Eclipse.org SQL Injection

`#Vulnerability: Eclipse.org Error Based SQL Injection  
#Authors: Shahmeer Amir And Rafay Baloch  
#Company: RHA INFOSEC  
#Website: http://services.rafayhackingarticles.net  
  
  
Url :http://eclipse.org/membership/showMember.php?member_id=(selectconvert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))  
FROM syscolumns)  
  
  
Vuln Parameter Name: member_id  
  
Vuln Parameter Type: Querystring  
  
  
Attack Pattern: (select  
convert(int,CHAR(95)+CHAR(33)+CHAR(64)+CHAR(50)+CHAR(100)+CHAR(105)+CHAR(108)+CHAR(101)+CHAR(109)+CHAR(109)+CHAR(97))  
FROM syscolumns)  
  
Vulnerability Details  
{PROBLEM} identified a probable SQL injection, which occurs when data input  
by a user is interpreted as an SQL command rather than as normal data by  
the backend database.  
  
This is an extremely common vulnerability and its successful exploitation  
can have critical implications.  
  
Even though I believe there is a SQL injection in here, it could not  
confirm it. There can be numerous reasons for i am not being able to  
confirm this. I strongly recommend investigating the issue manually to  
ensure it is an SQL injection and that it needs to be addressed. You can  
also consider sending the details of this issue to us so i can address this  
issue for the next time and give you a more precise result.  
  
Impact  
Depending on the backend database, database connection settings and the  
operating system, an attacker can mount one or more of the following type  
of attacks successfully:  
Reading, updating and deleting arbitrary data/tables from the database.  
Executing commands on the underlying operating system.  
  
Actions to Take  
See the remedy for solution.  
If you are not using a database access layer (DAL) within the architecture  
consider its benefits and implement if appropriate. As a minimum the use of  
s DAL will help centralize the issue and its resolution. You can also use  
ORM (object relational mapping). Most ORM systems use parameterized queries  
and this can solve many if not all SQL injection based problems.  
Locate all of the dynamically generated SQL queries and convert them to  
parameterized queries. (If you decide to use a DAL/ORM, change all legacy  
code to use these new libraries.)  
Monitor and review weblogs and application logs to uncover active or  
previous exploitation attempts.  
  
  
Remedy  
A very robust method for mitigating the threat of SQL injection-based  
vulnerabilities is to use parameterized queries (prepared statements).  
Almost all modern languages provide built-in libraries for this. Wherever  
possible, do not create dynamic SQL queries or SQL queries with string  
concatenation.  
Required Skills for Successful Exploitation  
There are numerous freely available tools to test for SQL injection  
vulnerabilities. This is a complex area with many dependencies; however, it  
should be noted that the numerous resources available in this area have  
raised both attacker awareness of the issues and their ability to discover  
and leverage them. SQL injection is one of the most common web application  
vulnerabilities  
`