SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 SQL Server 2000 Forums
 SQL Server Administration (2000)
 Security Testing: SQL Injection
 New Topic  Reply to Topic
 Printer Friendly
Previous Page
Author Previous Topic Topic Next Topic
Page: of 2

karn
Starting Member

14 Posts

Posted - 05/08/2006 :  03:42:40  Show Profile  Reply with Quote
quote:
Originally posted by Merkin

That is too much of an ask for someone to put it all into a forum post.
The basic answer is :

1. Know SQL really really well
2. See what you can exploit.

A book could be written on it, but I don't have the time right now.
If you have the task of recommending to the developers how they should test and secure thier app, then you are in a position I do not envy. You should tell them to read this thread, and look at www.sqlsecurity.com

Failing that, you could hire someone to do an audit on it. This would be made quicker by supplying source code.



Damian
"A foolish consistency is the hobgoblin of little minds." - Emerson



Yes, I am required to suggest improvements in the structure & security of db to the dev. team - for which I have gathered necessary informations from this forum n others. I will check the link you have provided n refer it to the team as well.
However, if you could recommend any book pertaining to my existing unsolved concern, please do suggest me.

Thanks
Go to Top of Page

karn
Starting Member

14 Posts

Posted - 05/10/2006 :  06:25:23  Show Profile  Reply with Quote
Hi,

I attempted the followin string on two pages of my site:

---> '; exec master..xp_cmdshell 'iisreset';-- <---

page1-
Forget password page:

---> \\\'; exec master..xp_cmdshell \\\'iisreset\\\';-- <---
Error:Login id not valid in this section.

page2-

login page:
Incorrect Username or Password

---

I think that the first one should have worked but it didn't.

I dont understand reason behind the second result. Could it be because, the userid input is the form of email address?
Go to Top of Page

spirit1
Cybernetic Yak Master

Slovenia
11750 Posts

Posted - 05/10/2006 :  06:27:54  Show Profile  Visit spirit1's Homepage  Reply with Quote
try
'; exec master..xp_cmdshell ''iisreset'';--

Go with the flow & have fun! Else fight the flow
Blog thingie: http://weblogs.sqlteam.com/mladenp
Go to Top of Page

karn
Starting Member

14 Posts

Posted - 05/10/2006 :  06:38:53  Show Profile  Reply with Quote
quote:
Originally posted by spirit1

try
'; exec master..xp_cmdshell ''iisreset'';--

Go with the flow & have fun! Else fight the flow
Blog thingie: http://weblogs.sqlteam.com/mladenp




The page I am testing is the 'Forgot Password' page which takes 'Login ID' as the input. Login ID is in the form of 'Email Address' that we need to enroll with at the time of registeration/member creation.

The page gives me the following string in the input text box and the following error string:

\\\'; exec master..xp_cmdshell \\\'\\\'iisreset\\\'\\\';--
Login id is invalid in this section.

The address of this page now (after the error) is
http://www.example_site.com/test_page1/help.php?section=Password_Recovery_error&errortype=C&email=+%5C%27%3B+exec+master..xp_cmdshell+%5C%27%5C%27iisreset%5C%27%5C%27%3B--

Go to Top of Page

spirit1
Cybernetic Yak Master

Slovenia
11750 Posts

Posted - 05/10/2006 :  06:40:53  Show Profile  Visit spirit1's Homepage  Reply with Quote
so i guess that's good, no?

Go with the flow & have fun! Else fight the flow
Blog thingie: http://weblogs.sqlteam.com/mladenp
Go to Top of Page

karn
Starting Member

14 Posts

Posted - 05/10/2006 :  06:56:43  Show Profile  Reply with Quote
umm, no. Acunetix says the page might be susceptible to injection.
Go to Top of Page

MonikaLec
Starting Member

1 Posts

Posted - 04/18/2012 :  02:49:17  Show Profile  Reply with Quote
Hello all,
If you are interested in the topic connected with SQL Injection, you can download the teaser of new Hakin9 Magazine in which there are few articles about the topic I've mentioned.

This is the link: unspammed and the only thing that you have to do is to register on this website on free account. Enjoy.
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Previous Page
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.06 seconds. Powered By: Snitz Forums 2000