× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. May 2008

Re: SQL Injection???


The Web Application Hacker's Handbook (Stuttard and Pinto from Wiley)
is a very good one. For example, the chapter on SQL injection is nearly
100 pages (and that isn't code listings or other eat up space content.)

Also, an interesting exploit that nailed thousands of web sites in
last few weeks is SQL injection of a cross site scripting attack. I will
post link to my explanation of it I posted at the time.

http://www.justiceforchandra.com/forums/viewtopic.php?t=3602

As noted in this thread about multiple SQL statements on a line or
lack thereof for i5/OS SQL engine, this exploit targeted SQL Server
sites using its support for multiple SQL statements on a line and the
specific metadata tables of SQL Server.

However, the relevant point is that SQL was injected to execute to
load javascript code into text fields in the database (say a comments
field for example). This is a double layer of injection. When an
injected database field is retrieved as part of assembling a web page
and downloaded, the javascript executes and attempts a standard multiple
vector attack on the PC with downloads from various Chinese sites.

The sites are eventually taken down within days but in meantime
hundreds of thousands of websites with SQL Server are serving up that
malware to millions of PC's.

All it took was an SQL statement to concatenate any one of the input
fields (they would all be loaded with the same attack code) without
escaping contents, for example loading a comment field as is.

Needless to say, with hundreds of thousands of sites infected within
days, that kind of programming lapse wasn't hard to find. And that was
with the somewhat more robust .ASP/.NET programming. It is well known
that orders of magnitudes more PHP programming is even loosier goosier,
to put it mildly.

Personal caveat: This has nothing to do with my preference for native
IO. This has to do with trying not to be a victim as I move into a
personal project on an RPG web app.

rd



Mike wrote:
Does anyone know of a good book that covers a lot of this information (not
necessarily System i specific)? Something that goes more in depth so I can
learn more on how to protect against it?




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.