Question

In: Computer Science

Provide at least 4 examples of different types of SQL injection that can occur and the...

Provide at least 4 examples of different types of SQL injection that can occur and the impact that    each might have. Brief expalnation

Solutions

Expert Solution

1. Unsanitized Input

Unsanitized input is a common type of SQLi attack in which the attacker provides user input that isn’t properly sanitized for characters that should be escaped, and/or the input isn’t validated to be the type that is correct/expected.

For example, a website used to pay bills online might request the user’s account number in a web form and building a SQL query string dynamically with the account number the user provided, it might look something like this:

“SELECT * FROM customers WHERE account = ‘“ + userProvidedAccountNumber +”’;”

It leaves the door open for attackers. If someone decided to provide an account number of “‘ or ‘1’ = ‘1”, that would result in a query string of:

“SELECT * FROM customers WHERE account = ‘’ or ‘1’ = ‘1’;”

Due to the ‘1’ = ‘1’ always evaluating to TRUE, sending this statement to the database will result in the data for all customers being returned instead of just a single customer.

Impact :

  • Authentication Bypass, Information Disclosure, Data Loss, Data theft, and Data Integrity loss.
  • Denial of service and at times System Compromise.

2. Blind SQL Injection

Also referred to as Inferential SQL Injection, a Blind SQL injection attack doesn’t reveal data directly from the database being targeted. Rather, the attacker closely examines indirect clues in behavior. Details within HTTP responses, blank web pages for certain user input, and how long it takes the database to respond to certain user input are all things that can be clues depending on the goal of the attacker. They could also point to another SQLi attack avenue for the attacker to try.

Impact:

  • Subverting Applications Logic ( In simple words you try to understand the application logic and hence try to manipulate it)
  • The results of a query you control are not returned in the application's responses.

3. Out-of-Band Injection

This attack is bit more complex and may be used by an attacker when they cannot achieve their goal in a single, direct query-response attack. Typically, an attacker will craft SQL statements that, when presented to the database, will trigger the database system to create a connection to an external server the attacker controls. In this fashion, the attacker can harvest data or potentially control behavior of the database.

Impact :

  • Reading, updating and deleting arbitrary data or tables from the database
  • Executing commands on the underlying operating system

4. Second Order Injection

A Second Order Injection is a type of Out-of-Band Injection attack. In this case, the attacker will provide an SQL injection that will get stored and executed by a separate behavior of the database system. When the secondary system behavior occurs (it could be something like a time-based job or something triggered by other typical admin or user use of the database) and the attacker’s SQL injection is executed, that’s when the “reach out” to a system the attacker controls happens.

Impact :

  • The potential to target administrators of the application and the supporting environment.
  • The potential to affect an organisation's internal hosts (e.g. help-desk workstations and databases)
  • The ability to "seed" the application data storage areas with attack code prior to exploitation.


Related Solutions

Understand the 4 types of cellular injury that can occur and why. Know the 2 different...
Understand the 4 types of cellular injury that can occur and why. Know the 2 different types of inflammation, local and peripheral, and examples of each. Understand the different effusions that can happen with cancer and how you would know where in the body the cancer is from based on the effusion. What are the tests that Professor Heine talked about during the cancer lecture that the nurse can use to help diagnose and what are each testing for specifically?...
explain different types of switches and scanning and provide examples of when they can be used...
explain different types of switches and scanning and provide examples of when they can be used My major is rehabilitation services. the class is assistuve technology. the book is assistive technology for people with disabilities
(a). Explain three (3) types of conflict that can occur in teams. (b). Provide examples of how these types of conflict in teams can be reduced.
(a). Explain three (3) types of conflict that can occur in teams. (b). Provide examples of how these types of conflict in teams can be reduced.
Describe different types of credit market instruments and provide examples
Describe different types of credit market instruments and provide examples
Analyze the different types of defects that can be developed in plastic injection moulding processes. Your...
Analyze the different types of defects that can be developed in plastic injection moulding processes. Your analysis must include the defects explanation, causes of the defects and the remedy of reducing the defects
Explain the different types of mutations that can occur in DNA and their potential severity in...
Explain the different types of mutations that can occur in DNA and their potential severity in a protein product.
Give a general description of agency theory and provide at least 3 examples of the types...
Give a general description of agency theory and provide at least 3 examples of the types of costs firms incur to ensure good corporate governance.
Q. Give at least ten different examples of the types of costs and/or revenue from the...
Q. Give at least ten different examples of the types of costs and/or revenue from the text. Your answer should include: The name of the cost/revenue, the definition, a real world example and Internet research to support the real world example. A.? Q. Define Process Costing and Job Order Costing. Discuss at least five terms/concepts related to either/both of the costing methods. Giver real world examples to support you terms/concepts and include internet research. A.?
Provide some examples of different types of waste in an organization with which you are familiar....
Provide some examples of different types of waste in an organization with which you are familiar. How do you minimize or eliminate it?
Summarize the different types of hematomas that can occur in the brain. Describe epidural hematomas, subdural...
Summarize the different types of hematomas that can occur in the brain. Describe epidural hematomas, subdural hematomas, and traumatic intracerebral hematomas.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT