Update for 08-03-22 13:15
This commit is contained in:
parent
f55eae7d9f
commit
b4c9a68913
@ -8,8 +8,42 @@ appending a new command. Because the inserted command may have additional
|
||||
strings appended to it before it is executed, SQLI attack string generally end
|
||||
with a comment or `--`.
|
||||
|
||||
== Typical attack avenues ==
|
||||
|
||||
=== user input ===
|
||||
|
||||
Attacker crafts some input field text to send to server, that is then passed to
|
||||
a database without first being sanatized.
|
||||
|
||||
=== server variables ===
|
||||
|
||||
Server varaibles include HTTP headers, network protocol headers, and enviroment
|
||||
variables. Web applications use these for logging usage stats and IDing browsing
|
||||
trends. If put in a database without sanitiztation, when the data is later
|
||||
queried by some application, it could be placed back into a database request,
|
||||
triggering an attack.
|
||||
|
||||
=== Second order injection ===
|
||||
|
||||
This occours when incomplete prevention mechanisms against SQLi attacks are in
|
||||
place. This happens when the attacker provides some data to the system that is
|
||||
first processed by the server, but after processing becomes an attack vector.
|
||||
|
||||
=== Cookies ===
|
||||
|
||||
When client returns to a web application server, cookies restore client state.
|
||||
Because client can control the cookie, attacker can alter cookies such that
|
||||
when the pplication server builds an SQL Query based on the cookies content,
|
||||
the structure/function of query is modified.
|
||||
|
||||
=== Physical user input ===
|
||||
|
||||
Attacker may construct physical things outside of the realm of web requests.
|
||||
This includes QR codes, RFID tags, or paper forms scanned with optical
|
||||
character recognition.
|
||||
|
||||
|
||||
|
||||
== Also see ==
|
||||
|
||||
Also see [[sql]]
|
||||
* [[sql]]
|
||||
|
Loading…
Reference in New Issue
Block a user