Exploit Categories
In general, SQL injection exploits fit into the following three categories:
-
DATA READ
As the name implies, these exploits allow data to be read or extracted from the target database. These exploits can be as simple as attacks that modify the query’s search criteria to return all records within the specified table (such as appending
OR 1=1
to theWHERE
portion of the query). More sophisticated exploits allow the addition of aUNION
operator to return results of arbitrary queries along with the original application dataset. These exploits rely on standard SQL syntax, and typically succeed against most SQL-driven databases.-
DATA WRITE
These exploits allow data to be written to the database, most commonly using either an
INSERT
orUPDATE
query. Like the previous category, these exploits succeed on most standard SQL-driven databases.-
EXECUTE
These exploits are possible only with certain databases and typically execute a stored procedure or another database-specific command. The nature and extent of possible exploits vary between database servers.
Although it would be nice to develop a “silver
bullet” tool that can automate exploits against any
database using any of these techniques, documenting such a tool would
require far more than one chapter. In this chapter, we focus on the
DATA
READ
exploits because these are least likely to result in damage to the underlying data and/or application. As we develop our exploit tool, we will attempt to minimize the number of database-specific ...
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.