fbpx
SQL injection

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘” or ‘1’=’1″ in any basic injection statement such “or 1=1.” Identify the evasion technique used by Daniel in the above scenario.

Daniel is a professional hacker who is attempting to perform an SQL injection attack on a target website, www.moviescope.com. During this process, he encountered an IDS that detects SQL injection attempts based on predefined signatures. To evade any comparison statement, he attempted placing characters such as ‘” or ‘1’=’1″ in any basic injection statement such “or 1=1.” Identify the evasion technique used by Daniel in the above scenario.

Option 1 : Variation
Option 2 : IP fragmentation
Option 3 : Null byte
Option 4 : Char encoding

1. Variation

One may append the comment “–” operator along with the String for the username and whole avoid executing the password segment of the SQL query. Everything when the — operator would be considered as comment and not dead.

To launch such an attack, the value passed for name could be ’OR ‘1’=‘1’ ; —
Statement = “SELECT * FROM ‘CustomerDB’ WHERE ‘name’ = ‘ ”+ userName + “ ‘ AND ‘password’ = ‘ ” + passwd + “ ‘ ; ”

Statement = “SELECT * FROM ‘CustomerDB’ WHERE ‘name’ = ‘ ’ OR ‘1’=‘1‘;– + “ ‘ AND ‘password’ = ‘ ” + passwd + “ ‘ ; ”

All the records from the customer database would be listed.

Yet, another variation of the SQL Injection Attack can be conducted in dbms systems that allow multiple SQL injection statements. Here, we will also create use of the vulnerability in sure dbms whereby a user provided field isn’t strongly used in or isn’t checked for sort constraints.

This could take place once a numeric field is to be employed in a SQL statement; but, the programmer makes no checks to validate that the user supplied input is numeric.

2. IP fragmentation

IP fragmentation attacks are a common type of denial of service attack, during which the perpetrator overbears a network by exploiting datagram fragmentation mechanisms.

Understanding the attack starts with understanding the method of ip fragmentation, a communication procedure during which ip datagrams area unit broken down into little packets, transmitted across a network so reassembled back to the first datagram.

Fragmentation is necessary for data transmission, as each network has a unique limit for the scale of datagrams that it will method. This limit is understood because the most transmission unit (MTU). If a datagram is being sent that’s larger than the receiving server’s MTU, it’s to be fragmented so as to be transmitted completely.

3. Null byte

Null byte Injection is an exploitation technique wont to bypass sanity checking filters in infrastructure by adding URL-encoded null byte characters (i.e., %00, or 0x00 in hex) to the user-supplied knowledge. This injection method will alter the intended logic of the application and permit an offender to urge unauthorized access to system files.

Most web applications today are developed using higher-level languages like PHP, ASP, Perl, and Java. However, these net applications at some point need process of high-level code at the system level and this method is sometimes accomplished using C/C++ functions. the various nature of those dependent technologies has resulted within the Null byte Injection (aka Null byte Poisoning) attack.

How will Null byte Injection work?

All languages of the web are exploitable with this if your code is not sanitizing input -OR- parsing files properly. Null bytes are put in situ to terminate strings or be a place holder in code, and injecting these into URLs will cause net applications to not know once to terminate strings and manipulate the applications for purposes like LFI/RFI (Local and Remote File Inclusion).

4. Char encoding

In computing, information storage, and information transmission, character encoding is employed to represent a repertoire of characters by some kind of kind of system that assigns variety to every character for digital representation. depending on the abstraction level and context, corresponding code points and the ensuing code space is also regarded as bit patterns, octets, natural numbers, electrical pulses, etc. a personality encoding is used in computation, information storage, and transmission of matter information. “Character set”, “character map”, “codeset” and “code page” are connected, but not identical, terms.

Early character codes related to the optical or electrical telegraph may solely represent a set of the characters employed in written languages, typically restricted to upper-case letter letters, numerals and a few punctuation upper case. The low price of digital representation of knowledge in trendy pc systems allows a lot of elaborate character codes (such as Unicode) that represent most of the characters employed in several written languages. Character coding using internationally accepted standards permits worldwide interchange of text in electronic kind.

Learn CEH & Think like hacker


This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com

https://g.co/kgs/ttqPpZ

Leave a Comment