Subscribe by Email


Saturday, May 12, 2012

What are different aspects of Inference SQL injection attack?


SQL injection attacks nowadays are rising up by a huge mark in the cyber world, making a huge number of web sites and web applications its poor victims. Few years back the SQL injection attacks were not much in news but, now they have come to top the web’s vulnerabilities chart.

SQL injection attacks have emerged as a popular and notorious means for harming the security of the websites and web applications. 

Actually how exactly an SQL injection attack come in to affect? 
- In a typical SQL injection attack, some statements written in SQL language serve as input to a web form.
- This is done in order to obtain a web site or application that will carry out operations on the targeted data base.
- Such fake obtained web sites via the SQL injections are often badly designed. 
- The attacker employs this badly designed web site to get the access to the private data base contents. 
- It is a kind of code injection technique and that is often set for exploiting the security vulnerability in the software of the web site or web application. 



When does an injection attack occurs?

An injection attack occurs through two usually committed mistakes which are:

1. Incorrect filtering of the input by the user for entering the escape characters in string literals which are embedded in the vicious SQL statements. Here then emerges a scope for the potential manipulation of SQL statements which is done by the end user who is using the data base.

2. The unexpected execution or running of the input entered by the user that has not been strongly typed. This is commonly referred to as incorrect type handling. The constraints are then left unchecked.  

Approaches of Inference SQL Injection Attack

The SQL inference injection attacks are usually used for mining of data. There are 3 approaches that are used for data mining following inference SQL:

1. In band approach: The in band approach involves the extraction of data via an already existing path between the application and the attacker. For example, returning the data in a well rendered error message or web page.

2. Out of band approach: The out of band approach involves the creation a new path between the application and the attacker. This is actually worked out by establishing a connection between the data base server and the client by employing a network function such as HTTP, data base connection, e mail and so on.

3. Inference: Inference does not involve any direct transfer of any actual data rather the value of the data is inferred directly by calculating the differences between the responses from the attacker as well as the application. This is generally done by revoking several questions. Deliberate differences between the two responses are generated based up on the answers to the revoked questions. 


About the Inference SQL Injection Attack

1.The inference approach can also be used at the bit level and it makes use of properties such as status of the web server, time and difference in the content.
2.Making use of these properties, it enables the attacker for correctly inferring the data values.
3.Inference SQL injection has proven to be a great mile when it comes to the extraction of the data using SQL injections. 
4.It came to be extremely useful when the other two methods for data retrieval i.e., in band and out of band didn’t prove to be successful. 
5.The inference SQL attacks only affect the SQL servers and they are quite slow due to time delay. 
6.Since 2002 no remarkable improvements have been witnessed in the field of inference SQL.
7.The inference SQL injection attacks have an added advantage which is that they can be employed in any SQL injection situation. 
8.When a specific query is injected in to an ADQ (application defined query), the web server generates a response code depending up on the data values. 
9.It is quite common for an attacker to initially look for exploiting the SQL injection vulnerability by using the in band results.
10.But this not feasible every time since in some situations time is the major factor, in such situations out of band or inference methods are deployed. 
11.Not only data, but logic can also be inserted in to the query of the application.
12.In this the output of the application can be controlled and based on this output the stored values can be inferred from the data base.
13.The creation of an SQL inference attack is based on the sophistication of the information that the attacker has regarding it beforehand. 
14.The inference SQL attack through the web server response codes present a major problem which is that they can be quite easily be detected by the good web server administrators.
15.But, the attackers are so clever that they have figured out another such inference attack called content manipulation inference attack.
16.Using this, they are able to keep the response code constant while simultaneously changing the web site content. 




No comments:

Facebook activity