SQL Injection Attacks

PMA03:12

This appeared to be an entirely custom application, and we had no prior knowledge of the application nor access to the source code: this was a "blind" attack. A bit of poking showed that this server ran Microsoft's IIS 6 along with ASP.NET, and this suggested that the database was Microsoft's SQL server: we believe that these techniques can apply to nearly any web application backed by any SQL server.
The login page had a traditional username-and-password form, but also an email-me-my-password link; the latter proved to be the downfall of the whole system.
When entering an email address, the system presumably looked in the user database for that email address, and mailed something to that address. Since my email address is not found, it wasn't going to send me anything.
So the first test in any SQL-ish form is to enter a single quote as part of the data: the intention is to see if they construct an SQL string literally without sanitizing. When submitting the form with a quote in the email address, we get a 500 error (server failure), and this suggests that the "broken" input is actually being parsed literally. Bingo.
We speculate that the underlying SQL code looks something like this:

SELECT fieldlist
  FROM table
 WHERE field = '$EMAIL';

Categories: PHP

PHP-HTTP and Sessions-Maintaining State HTTP has no mechanism to maintain state; thus HTTP is a context-free or stateless protocol. Individual requests aren't related to each other. The Web server and thus PHP can't easily distinguish between single users and… Read More
Generating a PDF document-PHP Generating a PDF document <?php // These values are in points (1/72nd of an inch) $fontsize = 72; // 1 inch high letters $page_height = 612; // 8.5 inch high page $page_width = 792; // 11 inch wide page … Read More
PHP-Mail Functions PHP contains two dedicated mail functions, which are built into PHP by default. The mail() function allows for the sending of email directly from a script, and ezmlm_hash() provides a hash calculation useful for interf… Read More
What is an array? An array is a variablethat stores more than onepiece of related data in a single variable. Thinkof an array as a box of chocolateswith slotsinside. The box representsthe arrayitself whilethe spacescontaining chocolates rep… Read More
PHP Online Resources The major sites that use PHP, and a listing of all the books written on PHP. Not only does this site contain a plethora of resources, it also contains links to the other PHP sites, the latest news about all things PHP … Read More
CodeIgniter system Folder The system/ folder is where all the action happens. This folder contains all the CodeIgniter code of consequence, organized into various folders: application — The application foldercontains the applicat… Read More
Networking Functions-PHP When using the PHP binaries for Windows that are available from http://php.net/, the getprotobyname(), getprotobynumber(), getservbyport(), and getservbyname() may not function as anticipated under Windows 2000. D… Read More
Program Yahoo! with PHP 5 Take advantage of some of the latest features in PHP to quickly add Yahoo! data to PHP-powered pages. The recursively named PHP Hypertext Processor language is a popular choice for building dynamic web applications. In… Read More
PHP and Javascript Variables Variables To define a variable in PHP, you’d write:// PHP$n = 1;The equivalent in JavaScript is:// JavaScriptvar n = 1; There’s no dollar sign, just the name of the variable. Like in PHP, you don’t define variable… Read More
PHP-Array Functions -list(),each(), and count(). list() is sort of an operator, forming an lvalue (a value that can be used on the left side of an expression) out of a set of variables, which represents itself as a new entity similar to an element of a multidimension… Read More
How to create a thumbnail-PHP code To create a thumbnail, you pass the function PIPHP_MakeThumbnail()a GD image object and the maximum value of the greater dimension for the thumbnail. For example, the following code loads in the image in test.jpgusing the … Read More
PHP-Http Environment Variables A Web browser makes a request of a Web server, it sends along with the request a list of extra variables. These are called environment variables, and they can be very useful for displaying dynamic content or… Read More
free php script-download free php scripts | Open Source PHP - PHP Scripts gscripts.net/ A directory of free php scripts such as forums, photo galleries, CMS, and e-commerce solutions. Each script has demo so it can be tested prior to download… Read More
CodeIgniter config.php The config.php filecontains a series of configuration options all of them stored in a PHP array called, appropriately enough, $config) that CodeIgniter uses to keep track of your application ’ s information and… Read More
PHP-max_execution_time php.ini Directives Related to the Connection-Handling Functions The following configuration directives can be used to control the behavior of the connection-handling functions. Directive Name Value Type Descri… Read More