SQL Injection #12
Description
/*
Title: SQL Injection
Description: SQL Injection SQLi database vulnerability
*/
- LAST UPDATED DATE: 12 - 13 -15
- LAST UPDATED BY: Mike Hodges
Summary
A code injection technique that allows an attacker to make arbritrary calls
to the backend database.
Capabilities and Risk
SQL Injection allows an attacker to access entries in the application database
and in some cases write to the database which can lead to code execution on
the server.
It can lead to partial or complete loss of the database entries and in
the worst case scenario allow an attacker to gain a foothold on the machine.
Detection
- Identify where user input being used as data for a database call (i.e. username)
- Attempt to inject SQL meta-characters and commands to modify/create a query in order to view the database contents
Remediation
Properly sanatize all database calls using both a whitelist of known good input and blacklist of potentially dangerous meta characters and functions.
References
- https://www.owasp.org/index.php/SQL_Injection
- http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet -- payload crafting cheatsheet
- https://www.exploit-db.com/papers/13045/ -- SQL Injection tutorial on MySQL, great walkthrough