You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.
Attack Details
URL encoded GET input test was set to (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use sub selects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.
Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Remediation
Your script should filter metacharacters from user input.
Check detailed information for more information about fixing this vulnerability.
Vulnerability Description
This script is possibly vulnerable to SQL Injection attacks.
SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.
This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.
Attack Details
URL encoded GET input test was set to (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/
Tests performed:
+ (select(0)from(select(sleep(6)))v)/'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"/ => 6.146 + (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ => 1.341 + (select(0)from(select(sleep(9)))v)/'+(select(0)from(select(sleep(9)))v)+'"+(select(0)from(select(sleep(9)))v)+"/ => 9.157 + (select(0)from(select(sleep(3)))v)/'+(select(0)from(select(sleep(3)))v)+'"+(select(0)from(select(sleep(3)))v)+"/ => 3.104 + (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ => 0.671 + (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ => 0.125 + (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ => 0.125 + (select(0)from(select(sleep(6)))v)/'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"/ => 7.426 + (select(0)from(select(sleep(0)))v)/'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"/ => 0.671
Original value: 1
HTTP Request
Impact
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.
Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use sub selects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.
Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.
Remediation
Your script should filter metacharacters from user input.
Check detailed information for more information about fixing this vulnerability.
References:
Acunetix SQL Injection Attack
VIDEO: SQL Injection tutorial
OWASP Injection Flaws
How to check for SQL injection vulnerabilities
SQL Injection Walkthrough
OWASP PHP Top 5
The text was updated successfully, but these errors were encountered: