Code Injection and SQL Injection Hacks in Web Applications
Code-injection attacks manipulate specific system variables. This gives hackers the opportunity to access that sensitive information that they just love. Hackers can use this information to determine more about the web application and its inner workings, which can ultimately lead to a serious system compromise. Here’s an example:
Attackers who see this variable can start entering different data into the info_variable field, changing X to something like one of the following lines:
The web application might respond in a way that gives attackers more information than they want, such as detailed errors or access into data fields they’re not authorized to access. The invalid input might also cause the application or the server to hang. Hackers can use this information to determine more about the web application and its inner workings, which can ultimately lead to a serious system compromise.
If HTTP variables are passed in the URL and are easily accessible, it’s only a matter of time before someone exploits your web application.
Code injection can also be carried out against back-end SQL databases — an attack known as SQL injection. Malicious attackers insert SQL statements, such as CONNECT, SELECT, and UNION, into URL requests to attempt to connect and extract information from the SQL database that the web application interacts with. SQL injection is made possible by applications not properly validating input combined with informative errors returned from database servers and web servers.
Two general types of SQL injection are standard (also called error-based) and blind. Error-based SQL injection is exploited based on error messages returned from the application when invalid information is input into the system. Blind SQL injection happens when error messages are disabled, requiring the hacker or automated tool to guess what the database is returning and how it’s responding to injection attacks.
There’s a quick, fairly reliable way to determine whether your web application is vulnerable to SQL injection. Simply enter a single apostrophe (’) in your web form fields or at the end of the URL. If a SQL error is returned, odds are good that SQL injection is present.
You’re definitely going to get what you pay for when it comes to scanning for and uncovering SQL injection with a web vulnerability scanner. As with URL manipulation, you’re much better off running a web vulnerability scanner to check for SQL injection.
When you discover SQL injection vulnerabilities, you might be inclined to stop there. You could keep digging. An excellent — and amazingly simple — tool to use for this is SQL Injector, which comes with webInspect. You simply provide the tool with the suspect URL that your scanner discovered, and the SQL injection process begins.
You can click the Get Data or Pump Data buttons in SQL Injector to start dumping information, leading you to the ultimate ethical hacking goal.
Acunetix web Vulnerability Scanner has a similar SQL injection tool built in as well.