Sunday, 27 December 2015

Sql Injection

Overview

A "SQL injection" attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

History

Ever since the advent of the computer, there have always been people trying to hack them.  William D. Mathews of MIT discovered a flaw in the Multics CTSS password file on the IBM 7094 in 1965; John T. Draper ("Captain Crunch") discovered a cereal toy whistle could provide free phone calls around 1971; The Chaos Computer Club, the Cult of the Dead Cow, 2600, the infamous Kevin Mitnick, even computing godfather Alan Turing and his World War II German Enigma-cipher busting Bombe, all and more have participated in hacking computers for as long as computers have existed.
Through the 1980s and 1990s, the world began to see the advent of the personal computer, the internet, and the World Wide Web.  Telephone lines in millions of homes began screaming with the ear-piercing tones of dial up connections.  AOL, CompuServe, Juno, and more began providing home users with information portals and gateways to the web.  The information age was born; as was the age of information security (and, indeed, insecurity).
As websites began to form by the thousands per day, so did the technology behind them.  Websites went from merely being static pages of text and images to dynamic web applications of custom-tailored content.  HTML, CSS, and JavaScript grew into bigger and better systems for stitching content together in the browser, and the browser itself evolved, through Internet Explorer, Netscape, Firefox, Chrome, and more.  PHP and Perl CGI, among others, became the languages of choice for backend website scripting to real-time generate the HTML and other elements browsers would render.  Database systems came and went, but MySQL became the most popular.  In fact, a lot of things came and went -- Dot-Com bubble, anyone? -- but one thing always remained: web application security.

Description

SQL injection errors occur when:
  1. Data enters a program from an untrusted source.
  2. The data used to dynamically construct a SQL query
The main consequences are:
  • Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities.
  • Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password.
  • Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability.

Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack

 How SQL injection Works.

Prospects, customers, employees and business partners may all have the right to store or retrieve information from your database. Your site probably allows any site visitor to submit and retrieve data. Legitimate access for visitors includes site search, sign up forms, contact forms, logon forms and all of these provide windows into your database. These various points of access are quite possibly incorporated in 'off-the-shelf' applications or may be custom applications set up just for your site. These forms and their supporting code have likely come from many sources, were acquired at different times and possibly installed by different people.
SQL injection is the use of these publicly available fields to gain entry to your database. This is done by entering SQL commands into your form fields instead of the expected data. Improperly coded forms will allow a hacker to use them as an entry point to your database at which point the data in the database may become visible and access to other databases on the same server or other servers in the network may be possible.
Web site features such as contact forms, logon pages, support requests, search functions, feedback fields, shopping carts and even the functions that deliver dynamic web page content, are all susceptible to SQL injection attack because the very fields presented for visitor use MUST allow at least some SQL commands to pass through directly to the database

Defense Against SQL Injection.

Because web sites require constant access to the database, firewalls provide little or no defense against SQL injection attacks. Your website is public and firewalls must be set to allow every site visitor access to your database, usually over port 80/443.
Antivirus programs are equally ineffective at blocking SQL injection attacks. They are intended to spot and stop an entirely different kind of incoming data.
The most commonly used SQL injection defense is made up of two components. First there is routine updating and patching of all servers, services and applications which of course has many advantages and is common practice. Then there is producing and using well written and well tested website code that disallows unexpected SQL commands.
These two defenses are by definition enough to halt any SQL injection attack. So, why are web site vulnerabilities and risks on the rise and why are successful attacks occurring more often? The answers are each simple, and combine into a daunting list:
The number of servers, applications and volume of code on web sites is increasing
  These servers, applications and code languages interact with each other in sometimes unpredictable ways
  The number and frequency of updates and patches is increasing
 IT departments are doing more work with fewer staff and some activities such as updates get postponed
  IT staff turnover and layoffs sometimes leave camouflaged holes in security routines
  Automatically installing every patch and update that comes along often produces unwanted side effects
  Legacy code is often re-used when sites are updated, sometimes keeping code written to old standards in use long after it was obsolete
  The number of people attempting to do hacks and the number of tools available to simplify hacking are both going up almost exponentially.

How To Exploit The SQL Injection Attack.


Exploiting an SQL Inject attack involves solving a puzzle that is a cross between Hangman and 20 Questions. It needs a little understanding of SQL and a great deal of cunning.
Try your Hacking skills against this test system. It takes you through the exploit step-by-step.
The SQL Injection attack allows external users to read details from the database. In a well-designed system this will only include data that is available to the public anyway. In a poorly designed system this may allow external users to discover other users' passwords.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)