Wednesday, December 3, 2014

SQL Injection Attack – Injecting Harmful/Malicious SQL Code

SQL Injection Attack & Its Types

 Similar to other things SQL also has two sides, one good and the other bad. On one side the programming language is used for management of relational database whereas on the other it can also be utilized for execution of malicious attacks by attackers. One example is SQL injection attack, by means of which malicious codes are injected into the server and then into the SQL database. This results in extraction of useful and valuable information from the system by backdoor. The attack generally affects the link between a server and client-mostly a web server, where security layers such as SSL, TLS, etc. are not utilized, and the browser. This is because normally data exchanged between web browsers and web servers is in the form of plain text-which leaves users vulnerable to eavesdropping. In such cases attacker are able to intercept all data being shared.

Types of SQL Injection Attack

SQL injection, also called SQLI has been reported by Open Web Application Security Project (OWASP) to be one of the top most web application vulnerabilities of the year 2007 and 2010. Last time in the year 2013, it was rated as one of the top ranked attacks on the OWASP top-ten list. 

There are five chief forms of SQL injection, classified on the basis of state of SQLI and they are as follows:
  •   Classic SQLI
  •   Blind or Inference SQL injection
  •  Database management system-specific SQLI
  •  Compounded SQLI
  •  SQL injection + XSS
  •  SQL injection + DNS hijacking
  •  SQL injection + DDoS attacks
  •  SQL injection + insufficient authentication
Note - As a whole, the Compounded SQLI which is of four types can be referred to as Storm Worm.

Techniques of SQL Injection Attack

  • Incorrect Filtration of Escape CharactersIn this case, the input by user or say attackers remains unfiltered for escape characters which are then infused into a SQL statement. In this way, the SQL query gets manipulated resulting in an entirely different and incorrect output.
Note - An escape character in computing or communication field is one which cites a substitute explanation on successive characters in a chain of characters.

  • Wrong Typing Attack – In this form of SQL injection, attackers do not type-in the fields correctly to be filled in by the user. With typing-in of the wrong information they get successful in manipulating the code, which injects malicious code harming the entire database.
  • Blind Injection Attack – As the name signifies it is a kind of SQL injection attack whose output is not visible to the attackers themselves. Here, the web application’s page which is attacked displays in an entirely different way. The way the page is displayed depends on the effect of the attack injected into the valid SQL query.
Note - There exists several tools that can be used to automate such attacks once the location of the susceptibility and the target information is known.

  • Second Order SQL Injection - This kind of attack is caused when malicious commands injected into the submitted values are stored rather than implemented instantly. Thereafter, another component of the application that does not have any protection against injection of malicious codes, executes the stored SQL statement.
Note - In some cases the application may encode the malicious SQL statement correctly and store it as a valid query. The resolution to this attack requires in-depth knowledge of how submitted values are utilized. Automatic security scanners cannot detect such attacks easily and so the need to manually instruct where to look for evidence arises to get relieved of such attacks.

No comments:

Post a Comment