Module 5 - SQL Injections Flashcards

1
Q

Principle exploitable issues with SQL Servers

A
  • web form that does not perform error checking
  • SQL server runs any type of query or command passed to it
  • SQL server where the service account has elevated permissions
  • SQL server which is capable of having the service account run commands
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SQL injection result

A
  • disclosure of private information

- SQL server performs unauthorized functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Forensic examination of SQL injection should involve:

A
  • The logs from the server hosting the web application
  • The logs captured by the web application service
  • The logs from the server running SQL
  • The SQL application logs (Typically, SQL will retain a record of queries and commands run.)
  • Firewall and IDS logs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

SQL over TCP Port

A

TCP 1433

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SQL Probe

A

UDP 1434

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DMZ Firewall - protection?

A

s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

DMZ Firewall - protection?

A

firewalls don’t protect against SQL injection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

SQL injection result

A
  • disclosure of private information (from database/table)

- SQL server performs unauthorized functions (run commands)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SQL Server Account

A

Service account - when compromise, take on same permissions as service account. Can run commands from SQL Server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SQL xp_cmdshell

A
  • spawns Windows command shell and passes string for execution. Output is text.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SQL xp_cmdshell

A
  • spawns Windows command shell and passes string for execution. Output is text.
  • disabled by default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

SQL Injection Input

A

GET or POST commands

Forms can be ASP, PHP, CGI, etc. (no requirement)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

GETS vs. POSTS

A

as

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

GETS vs. POSTS

A

difference in the artifacts we see

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Artifacts for SQL Injections (4)

A

Web Server logs
firewalls
ids
SQL server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SQL value examples

A

‘or’1’=’1’–’
‘or’1’=’1’({‘
‘or’1’=’1’/*’

17
Q

Keywords in Log Files

A

keyword or reps

--
execute
select *
@@version
varchar
char
exec
execute
cast
declare
18
Q

Keywords in Log Files

A

keyword or greps:

--
execute
select *
@@version
varchar
char
exec
execute
cast
declare