The Web Local
 

 

 

SQL Injection

 

SQL Injection is essentially when a low privileged user interactively executes SQL commands on a database server by adding additional syntax into standard arguments, this is then passed to a particular function enabling enhanced privileges.  SQL Injection can also take the form of appending specific strings to queries that break out of the database servers known logic and return sensitive information not normally available to an unauthenticated user.

 

SQL Injection has been known about for several years now and rather than re-document all the material locally.  I have put together a list of useful papers that may help you in your task:

 

SQL Injection walkthrough

 

Basically the beginners guide to SQL Injection. 

Advanced SQL Injection in SQL Server
 

This paper introduces the varied formats in which SQL can be used and 'injected' into an application/back-end database.  It also introduces ways around authentication controls prevalent in today's databases.


More Advanced SQL Injection

 

This paper deals with SQL Injection in a Microsoft SQL Server/ IIS/ Active Server Pages environment.  Most of the techniques discussed can be ported to other similar database environments i.e. Sybase. This paper is essentially an add-on to Advanced SQL Injection in SQL Server (above).

Advanced SQL Injection in Oracle databases
 

This paper solely discusses the many ways to use SQL Injection against Oracle Databases.  There are numerous examples of syntax required to carry out this type of attack and shows how easily Oracle in-built security can be circumvented.


Blind SQL Injection
 

This paper discusses the varied ways that an attacker would try to enumerate errors in an application. I essence the attacker learns to identify errors and tries to identify whether they are SQL related or not and tailor their attack to what they have found.


SQL Injection by example
 

A paper discussing an actual SQL Injection attack carried out as part of a security review of a large Intranet site.


Understanding SQL Injection

Reading these should give you an excellent grounding on the subject and most provide almost a step-by-step guide.  Of particular note of those papers produced by members of NGS Software, which also provides invaluable database auditing tools. 

 

There area number of SQL injection cheat sheets to help you with a manual test, notably available from:

 

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews:

 

 

 

  
 

© VulnerabilityAssessment.co.uk 23 February 2008