Understanding SQL Injection Attacks

SQL injection: The ability to inject (malicious) SQL commands into the background database engine execution, using existing applications, is the standard interpretation of SQL injection.

With the B/S model being widely used, programmers who write applications in this mode are becoming more and more, but due to the uneven level and experience of developers, a considerable number of developers are writing code, Without the necessary legitimacy to judge the user's input data or the information carried on the page (such as a cookie), the attacker could submit a database query code to obtain some of the data he wanted, based on the results returned by the program.

SQL injection takes advantage of the normal HTTP service port, which appears to be no different from normal Web access and is highly covert and difficult to detect.

SQL injection Process

As shown, the SQL injection attack process consists of five steps:

The first step: Determine whether the Web environment can be SQL injection. If the URL is only access to the Web page, there is no SQL injection problem, such as: http://news.xxx.com.cn/162414739931.shtml is normal Web Access. SQL injection is possible only for a business that dynamically queries the database, such as http://www.google.cn/webhp?id=39, where? id=39 represents a database query variable, which executes in the database and therefore may pose a threat to the database.

Step two: Find the SQL injection point. After completing the previous step, it is necessary to look for an injection vulnerability that can be exploited by entering some special statements that can be used to determine the database type based on the browser return information and to construct a database query statement to find the injection point.

Step three: Guess the user name and password. The table names and field names stored in the database are regular. By constructing a special database statement, you look in the database for the length of the table name, field name, user name, and password, and the contents. This guessing process can be quickly realized through a large number of online injection tools, and the use of cracked Web site easy to decipher user passwords.

Fourth step: Look for Web management background portal. Usually the Web background management interface is not intended for ordinary users

Open, to find the landing path to the background, you can use the scanning tool to quickly search for possible landing address, and then try, you can try out the console's entry address.

Fifth step: Intrusion and destruction. After successful landing management, the next can be arbitrarily disruptive behavior, such as tampering with Web pages, uploading Trojans, modifying, leaking user information, and further intrusion database server.

Features of SQL injection attacks:

Many variants, experienced attackers will manually adjust the attack parameters, resulting in the variant of the attack data is not enumerable, which led to the traditional feature matching detection method can only identify a relatively small number of attacks, difficult to prevent.

The attack process is simple, the Internet is currently popular with many SQL injection attack tools, attackers with these tools can quickly implement the target Web system attack and destruction.

Because of the disadvantages of web programming language itself and the few developers with security programming ability, most web business systems have the potential to be attacked by SQL injection. Once the attacker succeeds, it can control the entire web business system, make arbitrary changes to the data, and achieve the destructive power.

The harm and actuality of SQL injection

The main hazards of SQL injection include:

Manipulate data in a database without authorization

Maliciously tampering with web content

Add a System account or a database user account privately

Web-Hung Trojan

......

According to Symantec's March 2006 Internet Security Threat Report (issue Nineth):

Nearly 70% of the attacks are based on Web applications, and according to CVE's 2006 statistics, the vulnerability of SQL injection attacks is increasing every year, and 2006 is an astonishing 1078, and these are limited to common application vulnerabilities. Does not include vulnerabilities in larger, professional Web applications.

And the various attack tools and attack tutorials for the SQL injection vulnerability are endless, and the script guy (the Scripting Boy) who has mastered the attack tools can easily break the line of the network database: Manipulate the data, get permission ...

SQL injection attack: http://netsecurity.51cto.com/art/201108/287651.htm

Understanding SQL Injection Attacks