SQL injection authentication bypass

Added: 01/04/2011

Background

Structured Query Language (SQL) is the most common language understood by modern relational databases.

Problem

A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a specially crafted input parameter containing unexpected characters. A successful SQL injection attack could result in unauthorized access to the web application.

Resolution

Modify the web program to remove invalid characters from input parameters before using them in SQL queries.

References

http://www.windowsecurity.com/whitepapers/What-SQL-Injection.html

Limitations

In order for the exploit to succeed, the login form must be accessible by following links from the home page of a web site. The web program must allow authentication based on the response of a simple username and password query.

If using the https protocol, the exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from http://www.cpan.org/modules/by-module/IO/.
Back to exploit index