CUR14 - SQL Injection
blank
(sql injection continued) When an attacker executes SQL Injection attacks, sometimes the server responds with error messages from the database server complaining that the SQL Query's syntax is incorrect. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather then getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through SQL statements.
blank
1. Directory Traversal: Also knows as a Path Traversal attack. This attack aims to access files and directories that are stored outside the web root folder. By browsing the application, the attacker looks for absolute links to files stored on the web server. By manipulating variables that reference files with "dot-dot-slash (../)" sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration and critical system files, limited by system operational access control. The attacker uses "../" sequences to move up to root directory, thus permitting navigation through the file system.
blank
CSS - Cross Site Scripting: CSS or XSS vulnerabilities are a type of computer security vulnerability typically found in Web applications. XSSvulnerabilities enable attackers to inject client-side script into Web pages viewed by other users. Even thou XSS or CSS have been on the list for many years, it is not the MOST common vulnerability. Information Leakage: Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack. An information leak occurs when system data or debugging information leaves the program through an output stream or logging function.
all administrators along with everyone else
SELECT * FROM employee_db WHERE Emp_Role='administrator' or 1=1--'
Single Quote or the ' symbol
The user detects a database is supplying active content from a database. What is the first string the attacker would use to determine if a SQL injection were even possible?
Blind SQL injection attack.... When someone is attacking a SQL server they rely on feedback from the server to determine if they are making progress. For example with simple SQL Injection often times we see useful error messages disclosing useful information about the target which helps craft the attack even further.
Which of the following SQL Injection Attack is most often described by getting results which contains no useful error message and also known to be very time consuming?
Union SQL Injection... The SQL UNION statement combines the results of two SQL queries into a single table with matching rows of resulting data. The UNION operator is used in SQL injections to join a query, purposely forged by the tester, to the original query. The result of the forged query will be joined to the result of the original query, allowing the tester to obtain the values of fields of other tables.
Which of the following SQL Injection attacks use an operator in SQL injections to join a query, purposely forged by the tester, to the original query thus allowing the tester to obtain the values of fields of other tables?
Data is received via the same channel that was used to attack.
Which of the following answers BESTdescribe an "In-band SQL Injection"?
Inferential SQL Injection..... Results of the attack come back in other means. Meaning, if we get an error message that doesn't tell us what we want to know we may be able to derive the answer by inferring certain things about the response we did do get.
Which of the following answers is BEST defined as when we don't get a direct answer from our input and we must use the results of an SQL Injection attack to make assumptions about the target?
Injection.... SQL Injection and other types of injection attacks came in at number one, accounting for the majority of the attacks on web servers and their applications. It is possible that this is due to the complexity of database servers and how they interact with web applications.
Which of the following answers represents the most prevalent web vulnerability in recent years according to the Open Web Application Security Project (OWASP)?
Using network administrator privileged account on service accounts..... It is important to always use the "Least Privilege" approach to running services because if the service or server gets compromised the accounts it is configured to use can do no damage outside the web app supporting system.
Which of the following countermeasures would NOT help secure your web applications and their back-end databases?
blank
sql injection continued However with Blind SQL Injections only generic error messages are given so it is less known if the attack is proceeding. This makes the attack continue very slowly and in a time consuming manner. With a simple SQL Inject attack we could get ODBC errors revealing valuable information about the target but this is not the case with Blind SQL Injections Attacks.