We all know about the security threat of non-sanitized user input, but it’s pretty scary how much a hacker can learn about your database structure just through SQL injections. This article, one of the most interesting I’ve read in a long time, shows how easy it is to gain access to an intranet area.
A customer asked that we check out his intranet site, which was used by the company’s employees and customers. This was part of a larger security review, and though we’d not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were completely successful in this engagement, and wanted to recount the steps taken as an illustration.
There was an even more interesting webcast (infact, there are several) on MSDN a while back about different penetrative techniques.
The presenter gave several demos of utilising the UNION command when returning data to query the system tables and extract specific details about the tables, their columns and stored procedures in the database.
very nice article. but when programming the interface to a backend. Wouldnt u first grab the user input then format it in someway.
I mean im no expert on the sql stuff but when i did a couple web programs at uni that’s the approach i took. It seemed the most logical.
But then again when uve got ur boss on ur shoulder…
Yeah, lok-lok, it’s definitely best to sanitize any user input before using it in queries. Of course, beginning PHP programmers don’t always think of that.
I just thought it amazing how much someone could learn about a database knowing only basic SQL injection techniques.