SQL Injection Attacks - Are You Safe?
SQL
injection is a technique that exploits security vulnerabilities
in a web site by inserting malicious code into the database that runs
it. Along with cross-site scripting, SQL injection represents one of
the most dangerous and well-known, yet misunderstood, security
vulnerabilities on the Internet, largely because there is no central
repository of information available for penetration testers, IT
security consultants and practitioners, and web/software developers to
turn to for help.
Application
vulnerabilities prone to exploitation using SQL Injection:
• Incorrectly
filtered escape characters are allowed into a SQL statement
• Form fields are not validated for incompatible data
types
• Vulnerabilities in the database server software
allow bad Unicode characters
• Blind SQL Injection where an attacker can
only see a
developer-generated message, but still force the database to evaluate a
logical statement on an ordinary application screen and give a
different result
• Conditional SQL errors resulting from evaluation of
statements in which the WHERE statement is true
• Time Delays, a type of blind SQL Injection, causing
the SQL
engine to execute a long running query or time delay statement, where
the attacker can measure the time the page takes to load and determine
if the injected statement is true
• The magic string, a simple string of SQL used
primarily at
login pages, allowing the user to be logged in on top of the
SQL
table
• Using data truncation, dynamic Transact-SQL
assigned to a
variable will be truncated if it is larger than the variable buffer,
allowing an attacker to force statement truncation by passing long
strings to a stored procedure and manipulating the result
• Strings that are returned by QUOTENAME() and
REPLACE() will
be silently truncated if they exceed the space that is allocated