SQL injection authentication bypass
Added: 01/04/2011Background
Structured Query Language (SQL) is the most common language understood by modern relational databases.Problem
A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a specially crafted input parameter containing unexpected characters. A successful SQL injection attack could result in unauthorized access to the web application.Resolution
Modify the web program to remove invalid characters from input parameters before using them in SQL queries.References
http://www.windowsecurity.com/whitepapers/What-SQL-Injection.htmlLimitations
In order for the exploit to succeed, the login form must be accessible by following links from the home page of a web site. The web program must allow authentication based on the response of a simple username and password query.
If using the https protocol, the exploit requires the IO-Socket-SSL PERL module to be
installed on the scanning host. This module is available from
http://www.cpan.org/modules/by-module/IO/.
Back to exploit index