What are different aspects of Inference SQL injection attack?

SQL injection attacks nowadays are rising up by a huge mark in the cyber world, making a huge number of web sites and web applications its poor victims. Few years back the SQL injection attacks were not much in news but, now they have come to top the web’s vulnerabilities chart.

SQL injection attacks have emerged as a popular and notorious means for harming the security of the websites and web applications. 

Actually how exactly an SQL injection attack come in to affect? 

- In a typical SQL injection attack, some statements written in SQL language serve as input to a web form.

- This is done in order to obtain a web site or application that will carry out operations on the targeted data base.

- Such fake obtained web sites via the SQL injections are often badly designed. 

- The attacker employs this badly designed web site to get the access to the private data base contents. 

- It is a kind of code injection technique and that is often set for exploiting the security vulnerability in the software of the web site or web application. 

When does an injection attack occurs?

An injection attack occurs through two usually committed mistakes which are:

1. Incorrect filtering of the input by the user for entering the escape characters in string literals which are embedded in the vicious SQL statements. Here then emerges a scope for the potential manipulation of SQL statements which is done by the end user who is using the data base.

2. The unexpected execution or running of the input entered by the user that has not been strongly typed. This is commonly referred to as incorrect type handling. The constraints are then left unchecked.  

Approaches of Inference SQL Injection Attack

The SQL inference injection attacks are usually used for mining of data. There are 3 approaches that are used for data mining following inference SQL:

1. In band approach: The in band approach involves the extraction of data via an already existing path between the application and the attacker. For example, returning the data in a well rendered error message or web page.

2. Out of band approach: The out of band approach involves the creation a new path between the application and the attacker. This is actually worked out by establishing a connection between the data base server and the client by employing a network function such as HTTP, data base connection, e mail and so on.

3. Inference: Inference does not involve any direct transfer of any actual data rather the value of the data is inferred directly by calculating the differences between the responses from the attacker as well as the application. This is generally done by revoking several questions. Deliberate differences between the two responses are generated based up on the answers to the revoked questions. 

About the Inference SQL Injection Attack

1.The inference approach can also be used at the bit level and it makes use of properties such as status of the web server, time and difference in the content.

2.Making use of these properties, it enables the attacker for correctly inferring the data values.

3.Inference SQL injection has proven to be a great mile when it comes to the extraction of the data using SQL injections. 

4.It came to be extremely useful when the other two methods for data retrieval i.e., in band and out of band didn’t prove to be successful. 

5.The inference SQL attacks only affect the SQL servers and they are quite slow due to time delay. 

6.Since 2002 no remarkable improvements have been witnessed in the field of inference SQL.

7.The inference SQL injection attacks have an added advantage which is that they can be employed in any SQL injection situation. 

8.When a specific query is injected in to an ADQ (application defined query), the web server generates a response code depending up on the data values. 

9.It is quite common for an attacker to initially look for exploiting the SQL injection vulnerability by using the in band results.

10.But this not feasible every time since in some situations time is the major factor, in such situations out of band or inference methods are deployed. 

11.Not only data, but logic can also be inserted in to the query of the application.

12.In this the output of the application can be controlled and based on this output the stored values can be inferred from the data base.

13.The creation of an SQL inference attack is based on the sophistication of the information that the attacker has regarding it beforehand. 

14.The inference SQL attack through the web server response codes present a major problem which is that they can be quite easily be detected by the good web server administrators.

15.But, the attackers are so clever that they have figured out another such inference attack called content manipulation inference attack.

16.Using this, they are able to keep the response code constant while simultaneously changing the web site content. 

What is meant by correct filtering of user input?

Security is the top priority, be it any type of application or software. It has an importance that keeps growing with every phase of the software system or application development. Its importance is also reflected in the open source and commercial projects. Security is a very vast topic and there are many ways to implement and maintain security for all the stages. The data filtering of user input is one such way and this article is focused on this.

About Filtering of User Input

Being practical, almost all the applications or software systems depend on some external input or data to process and give out output or to start some process. 

- This input or data is supplied by the user or in some cases by some other applications (may be bots, web services clients, and scanner and so on). 

- Nobody knows what might be the nature of the user input, it can be either harmless or it can be malicious. - So it becomes mandatory for every developer to filter out this incoming foreign data.

- Input filtering is one of the important processes of the security mechanism of any application software and is independent of the environment and language.

- Today there are so many tools available that serve the purpose of filtering the input or data, for example, CGI for Perl.

