Darksat IT Security Forums
October 22, 2019, 03:37:54 am
Welcome, Guest. Please login or register.

Login with username, password and session length
News: Darksat IT Security Forum
From Firewall Support, AntiVirus Questions, Spyware problems, Linux and Windows Security, Black Hat SEO right down to Website Design and Multimedia
 
  Home Help Search Gallery Links Staff List Login Register  

SQL Injection


Pages: [1]
  Print  
Author Topic: SQL Injection  (Read 1414 times)
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« on: September 17, 2006, 08:01:13 am »

SQL injection occurs when naughty commands are injected into an SQL database.
Shopping carts and online databases are all vulnerable unless they are properly protected against this type of attack.
If the application does not  check the input, special command strings can be sent to the database.

for example the SQL command
SELECT * FROM customer WHERE card = 'visa' 
will return all examples of customers that are using Visa.
SELECT * FROM customer WHERE card = '$card'
As long as values such as visa, amex, or master are in this variable, the database reacts as expected.
But if a hacker enters the string ';DROP TABLE CUSTOMER--, the application sends the following to the database:
SELECT * FROM customer WHERE card = '';DROP TABLE CUSTOMER --'
The database sees two commands because the semicolon represents a separator:
SELECT * FROM customer WHERE card = ''
shows all of the data records that have an empty column card. The database then executes the second command that completely deletes the table customer.

The moral of the story is to ensure that your system only accepts the appropriate commands or you could end up with your database contents stolen or deleted.
You have been warned.

Report Spam   Logged

neutron2k
Elite-Member
Master
*****
Posts: 469



View Profile WWW
« Reply #1 on: September 17, 2006, 02:15:38 pm »

a good way of testing web site login forms for their prevention of sql injection is to enter the following as the user name and password.

hi' or 1 = 1

this would change any select query to the following when details are submitted:


select * from sql where loginid='hi' or 1=1

so in essence it will always return a result and you can get access to the site.

thats if the site has poor security and doesn't cater for sql injection.
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #2 on: September 18, 2006, 03:46:01 am »

See Neutron, you know more about this stuff than you think.
Nice tip.
Report Spam   Logged
neutron2k
Elite-Member
Master
*****
Posts: 469



View Profile WWW
« Reply #3 on: September 18, 2006, 09:26:49 am »

I know about SQL injection, but thats about it.
Report Spam   Logged
sacx13
31337
***
Posts: 40


View Profile
« Reply #4 on: October 19, 2006, 06:19:30 am »

You can use mod_security for apache. Is designed for dropping sql injections Smiley

Read a little article write by me about mod_security
http://www.webmasterstalks.com/index.php/topic,163.0.html

Also are some examples for anti sql injections Smiley

Regards
Report Spam   Logged
Darksat
Administrator
Master
*******
Posts: 3303



View Profile WWW
« Reply #5 on: October 19, 2006, 07:06:14 am »

Thanks for the link.
Good article.
I like the modsecurity.com site as well, looks like something i will be using in future.
Report Spam   Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by EzPortal
eXTReMe Tracker
Security Forum
Bookmark this site! | Upgrade This Forum
SMF For Free - Create your own Forum


Powered by SMF | SMF © 2016, Simple Machines
Privacy Policy
Page created in 0.047 seconds with 14 queries.