Jumat, 10 Juni 2011

Data Validation Testing

SQL INJECTION (OWASP-DV-005)


A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.
A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete),
execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file
existing on the DBMS file system and, in some cases, issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of
predefined SQL commands.

when i tried to access for phpmyadmin page and i insert for username : 1 ' or '1' = '1 and password : 1 ' or '1' = '1 it is able go to into admin page. like this

i tried to insert url like this http://www.akakom.ac.id/index.php?username=1'%20or%20%20'1'%20='1&password=1'%20or%20'1'='1 but nothing were happen

Blind SQL Injection Testing

We have pointed out that there is another category of SQL injection, called Blind SQL Injection, in which nothing is known
on the outcome of an operation. For example, this behavior happens in cases where the programmer has created a custom
error page that does not reveal anything on the structure of the query or on the database. (The page does not return a SQL
error, it may just return a HTTP 500).
By using the inference methods, it is possible to avoid this obstacle and thus to succeed to recover the values of some
desired fields. This method consists of carrying out a series of boolean queries to the server, observing the answers and
finally deducing the meaning of such answers. We consider, as always, the www.example.com domain and we suppose that
it contains a parameter named id vulnerable to SQL injection. This means that carrying out the following request:



when i try url : htt://www.akakom.ac.id/index.php?id=1' i was found a page like this

but if I change id=5 or 6 it bring me to the akakom.ac.id home page..???? what happen
http://www.akakom.ac.id/index.php?id=-6+UNION+SELECT+1,2,3,4,5,6,7-- not found anything

Tidak ada komentar:

Posting Komentar