SQL injection

Added: 04/10/2009

Background

Structured Query Language (SQL) is the most common language understood by modern relational databases.

Problem

A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to inject arbitrary SQL commands via a specially crafted input parameter containing unexpected characters. A successful SQL injection attack could result in unauthorized read and write access to the database.

Resolution

Modify the web program to remove invalid characters from input parameters before using them in SQL queries.

References

http://www.windowsecurity.com/whitepapers/What-SQL-Injection.html

Limitations

Exploit works on MySQL, Oracle Database, and Microsoft SQL Server.

In order for the exploit to succeed, the vulnerable parameter must be present in an HTML form which is accessible by following links from the home page of a web site. The web program must display the result of the affected query somewhere in the response page. The success of the exploit may also depend on the structure of the affected query.

If using the https protocol, the exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from http://www.cpan.org/modules/by-module/IO/.
Back to exploit index