![]() |
![]() |
|
, 15:14 | #1 |
Banned
Локация: deleted
Регистрация: 06.01.2012
Сообщений: 658
Репутация: 21 / 0
|
![]()
SQL Injection
SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. Details Databases are fundamental components of Web applications. Databases enable Web applications to store data, preferences and content elements. Using SQL, Web applications interact with databases to dynamically build customized data views for each user. A common example is a Web application that manages products. In one of the Web application's dynamic pages (such as ASP), users are able to enter a product identifier and view the product name and description. The request sent to the database to retrieve the product's name and description is implemented by the following SQL statement. code:
SELECT ProductName, ProductDescription FROM Products WHERE ProductNumber = ProductNumber code:
sql_query= " SELECT ProductName, ProductDescription FROM Products WHERE ProductNumber = " & Request.QueryString("ProductID") When a user enters the following URL: code:
http://www.mydomain.com/products/products.asp?productid=123 code:
SELECT ProductName, ProductDescription FROM Products WHERE ProductNumber = 123 code:
http://www.mydomain.com/products/products.asp?productid=123 or 1=1 source:
source:
An attacker may use SQL injection to retrieve data from other tables as well. This can be done using the SQL UNION SELECT statement. The UNION SELECT statement allows the chaining of two separate SQL SELECT queries that have nothing in common. For example, consider the following SQL query: code:
SELECT ProductName, ProductDescription FROM Products WHERE ProductID = '123' UNION SELECT Username, Password FROM Users; code:
http://www.mydomain.com/products/products.asp?productid=123 UNION SELECT user-name, password FROM USERS Prevention The most common way of detecting SQL injection attacks is by looking for SQL signatures in the incoming HTTP stream. For example, looking for SQL commands such as UNION, SELECT or xp_. The problem with this approach is the very high rate of false positives. Most SQL commands are legitimate words that could normally appear in the incoming HTTP stream. This will eventually case the user to either disable or ignore any SQL alert reported. In order to overcome this problem to some extent, the product must learn where it should and shouldn't expect SQL signatures to appear. The ability to discern parameter values from the entire HTTP request and the ability to handle various encoding scenarios are a must in this case. Imperva SecureSphere does much more than that. It observes the SQL communication and builds a profile consisting of all allowed SQL queries. Whenever an SQL injection attack occurs, SecureSphere can detect the unauthorized query sent to the database. SecureSphere can also correlate anomalies on the SQL stream with anomalies on the HTTP stream to accurately detect SQL injection attacks. Another important capability that SecureSphere introduces is the ability to monitor a user's activity over time and to correlate various anomalies generated by the same user. For example, the occurrence of a certain SQL signature in a parameter value might not be enough to alert for SQL injection attack but the same signature in correlation with error responses or abnormal parameter size of even other signatures may indicate that this is an attempt at SQL injection attack. Спойлер http://www.imperva.com/resources/glossary/sql_injection.html |
![]() |
Наши Спонсоры | ||||
|
, 11:35 | #2 |
НЕ ПРОВЕРЕН
Регистрация: 11.12.2014
Сообщений: 1
Репутация: -3 / 0
|
![]() |
![]() |
Тема | Автор | Раздел | Ответов | Последнее сообщение |
SQL injection полный FAQ | deihack | Сайты, Форумы, CMS | 0 | 21.01.2012 12:16 |
SQL Injection для чайников, взлом ASP+MSSQL | tickhack | Сайты, Форумы, CMS | 2 | 21.01.2012 12:08 |
sql injection в asp | s0llo | Сайты, Форумы, CMS | 2 | 28.09.2010 22:51 |
SQL Injection в Oracle | Ram0nlord | Сайты, Форумы, CMS | 10 | 10.10.2009 18:44 |
SiXSS -SQL Injection для Cross Site Scripting | Ram0nlord | Сайты, Форумы, CMS | 0 | 28.07.2009 18:41 |
Copyright © 2008 - 2013 «HPC» Реклама на сайте Правила Форума Пользовательское соглашение Работа на сайте |