Read 39 401 - jserpa-p/lisbon-ops-301n1_Reading GitHub Wiki

SQLi with Burp Suite, WebGoat

Understanding SQL Injection, Identification and Prevention

SQL Injection is a type of cyberattack where malicious code is inserted into a web application's input fields or parameters. The goal of the attack is to manipulate the application's underlying database by tricking it into executing unintended SQL commands. This can lead to unauthorized access, data theft, or data manipulation.

SQL and Sysadmins

A Sysadmin is a professional responsible for managing and maintaining the computer systems, servers, networks, and software within an organization.

A Database Table is like a virtual grid that stores information in a structured manner. This structure helps organize and manage data effectively, making it easy to find and work with the information stored in the database.

How do Web Frameworks Prevent SQL Injection?

They perform two important tasks:

First, they offer specific user input sanitization countermeasures to defeat common SQL Injection patterns: the framework will strip NULL characters, line breaks, single quotes, etc. that are often used to carry additional SQL commands into an intended query.

Second, they provide a syntax for declaring what a SQL statement is supposed to look like before actually trying to execute it. Depending on what framework you’re using, the name may vary, but the intent is the same: make sure that the form of the SQL statement that you want to execute is correct prior to running it.

What’s vulnerable to SQL injection attacks?

  • Everything having a web configuration interface backed by a database.
  • Everything being susceptible to SQL injection attacks.

What can web servers do to help?

  • ModSecurity provides a default coreset of rules that will filter basic SQL Injection attacks.

  • Naxsi – an open source web application firewall that acts as a 3rd party module to Ngnix blocking many of the tell tale characteristics of SQL Injection attacks.

  • IIS v7.0+ have the ability to filter inbound http requests.

Questions

  • What is SQL injection?

You can see the awnser at the beginning.

  • Can you give an example of how a hacker could use SQL injection to gain unauthorized access?

Imagine a website that has a login page where users enter their username and password. If the website is not well-protected, a hacker could enter special characters in the username field that tricks the website's database into allowing access without a valid password. This way, the hacker could get into the system and access sensitive information or even take control of the website.

  • What are some ways to prevent SQL injection attacks on a web server?
  1. Validate and sanitize all user inputs on both the client and server sides
  2. Limit database user permissions to the minimum required for the application
  3. Escape special characters in user inputs if needed
  4. Use a Web Application Firewall to block potential attacks
  5. Keep software and frameworks updated with security patches

And there are some more you can do, these are some examples.