Wednesday 12 March 2014

Well Known Hacks I: SQL Injection (Examples)

Now in this post I will briefly mention some of the common SQL Injection attacks. Please note that none of the examples presented here are mine, and they are taken from Steve Friedl's Unixwiz.net Tech Tips (You can visit the webpage for more detailed instruction).

Suppose there is a login form where you enter some data. The main methods of SQL injection involve entering values into the forms such that they make statements which are acceptable by the SQL parser.

Exploiting Using a Trivially True Logical Statement:

 
SELECT fieldlist
  FROM table
 WHERE field = 'anything' OR 'x'='x';
As you can see in the above example: We have a logical statement which is always true. No matter what you put there instead of 'anything', the comparison 'x'='x' is always true (Note the exploitation of quotations. We put there <'x'='x> as input, but from the machine's point of view, the value to be parsed is <'x'='x'>)! Therefore, if the victim program or application were not secure enough, you will be granted access to the system!

Brute-Force Password Guessing:
SELECT email, passwd, login_id, full_name
  FROM members
 WHERE email = 'bob@example.com' AND passwd = 'hello123';
Suppose another case where there is a form which asks for a valid email. Given that you know bob's email (bob@example.com), you can enter the above value as shown in the box over many iterations to find Bob's password using an efficient brute-force algorithm. What you do is that you run the above statement over many iterations but each time give a different value as the password (preferably trying combinations of different words in a dictionary as passwords). Once the system confirms that your email valid, that actually means that you have managed to hack Bob's password! Because otherwise the above statement would be false and from the point of view of machine's logic, as long as the password is wrong the whole statement becomes wrong (look at the AND operator), and finally the email is not considered as a valid email.

There are countless of more SQL injection examples that I am not going to talk about here, but you can definitely find articles on the web. Besides, SQL injection can be prevented very easily (I know it's sad, but you will never become a grey-hat hacker by solely knowing about SQL injections).

In my next blog post I will talk about a more practical type of hacking (namely XSS Attack).
P.S. It never hurts to follow my blog by clicking the follow button on top-right side of the page.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)