- Foreign data can constitute of anything ranging from a web form to the results of the data base queries and also cookies, files, web services data, environment variables, server variables and so on. 

- The filter tools support all these kinds of user inputs. 

- The testing, validation as well as filtering of the custom or user input data every now and then can be quite annoying as well as time and effort consuming task. 

- It is quite common that while testing the tester may forget to write a test and if written also it might be incomplete.

- The filtering tools and extensions help curb these types of traps. 

- Usually filter tools follow two types of filtering methodologies:

1. Logical filtering: It involves a strong and stringent analysis of the input data, checking for the correctness of the formats and the expected type is returned if the data passes the test.
2. Sanitizing filtering: It involves determining whether or not to allow certain characters in a string. The data format is really not cared about in this type of filtering and a string is always returned.

How can filters be useful?

- It is quite a misconception that filters provide an object oriented interface. It is not so. 

- There are some filters that are also capable of turning ordinary line breaks in to effective HTML tags.

- Using the filters you can decide which input formats are to be made available to the users or you can put up a default format. 

- While the application is working up on the user input, keeping it as secure as possible prevents many security hazards.

- One of the most severe security risks is encountered whenever the full HTML is posted without being filtered.

- Most of the PHP filters are considered to be dangerous as they allow the execution of the code driven queries and other things on the data base of the web site. 

- For better input filtering, one needs to explore the modules for installing special filters that allow one to embed references to other resources, videos and so on. 

- Input filtering is much similar to filtering water for drinking and other uses.

- In some of the cases the application functions with the malicious data also, this leads to a kind of robustness of the application. 

What are different aspects of SQL injection attacks?

SQL is the most rated vulnerability of today’s software world. SQL injection is emerging as a popular means for harming the security of the websites.

How exactly an SQL injection attack takes affect?

- In an SQL injection attack, some statements written in SQL language are inputted in a web form.
- This is done to obtain a web site that will carry out operations on the data base.
- Such obtained web sites through SQL injections are often badly designed.
- The attacker uses this badly designed web site to get the access of the data base contents.
- The web site can be used to carry out other operations also as desired by the attacker.
- It is a kind of code injection technique and is often employed for exploiting the security vulnerability in the software of the web site.

An injection attack occurs through two common mistakes which are:

1. Incorrect filtering of the user input for escape characters in string literals which are embedded in the SQL statements. Here becomes a scope for the potential manipulation of SQL statements. The manipulation is done by the end user who is using the data base.

2. The unexpected execution of the input entered by the user that has not been strongly typed. This is referred to as incorrect type handling. The constraints are left unchecked.

What can a SQL injection attack do?

- The SQL commands designed by the attacker are injected in to the data base of the web site or application via a web form through any of the two methods.
- These commands are capable of changing the content of the data base or they can even dump to the attacker’s wish.
- SQL injections attacks can even attack SQL databases rather than only attacking the web sites or web applications.
- SQL injection attacks can be prevented by the use of structured query language which is well designed and defined.
- Such attacks are usually aggressive. SQL injection attack is abbreviated to SQLIA.

According to a research, under normal usage an application experiences 71 attempts per hour in contrast to the 800- 1000 attempts per hour under a direct attack.

SQL injection attack has been declared by open web application security project as one of the top 10 vulnerabilities. It can be divided into 5 sub categories as listed below:

- Classic SQL injection attack
- Interactive SQL injection attack
- Inference SQL injection attack
- Compounded SQL injection attack and
- DBMS specific SQL injection attack

Types of SQL Injection Attack

- Classic SQL injection attack is not feared today since it has become out- dated.
- But, still many web sites and web applications are precautious against it.
- Inference SQL injection attack continues to be a great threat.
- Attackers mostly prefer this method since it is very flexible in deployment and dynamic in nature.
- Compounded SQL injection attack is a new kind of SQLIA.
- It is resultant of combination of SQL injection and web applications such as:

a) DOS attacks + SQL injection
b) DNS hijacking + SQL injection
c) Improper authentication + SQL injection
d) XSS + SQL injection

- A representation of compounded SQL injection attack is provided by the storm worm.
- The DBMS specific SQL injection attack is often considered as supportive.
- There is another kind of SQL injection called blind SQL injection attack which is used to defend a web site or application on verge of being attacked.
- The results of the SQL injection attack are made invisible to the attacker.
- This injection attack is time intensive.

Today several automated tools have also been developed for automation of these attacks. But, that also requires the location of the target information.