Section 18.172 SQL and XML Injections Flashcards
Objectives 2.2 Explain common threat vectors and attack strategies. Objectives 2.3 Explain various types of vulnerabilities Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity. Objectives 2.5 Explain the purpose of mitigation techniques used to secure the enterprise. Objectives 2.6 Given a scenario, you must be able to apply common security techniques to computing resources.
Injection Attack
Involves sending malicious data to a system for unintended consequences
■ SQL injection and XML injection share the goal of inserting code into systems
SQL Data
Used to interact with databases
Four main SQL actions
Select: Used to read data from the database
Insert: Used to write data into the database
Delete: Used to remove data from the database
Update: Overwrite some data in the database
Example statement:
SELECT * FROM USERS WHERE userID = ‘Jason’ AND password = ‘pass123’;
Code Injection
The insertion of additional information or code through a data input form from a client to an application
SQL (Structured Query Language) Injection
SQL Injection
Involves inserting malicious SQL code into input fields
● Attackers use URL parameters, form fields, cookies, POST data, or HTTP
headers for SQL injection
SQL (Structured Query Language) Injection
Prevention
○ Input validation
○ Sanitise user data
○ Use a web application firewall
In the exam make sure you select Input Validation.
’ = (something) will always be an sql related aspect in the exam
anything to do with databases in the exam will be linked to SQL
SQL Injection Attempt
Involve statements like “ ‘ OR 1=1”
Original SQL statement: SELECT * FROM USERS WHERE userID = ‘Jason’ AND
password = ‘pass123’;
Injected SQL statement: SELECT * FROM Users WHERE userID = ‘Jason’ AND password = ‘’ OR 1=1;
XML (Extensible Markup Language) Injection
XML Data
Used by web applications for authentication, authorisation and other types of data exchange. XML data is submitted from the client to the server or from one server to another
● Should be sent within an encrypted tunnel, like TLS otherwise risk of snooping, spoofing, request forgery or injection of arbitrary code
● Input validation and sanitisation are crucial for server protection
XML data example
<?xml version=”1.0” encoding=”UTF-8”?>
<question>
<ID>SECURITY-002-0001</ID>
<title>Is this an XML vulnerability?</title> <choice1>Option 1</choice1> <choice2>Option 2</choice2>
</question>
If you go in to edit mode for this card you will see the xml data entry.
Just recognise that this is XML for the exam
XML Exploits
XML Bomb (Billion Laughs Attack)
Consumes memory exponentially, acting like a denial-of-service attack
XML code includes lol which can consume 3gb of memory
XML Exploits
XXE (XML External Entity) Attack
Attempts to read local resources, like password hashes in the shadow file
example:
<?xml version=”1.0” encoding=”UTF-8”?> <!DOCTYPE foo [
<!ELEMENT foo ANY>
<!ENTITY xxe SYSTEM “file:///etc/shadow”> ]>
<foo>Some data</foo>
see card in edit mode to see full example
