Library tutorials & articles

SQL Injection Attacks by Example

  • Comments (2)
  • PDF
  • AddThis
By Stephen J. Friedl, published on 17 Jan 2005
Page 1 of 7
  1. Introduction
  2. The Target Intranet
  3. Schema Field Mapping
  4. Finding some users
  5. The database isn't readonly
  6. Mitigations
  7. Conclusion

Introduction

A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.

"SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the idea is to convince the application to run SQL code that was not intended. If the application is creating SQL strings naively on the fly and then running them, it's straightforward to create some real surprises.

We'll note that this was a somewhat winding road with more than one wrong turn, and others with more experience will certainly have different -- and better -- approaches. But the fact that we were successful does suggest that we were not entirely misguided.

There have been other papers on SQL injection, including some that are much more detailed, but this one shows the rationale of discovery as much as the process of exploitation.

Comments

  1. jshindl
    07 Feb 2005 at 16:22
    This is a good article, but check out this article to actually automatically get a copy of the whole database.

    http://database.ittoolbox.com/browse.asp?c=DBPeerPublishing&r=%2Fpub%2FSG090202%2Epdf
  2. Developer Fusion Bot
    01 Jan 1999 at 00:00

    This thread is for discussions of SQL Injection Attacks by Example.

Leave a comment

Sign in or Join us (it's free).

Related tags

db, php, security, sql
Stephen J. Friedl UNIX Wizard and Microsoft MVP

Related articles

Ask a question

Related discussion

Related podcasts

  • Roundup 09 - Java Plugin Architectures

    Roundup 09 - Plug-in Architectures in JavaFully formatted shownotes can always be found at http://javaposse.com NetBeans pluginshttp://platform.netbeans.org/tutorials/nbm-google.html IntelliJ pluginshttp://www.jetbrains.com/idea/plugins/plugin_developers.html Hudson pluginshttp://wiki.hudson-c...

Events coming up

  • Dec 3

    The Auckland PHP December meetup

    Auckland, New Zealand

    Topic: Magento E-Commerce platform Speaker: Robert Popovic, LERO9, Robert is the Technical Director and co-founder of LERO9. Robert attended the Electrotechnical Faculty at The University of Belgrade where he graduated with a Masters in Computer Science and Information Technology. Robert has worked exclusively in the field of web and software development throughout his career.

Languages

Web Development

Frameworks & Architecture

Other major sections

Cancel
We'd love to hear what you think! Submit ideas or give us feedback