background preloader

SQL Injection Attacks by Example

SQL Injection Attacks by Example
A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises. We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. We speculate that the underlying SQL code looks something like this: A standalone query of

http://www.unixwiz.net/techtips/sql-injection.html

SQL Injection Cheat Sheet Find and exploit SQL Injections with free Netsparker SQL Injection Scanner SQL Injection Cheat Sheet, Document Version 1.4 About SQL Injection Cheat Sheet Currently only for MySQL and Microsoft SQL Server, some ORACLE and some PostgreSQL. How They Hack Your Website: Overview of Common Techniques We hear the same terms bandied about whenever a popular site gets hacked. You know… SQL Injection, cross site scripting, that kind of thing. But what do these things mean? xp_cmdshell Executes a given command string as an operating-system command shell and returns any output as rows of text. Grants nonadministrative users permissions to execute xp_cmdshell. Note When executing xp_cmdshell with the Microsoft® Windows® 98 operating systems, the return code from xp_cmdshell will not be set to the process exit code of the invoked executable. The return code will always be 0.

Bastion host Background[edit] ...a system identified by the firewall administrator as a critical strong point in the network's security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.[2] Documentaries Real Scientific Evidence of Controlled Implosion "The preconceived notion of NIST is that there's no evidence for explosives, as in there is no point in looking. That is the most unscientific thing which you can possibly think of. Not to look because you don't expect to find evidence and in fact the evidence is overwhelming.

SQL Injection Walkthrough 1.0 Introduction When a machine has only port 80 opened, your most trusted vulnerability scanner cannot return anything useful, and you know that the admin always patch his server, we have to turn to web hacking. SQL injection is one of type of web hacking that require nothing but port 80 and it might just work even if the admin is patch-happy. It attacks on the web application (like ASP, JSP, PHP, CGI, etc) itself rather than on the web server or services running in the OS. This article does not introduce anything new, SQL injection has been widely written and used in the wild. We wrote the article because we would like to document some of our pen-test using SQL injection and hope that it may be of some use to others. You may find a trick or two but please check out the "9.0 Where can I get more info?"

Salt (cryptography) In cryptography , a salt is random data that is used as an additional input to a one-way function that hashes a password or passphrase . A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and processed with a cryptographic hash function , and the resulting output (but not the original password) is stored with the salt in a database. This allows for later authentication while defending against compromise of the plaintext password, even in the event that the database is somehow compromised.

SQL Injection Attacks by Example A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration. Configure Linux As Bastion Host What is bastion host? How do I configure bastion host under Linux? How do I create a firewall for a bastion host under any Linux distribution? A bastion host is high risk host on your network. It can be a dedicated Linux running netfilter or OpenBSD box running PF or a Cisco PIX device. This device is designed to protect your network from external threats.

40 websites that will make you cleverer right now The indexed web contains an incredible 14 billion pages. But only a tiny fraction help you improve your brain power. Here are 40 of the best. SQL Injection Demo - Nazim's IIS Security Blog SQL injection seems to have faded from prominence lately and has become just a buzz word. To make things a little more real I put together a quick demo for it, to demonstrate that you don't necessarily have to go out of your way to make your web application exploitable. Here are the ingredients for this demo: ASP.NET application using System.Data.SqlClient to access a SQL database. SQLExpress (or any other db) with some tool to directly author to the database. CAUTION: This is a sample to demo SQLInjection and is hence insecure.

DDOS With the holiday shopping season in full swing, some Internet security experts are worried that ecommerce sites may be especially vulnerable to distributed denial of service attacks from hackers, thieves, or even unscrupulous competitors. A distributed denial of service — DDoS — attack happens when many computers maliciously send requests, packets, or data to a particular web server, overwhelming it and either slowing it to a crawl or bringing it down altogether. DDoS attacks against online retailers are often intended to cost the victim profits that might have otherwise been realized.

Related:  Security