[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] SQL Injection

From: "J. Santosh Kumar" <santosh.kumar@xxxxxxxxx>
Subject: Re: [WEB SECURITY] SQL Injection
Date: Thu, 13 Jul 2006 12:33:19 +0530

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<small><font face="Verdana">Hi,<br>
Best way to know if the application is vulnerable to SQL injection is
by enumerating the errors. <br>
The error messages can be from application or database which may help
in probing further in identifying the technology and the database.<br>
This can be done using special characters in the input parameter field
either in GET or POST request. This is purely database specific.&nbsp; <br>
For example end of statement of SQL query in MSSQL is ; <br>
In MySQL it is # and in MS ACCESS it is %00.<br>
The database generates error messages when it encounters special
character instead of user input. <br>
Given below is the another way to identify the SQL injection:<br>
If the application is taking a parameter and searching in the database
like given below<br>
1. <a class="moz-txt-link-abbreviated" href="http://www.justatest.com/search.asp?PROD=ID5";>www.justatest.com/search.asp?PROD=ID5</a><br>
&nbsp;&nbsp; then modify the URL as<br>
&nbsp;&nbsp; <a class="moz-txt-link-abbreviated" href="http://www.justatest.com/search.asp?PROD=ID5";>www.justatest.com/search.asp?PROD=ID5</a>' AND '1'='1<br>
&nbsp;&nbsp; This modified URL will give the same result as that of the previous
URL because the AND statement is true. <br>
&nbsp;&nbsp; If the input validation is in place, application will throw a
customized error page. <br>
2. <a class="moz-txt-link-abbreviated" href="http://www.justatest.com/search.asp?PROD=ID5";>www.justatest.com/search.asp?PROD=ID5</a>' OR '1'='1 will list the
entire products present in the database.<br>
<br>
Here are few links related SQL injection.<br>
</font></small><a class="moz-txt-link-freetext" href="http://www.unixwiz.net/techtips/sql-injection.html";>http://www.unixwiz.net/techtips/sql-injection.html</a><br>
<a class="moz-txt-link-freetext" href="http://www.securitydocs.com/library/2656";>http://www.securitydocs.com/library/2656</a><br>
<br>
<small><font face="Comic Sans MS">Santosh Kumar<br>
Plynt<br>
<a class="moz-txt-link-abbreviated" href="http://www.plynt.com";>www.plynt.com</a><br>
<a class="moz-txt-link-freetext" href="http://palisade.plynt.com/";>http://palisade.plynt.com/</a> -&nbsp; Application Security Magazine<br>
</font></small>Schmidt, Albert E wrote:
<blockquote
 cite="mid7DDF392B05DE91409FEF47820A579B6094132E@xxxxxxxxxxxxxxxxxxxxxxxx"
 type="cite">
  <pre wrap="">Can anybody please provide me with advice on constructing a SQL
Injection? I am currently auditing a web application.  During the audit
I performed a Paros scan.  The Paros scan resulted in showing several
area's were a SQL injection is possible; however, unless I can exploit a
SQL injection then I am not able to prove that SQL injection is
possible.  I am not looking for complex statements, just something
simple that will provide me information to prove injection is possible.

If you cannot provide this information could you please provide me with
a reference to a book or web page that can.

Thank you,

Albert E. Schmidt, CPA
Senior Information System Auditor
Office of Legislative Audits

----------------------------------------------------------------------------
The Web Security Mailing List: 
<a class="moz-txt-link-freetext" href="http://www.webappsec.org/lists/websecurity/";>http://www.webappsec.org/lists/websecurity/</a>

The Web Security Mailing List Archives: 
<a class="moz-txt-link-freetext" href="http://www.webappsec.org/lists/websecurity/archive/";>http://www.webappsec.org/lists/websecurity/archive/</a>
<a class="moz-txt-link-freetext" href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]



  </pre>
</blockquote>
<br>
</body>
</html>

----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- RE: [WEB SECURITY] SQL Injection
  - From: Schmidt, Albert E

Prev by Date: Re: [WEB SECURITY] SQL Injection
Next by Date: RE: [WEB SECURITY] SQL Injection:Paros and patent violation
Previous by thread: Re: [WEB SECURITY] SQL Injection
Next by thread: RE: [WEB SECURITY] SQL Injection
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site