Web application security - the fast guide 1.1 | Page 122
Chapter 6 - Attack execution (2)
P a g e | 122
Data storage is one of the main components of most of web applications, it
contains the information about the key business functionalities in addition to
users account information which makes it a delicious meal for an attacker.
Data storages have many types that rely on multiple technologies, it can be as
simple as plain text file or sophisticated Data base management system like
Oracle.
No matter what used Data stores are it can become vulnerable if the attacker
finds a way to interface the data store through the application functionalities or
being able to access it directly in case of Data remote access availability.
Injection is one of the common types of attacks that commonly executed to
compromise data stores, it generally depends on the nature of interpreted
languages characterized by parsing and executing instructions in the run time.
PHP, Perl, SQL and LDAP are well-known examples of interpreted languages
used in web application development.
The main idea that helps in compromising interpreted language is being able to
inject special characters or instruction that have grammar match in the language
syntax.
The following listing a simple SQL syntax that retrieve user records that has a
matching user name and password to those entered in quotations.
Select * from users where username = ‘usrName’ and password = ‘pass’
If the application that include this syntax is vulnerable to injection by mean of
absence of sanitization functionality for entered values, the attacker will be able
to enter the value of
( admin’- - ) in the user name and any password to gain administrator account
privileges as the resulting code that is going to be executed by the interpreter is:
Select * from users where username = ‘admin’- -‘ and password = ‘anyPass’
The (- -) is the special syntax to begin comment in SQL, which means that the
interpreter will ignore everything after (--) and will retrieve the admin record.
6.9 SQL injection
SQL