SQL Injection

SQL Injection: Something to do with Sql User Input Vulnerability.

SQL Injection is a technique which enables an attacker to execute unauthorized SQL commands by taking advantage of unsanitized input opportunities in Web applications building dynamic SQL queries.

SQL injection attacks are possible because the SQL language contains a number of features that make it quite powerful and flexible, namely:
1. The ability to embed comments in a SQL statement using a pair of hyphens.

2. The ability to string multiple SQL statements together and to execute them in a batch.3. The ability to use SQL to query metadata from a standard set of system tables.
SqlInjection examples: SELECT Count(*) FROM Users WHERE UserName='' Or 1=1 --' AND Password='' ' UNION SELECT id, name, '', 0 FROM sysobjects WHERE xtype ='U' -- '; UPDATE Products SET UnitPrice = 0.01 WHERE ProductId = 1--

How to prevent SQL Injection:

1. Always validate User dynamic SQL data

2. Always execute SQL Statements with Least User Privilges

3. Do not show database Error messages completely

Tools to prevent Sql Injection:
Each of these tools works differently and each attacks the SQL injection problem from a different angle, and in combination they complement each other well," revealed Bryan Sullivan, Security Product Manager SDL team.

HP Scrawlr: The tool will crawl a website, simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr uses some of the same technology found in HP WebInspect but has been built to focus only on SQL Injection vulnerabilities. This will allow an IT/DB admin to easily find vulnerabilities similar to the ones that have been used to compromise sites in recent attacks. No source code is required to run this tool. From a starting URL, the tool recursively crawls that URL in order to build up a site tree that will be then analyzed for SQL injection vulnerabilities.

Microsoft Source Code Analyzer for SQL Injection: Called MSCASI, this is a static code analysis tool that identifies SQL Injection vulnerabilities in ASP code (ASP pages are the ones that have been under attack). In order to run MSCASI you will need source code access and MSCASI will output areas vulnerable to SQL injection (i.e. the root cause and vulnerable path is identified). It scans ASP source code and generates warnings for first order and second order SQL Injection vulnerabilities.

URLScan 3.0: This tool restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being executed on the server. It uses a set of keywords to block certain requests. If a bad request is detected, the filter will drop the request and it will not be processed by SQL. That said, if a SQL injection flaw has been identified, you are encouraged to fix the root cause of the problem instead of attempting to produce the perfect filter (since in our view this is error prone).

Tool to perform SqlInjection !!!
SqlMap: http://sourceforge.net/projects/sqlmap/
Sqlmap is an automatic SQL injection tool. It is capable to perform an extensive DBMS back-end fingerprint, retrieve remote usernames, tables, columns, enumerate entire DBMS and much more taking advantage of web application SQL injection vulnerabilities.


SQL Injection Attacks by Example – http://www.unixwiz.net/techtips/sql-injection.html

SQL Injection Walkthrough - http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers - http://blogs.zdnet.com/security/?p=1059

Bryan Sullivan Blog on Security: - http://blogs.msdn.com/sdl/