baxleys.org » nate
Article
Event
Organization
Technology
Project
People
To DoHow to test for SQL Injection Vulnerabilites
This article gives instructions on what to look for and how to determine which pages are vulnerable
SQL Injection vulnerabilities are problems in our code that allow a malicious person to insert their own SQL statements into our queries. Exploiting this hole
allows the attacker to alter the database in just about any way they want. Some of their access is limited by the user security we use, but there are things we can do to percent any problems.
Looking for potential problem pages
One key to look for that can indicate a SQL injection hole is for some arguments in the URL of the page. Here's an example of a vulnerable page.
http://dev.ifca.com/events/CalendarDetail.php?EventID=670
The attacker replaces the 670 with some SQL that could get dumped into our query.
How to see if this page really is vulnerable
To test the page above, we can replace the 670 with something innocuous. Replace the number with (SELECT PAQ). If the page is vulnerable, you will see an error message that contains:
Invalid column name 'PAQ'
If the page is safe, then you will also see an error message that contains:
Conversion failed when converting the varchar value '(SELECT PAQ)'
If you get no error message, it is also safe.
When testing, you will not have to test every page in an application. For example, when testing the calendar application, you don't need to test every date. Testing one page is enough.
allows the attacker to alter the database in just about any way they want. Some of their access is limited by the user security we use, but there are things we can do to percent any problems.
Looking for potential problem pages
One key to look for that can indicate a SQL injection hole is for some arguments in the URL of the page. Here's an example of a vulnerable page.
http://dev.ifca.com/events/CalendarDetail.php?EventID=670
The attacker replaces the 670 with some SQL that could get dumped into our query.
How to see if this page really is vulnerable
To test the page above, we can replace the 670 with something innocuous. Replace the number with (SELECT PAQ). If the page is vulnerable, you will see an error message that contains:
Invalid column name 'PAQ'
If the page is safe, then you will also see an error message that contains:
Conversion failed when converting the varchar value '(SELECT PAQ)'
If you get no error message, it is also safe.
When testing, you will not have to test every page in an application. For example, when testing the calendar application, you don't need to test every date. Testing one page is enough.
Log In to access RSS feeds.
This Item Tagged as
baxleys.org
