in, communication with the database always follows the same principle. The script stored on the server passes in the SQL queries to the database, evaluates the return values, and serves them up to the user.

Security holes in web applications can result from a lack of security awareness on the part of the developers. The larger issues mainly arise from a lack of input validation. The following PHP script, which is part of a popular login screen, demonstrates a typical programming error.

$query = "SELECT * FROM users WHERE user='" .
$_POST['username'] . " ' AND password=' " .
$_POST['password'] . " ' ";
$response = mysql_query($query) ;

The expected values are the username and password. The script checks whether the input data matches the credentials stored in the database. If the user is found in the database, and the password matches, the user

...
Use Express-Checkout link below to read the full article (PDF).

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Uncovering SQL Injections

    Hardly a day goes by without reports of hackers breaking into government, military, or enterprise servers. If you analyze the details of the hacker’s approach, you will see that, in 90 percent of all cases, SQL injection was the root cause of a server’s compromise.

    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=