Learn Cyber Security

SQL Injection Encoding and Evasion Techniques So far, we have seen many advanced attacks for SQL Injection that may be lethal for our database. These attacks will many times be possible but they may not seem to be able to be executed. This is a result of some safety methods (which we will examine in module 4) that filter our input. To bypass these restrictions, let’s examine some of the most famous ways. URL Encoding URLs are permitted to contain only the printable characters in the US-ASCII character set — that is, those whose ASCII code is in the range 0x20 to 0x7e, inclusive. Furthermore, several characters within this range are restricted because they have special meaning within the URL scheme itself or within the HTTP protocol. The URL-encoding scheme is used to encode any problematic characters within the extended ASCII character set so that they can be safely transported over HTTP. The URL-encoded form of any character is the % prefix followed by the character’s two-di...

Database Extraction Example Now that we have started our journey to SQL Injection, let’s see an example of data extraction. To extract useful data from the database, normally we need to know the names of the tables and columns containing the data we want to access. The main enterprise DBMSs contain a rich amount of database metadata that we can query to discover the names of every table and column within the database. The methodology for extracting useful data is the same in each case; however, the details differ on different database platforms.[1] Our example attack will be performed against an MS-SQL database, but we will use a methodology that will work on all database technologies. Consider an address book application that allows users to maintain a list of contacts and query and update their details. When a user searches his address book for a contact, his browser posts the following parameter:         Name=Thomas and the application returns the following...