Stopping automated SQL injection attacks

Stopping automated SQL injection attacks

Tags:   intrusion detection  intrusion prevention  network and internet security  SQL injection

By Jamie Gamble and Patrick Szeto | May 8, 2009

SQL injection is a class of vulnerabilities that arises when user-supplied input is used to construct SQL queries, or commands designed to modify and manage databases. If the user-supplied input is not properly sanitized prior to being appended to a dynamic SQL statement, an attacker can modify the query to produce results not intended by the developers. The modified SQL statement can perform any of the actions that are available to the database account's privilege level, both on the database and to the system and network that the database is running on.

In 2008, worms were used to compromise Web servers and install malware that infected users of the affected websites. The worms used automated SQL injection attacks to modify the data in the database that would be displayed to users as part of a webpage. The modified data would be loaded into webpages, redirecting the user to another site hosting malware. In this tip, we'll look at ways to prevent these automated hacks.

The way that a payload is executed in the user's browser makes the attack similar to persistent cross-site scripting, an exploit in which a hacker places malicious code into a link that appears trustworthy. The difference is that the malicious executable injected during automated SQL injection attacks may be found in many different portions of the site, and not just in locations where the response includes previously supplied user input, as is the case with cross-site scripting. When a user browses to a page that includes the contaminated data, he or she will be redirected to a page that will download malware onto the local computer.

Automated SQL injection, with the help of search engines
These automated SQL injection worms utilize search engines to discover candidates for attack. By searching for strings associated with parameters for Web applications, the worms capitalize on search engines to acquire targets. The worms may search for specific page names such as "form.asp" or form parameter names such as "username." These identify Web forms and are commonly vulnerable to SQL injection. Search engines like Google also provide advanced search options such as "inurl:", "allinurl:" and "site:", which enable the worms' programmers to specify how to search for these parameters, such as in a search for "inurl:username=". The worms then launch SQL injection attacks to compromise the identified sites. By attacking Web servers that appear to access a database, the worms do not waste time attacking Web servers that don't have dynamic content. This allows them to spend less time randomly scanning for targets to exploit, allowing them to spread faster.

 
 
12

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Today's top security priorities
Attacks based on vulnerabilities in websites are skyrocketing, and not many solutions are available to protect organizations against them. How do you deal with this and other key security issues today?
Taking a holistic business-centric approach to security
Today’s CIOs face multiple challenges, including the need to innovate in an extremely competitive business climate, address highly dynamic regulatory and compliance challenges, speed ROI to counter shrinking IT budgets, and secure their organizations against a wide barrage of sophisticated threats.
 
 
 
UTM product offers Logansport Savings Bank superior protection
Astaro Security Gateway’s IPS was able to block attacks that other intrusion prevention systems (IPS) missed at Logansport Savings Bank.
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
 
 
 

Recent popular content

Most Read
Information security issues, strategies and spending in 2010
Could the 2010 World Cup be a nightmare waiting to happen for IT managers?
Top 10 tips for protecting sensitive data from malicious insiders
Today's top security priorities
Using Scapy to test Snort IDS

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS