SQL injection authentication bypass

2011-01-04T00:00:00
ID SAINT:37C52CFC7D21D5A3359E674521F8F270
Type saint
Reporter SAINT Corporation
Modified 2011-01-04T00:00:00

Description

Added: 01/04/2011

Background

Structured Query Language (SQL) is the most common language understood by modern relational databases.

Problem

A web program uses input parameters within an SQL query in an unsafe manner. This could allow a remote attacker to manipulate the authentication query via a specially crafted input parameter containing unexpected characters. A successful SQL injection attack could result in unauthorized access to the web application.

Resolution

Modify the web program to remove invalid characters from input parameters before using them in SQL queries.

References

<http://www.windowsecurity.com/whitepapers/What-SQL-Injection.html>

Limitations

In order for the exploit to succeed, the login form must be accessible by following links from the home page of a web site. The web program must allow authentication based on the response of a simple username and password query.

If using the https protocol, the exploit requires the IO-Socket-SSL PERL module to be installed on the scanning host. This module is available from <http://www.cpan.org/modules/by-module/IO/>.