Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do you check your URL for SQL Injection Attacks?

Tags:

sql

sql-server

I've seen a few attempted SQL injection attacks on one of my web sites. It comes in the form of a query string that includes the "cast" keyword and a bunch of hex characters which when "decoded" are an injection of banner adverts into the DB.

My solution is to scan the full URL (and params) and search for the presence of "cast(0x" and if it's there to redirect to a static page.

How do you check your URL's for SQL Injection attacks?

like image 246
Guy Avatar asked Sep 03 '08 19:09

Guy

People also ask

How SQL injection attacks are detected?

Detection methods range from checking server logs to monitoring database errors. Most network intrusion detection systems (IDS) and network perimeter firewalls are not configured to review HTTP traffic for malicious SQL fragments, making it possible for an attacker to bypass network security boundaries.

Where can I find SQL injection?

The most common other locations where SQL injection arises are: In UPDATE statements, within the updated values or the WHERE clause. In INSERT statements, within the inserted values. In SELECT statements, within the table or column name.

What is URL injection?

URL Injection occurs when a hacker has created/injected new pages on an existing website. These pages often contain code that redirects users to other sites or involves the business in attacks against other sites. These injections can be made through software vulnerabilities, unsecured directories, or plug-ins.

What is HTTP URI SQL injection?

This indicates an attempt to exploit a SQL-injection vulnerability through HTTP requests. The vulnerability is a result of the application's failure to check user supplied input before using it in an SQL query. As a result, a remote attacker can send a crafted query to execute SQL commands on a vulnerable server.

1 Answers

I don't.

Instead, I use parametrized SQL Queries and rely on the database to clean my input.

I know, this is a novel concept to PHP developers and MySQL users, but people using real databases have been doing it this way for years.

For Example (Using C#)

// Bad!
SqlCommand foo = new SqlCommand("SELECT FOO FROM BAR WHERE LOL='" + Request.QueryString["LOL"] + "'");

//Good! Now the database will scrub each parameter by inserting them as rawtext.
SqlCommand foo = new SqlCommany("SELECT FOO FROM BAR WHERE LOL = @LOL");
foo.Parameters.AddWithValue("@LOL",Request.QueryString["LOL"]);
like image 112
FlySwat Avatar answered Nov 02 '22 08:11

FlySwat
Sign in to Comment

Related questions

is it possible to use ORDER BY column not in the GROUP BY?
MySQL : sum of every day
Programmatically detect SQL Server Edition
How to Find the list of Stored Procedures which affect a particular column?
Date Difference in MySQL to calculate age
Codeigniter Insert Multiple Rows in SQL
Database design: lots of rows vs lots of tables?
SQL Server 2008 DateTime range query
Split string on only first occurance of character/delimiter
Fill DataTable from SQL Server database
You can't specify target table 'NAME' for update in FROM clause
PDO MYSQL Update Only If Different
Evaluation of multiples 'IN' Expressions in 'WHERE' clauses in mysql
How to find columns count of any table in any database from sql server master database?
Why doesn't COUNT(DISTINCT (*)) work?
MySQL count and group by day
How should I declare auto increment variable in the virtual table of stored procedure
separate comma separated values and store in table in sql server
Why only one clustered index per table should be created in sql server?
Get frequency of a column in SQL Server

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!