The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

■■

You may be able to compromise the operating system of the database

server.

■■

You may be able to gain network access to other systems. Typically, the

database server is hosted on a protected network behind several layers

of network perimeter defenses. From the database server, you may be

in a trusted position and be able to reach key services on other hosts,

which may be further exploitable.

■■

You may be able to make network connections back out of the hosting

infrastructure to your own computer. This may enable you to bypass

the application altogether, easily transmitting large amounts of sensi-

tive data gathered from the database, and often evading many intrusion

detection systems.

■■

You may be able to extend the database’s existing functionality in arbi-

trary ways by creating user-defined functions. In some situations, this

may enable you to circumvent hardening that has been performed on

the database, by effectively re-implementing functionality that has been

removed or disabled. There is a method for doing this in each of the

mainstream databases, provided that you have gained database admin-

istrator (DBA) privileges.

Download 5,76 Mb.

Do'stlaringiz bilan baham: