Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer Gary O’Leary-Steele Alberto Revelli Marco Slaviero Dafydd Stuttard

Download 6,54 Mb.

Pdf ko'rish

bet	64/64
Sana	12.07.2022
Hajmi	6,54 Mb.
	#784293

1 ... 56 57 58 59 60 61 62 63 64

Bog'liq
SQL Injection Attacks and Defense.pdf ( PDFDrive )

54

Chapter 2 • Testing for SQL Injection
The preceding statement should return no results, as the last condition in the
WHERE
clause can never be met. However, keep in mind that things are not always as simple as shown
in these examples, and don’t be surprised if you inject an
always false
condition and the
application returns results. This can be due to a number of reasons. For example:
SELECT *
/* Select all */
FROM products
/* products */
WHERE category='bikes' AND '1'='2' /* false condition */
UNION SELECT *
/* append all new_products*/
FROM new_products
/* to the previous result set */
In this example, the results of two queries are appended and returned as the result. If the
injectable parameter affects only one part of the query, the attacker will receive results even
when injecting an
always false
condition. Later, in “Terminating SQL Injection,” you will see
techniques to comment out the rest of the query.
HTTP Code Errors
HTTP has a number of codes which are returned to the Web browser to specify the result
of a request or an action that the client needs to perform.
The most common HTTP code returned is HTTP 200 OK, which means the request
was successfully received. There are two error codes that you need to familiarize yourself
with to detect SQL injection vulnerabilities. The first one is the HTTP 500 code:
HTTP/1.1 500 Internal Server Error
Date: Mon, 05 Jan 2009 13:08:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 3026
[HTML content]
HTTP 500 is returned from a Web server when an error has been found when rendering
the requested Web resource. In many scenarios, SQL errors are returned to the user in the
form of HTTP 500 error codes. The HTTP code returned will be transparent to you unless
you are using a proxy to catch the Web server response.
Another common behavior adopted by certain applications in the event of errors found
is to redirect to the home page or to a custom error page. This is done via an HTTP 302
redirection:
HTTP/1.1 302 Found
Connection: Keep-Alive

Testing for SQL Injection • Chapter 2

55
Content-Length: 159
Date: Mon, 05 Jan 2009 13:42:04 GMT
Location: /index.aspx
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Object moved

Object moved to here.

Download 6,54 Mb.

Do'stlaringiz bilan baham:

1 ... 56 57 58 59 60 61 62 63 64