-
March 2nd, 2004, 07:08 PM
#1
Sql Injection
Hello
This Is My Tutorial Over "SQL INJECTION" , Hope It Would Help Out Many Out Here.
Basically SQL INJECTION Is A Attack Over Weak Programming And Can Affect Major Over The Databases.
No Lets Jump Out Here:
Consider a Form As Shown below,
http://www25.brinkster.com/vinothbabu/login.asp
The Form Accepts a Username and Password.It Would then Probably Query a database to retrieve some information
Let Us Say that this is a bank database and, hypothetically,it has a table user_id with following
structure shown below:
Username Password AccountNumber
The Account number is used for all transactions, and will be retrived from the table when the user
ebters his username and password.This Would Most Likely be Done By a query Like ...
Select account_number from user_id where
username='spechacker' and password='jamesbond'
Bit What Happens if the user enters his name as spechacker' instead of spechacker??? The Query Now Becomes...
Select account_number from user_id where
username='spechacker'' and password='jamesbond'
This Is an Error And So the Database Server Will Return An Error.This Could Be Something Similar
to What's Shown Below:
Now From Above We Come Here to state an information....
* We Know that we can managle the query at our will
* We Know the database at the back-end.In this Case It Is Oracle.
Now What If We Entered Our Password As jamesbond' OR 'b' = 'b? The Query Becomes......
Selecr account_number from user_id where
username='spechacker' and passwords= 'jamesbond' OR 'b'='b'
This Is a Valid SQL query. Further, It Will always yield True Since 'b'='b' always Yields True.
Hence This will Result In an Overall true.This Means that You Could Type any password and log in
successfully!
Moving On To Other Possibilities
We Have Seen That Quating Can Wreak All Sorts Of Havoc in the authentication scheme.Another Offending string is the '-'
This Is USed As A Comment In SQL.Now,What If We Entered Our Username As spechacker;-?
The Query Would Be...
Select account_number from user_id where
username=spechacker'- and password='jamesbond'
As You Can See The Entire 'where' clause has been eliminated.In short, no password check is performed!
Furthermore,the ';'(semicolon) character is used in SQL to seperate two queries.While Some Databases
Ignore This Such as Oralce , Others Such As MS SQL2000 And MYSQL Use it.This is by Far the Most Dangerous.By this the
attacker has access to your databases.
A Query Such As..
Select account_number from user_id where username='spechacker';
update balance_table set balance_amnt=87497824 where
user='spechacker'--' and password='jamesbond'
Can Easily Formed By Entering A Username.
spechacker';update balance_table set balance_amnt=87497824 where user='spechacker'--
If The User Were to USe Some Dangerous Query Like Drop Table,You Could be in Real Trouble!
Many Databases Have Commands tht are used to execute Shell Commands.Some Like PostgreSQL,Have
XP_shellexec that can compromise the entire system by running programs such as FTP to get Trojan
Horses.
How To Prevent This Attack ............
1. Escape/Filter Special Characters whereever not required.
Ensure that characters such as' ,;()- are dealt with properly.
2. Run the Web Application as the database User with the least Possible privileges.
3. Run The Web Application as An Operating System User with the Least +ve Privileges.
4. Limit the field lengths.No One Will Enter an 80-Character username.
Let us Prevent This Attack And Provide More Security To The Web.
Thanx
Hope This Tutorial Will Surely Help EveryOne In This Board.
Vinoth
SpecHackers Team!
http://www.spechackers.tk
-
March 2nd, 2004, 11:56 PM
#2
... please go away.
I cant neg you hard enough. THis is how to hack, AND how to prevent it, it should be how to PREVENT it... now whoever dont know how, at least knows a way, if not where to start looking...
sheesh
Remember -
The ark was built by amatures...
The Titanic was built by professionals.
-
March 3rd, 2004, 12:17 AM
#3
Actually the post doesn't bother me its more about who its comeing from. Didn't you guys already steal a few tutorials from my fellow AOers? I wouldn't be surprised if this were the case here...
ok ok ok so anyways... if I remember correctly you also spamed us. Then you complained when another guy did the exact same crap on your board. Then when I confronted you about it right on your own board you deleted all posts containing comments about how you spamed us then took tutorials from this site. You guys also keep re-doing your site in a lame attemt to cover-up old content proveing how lame you are. Well now your in one of my favorite hangouts.
Avenger_jcc, continue the bitch slaping on this ugly and stupid *******. We'll go shooting awhile later.
-
March 3rd, 2004, 12:43 AM
#4
ROFL i can't believe the spec morons are still up to this.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|