04 Jul 2018

Error based SQL Injection (SQLi)

04 Jul 2018

OWASP 2013-A1 OWASP 2017-A1 OWASP 2021-A3 OWASP 2019-API8 PCI v3.2-6.5.1 OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-164.306(a) & HIPAA-164.308(a) ISO27001-A.14.2.5 WASC-19 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H WSTG-INPV-05

Error-based SQL injection is an In-band injection technique where the error output from the SQL database is used to manipulate the data inside the database. In In-band injection, the attacker uses the same communication channel for both attacks and collect data from the database. This is the easiest and common intrusion technique used by an attacker. You can force data extraction by using a vulnerability in which the code will output a SQL error rather than the required data from the server. This method can be easily automated using grep extract functionality. In many cases, the error generated by the database is enough for the attacker to understand the database entirely.

Example

        https://www.example.beaglesecurity.com/gallery.php?id=6'

If the server responds to this URL with an SQL error, it proves that, the server is connected to the database in an insecure manner. The quote(‘) breaks the SQL syntax. Now, its just a matter of running a few SQL commands to completely collapse/destroy the database.