Penetration Testing mailing list archives
Re: any sql injection bypass on filters?
From: Joe Peters <joepete () joepete com>
Date: Thu, 23 Sep 2010 10:17:08 -0400
On Thu, 2010-09-23 at 14:38 +0800, Jacky Jack wrote:
I fail to think that simply causing the application issue a general SQL can't be assumed as sql injection vulnerability. I doubt this is just a kind of information disclosure/leakage where the database name, field name are leaked through errors?
If you can get the database server to throw an error, you can probably craft queries that will do other unintended things. You might not get any usable data or information about table structure directly, but at the least you can increase the load on the server, possibly to the point of a denial of service. Going another route, maybe you can cause an overflow. At the very least, at the sysadmin level, if you have any app that regularly throws errors, it helps hide the one or two lines in a log that might reveal a more serious problem. Not an injection problem but certainly a security flaw. I suspect your client might be defensive about these hypotheticals, and sure, continue to bang on it and you might be able to have something more concrete. But from my view, a Web app should always be passing valid queries to the database. If it is not, it tells me the developer hasn't fully validated and escaped input. -- Joe ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- any sql injection bypass on filters? Jacky Jack (Sep 22)
- Re: any sql injection bypass on filters? The Dead (Sep 22)
- Re: any sql injection bypass on filters? Speedy (Sep 23)
- Re: any sql injection bypass on filters? Jacky Jack (Sep 23)
- Re: any sql injection bypass on filters? Dan Crowley (Sep 23)
- Re: any sql injection bypass on filters? Speedy (Sep 23)
- Re: any sql injection bypass on filters? Joe Peters (Sep 23)
- Re: any sql injection bypass on filters? Jacky Jack (Sep 23)
- Re: any sql injection bypass on filters? Joe Peters (Sep 23)
- Re: any sql injection bypass on filters? Jacky Jack (Sep 23)
- Re: any sql injection bypass on filters? The Dead (Sep 22)