Web2: SQL Injection - Other Exploits
In the previous section, we learned about the most common SQL Injection exploit that is through User input. In this section, we will continue to explore other SQL Injection exploit methods.
Through cookies
Cookies are files that store user state information when accessing web applications. This information is determined by the programmer, generated on the server and stored at the client. When the user re-visits the web application, cookies are sent by the browser to the server to help restore the user's state in the previous visit.
Because it is stored in the client, the user can edit it at will, so if a web application uses the information stored in cookies to build queries to the database, hackers can completely insert cookies. sql scripts to perform a SQL Injection attack.
There are many tools that allow viewing, adding and editing cookies, in which the addon Cookies Manager of firefox is a quite convenient tool. You can download and install it in firefox easily.
Through server variables
The server variable may be a relatively new concept, but it's not new. Some examples of server variables are Http header, Network header. Not very common but values stored in server variables can be used by web applications such as in logging access or access statistics by user agent. These jobs all have interaction with the database, so hackers can completely use server variables in exploiting Sql Injection.
Firefox addons support these things very well, Tamper Data or Live HTTP headers (exampled above) can help us catch requests sent from the client to the web server, from which we can easily change change the server variables (http header…) before sending them to the server. Mining via server variables is similar to mining via cookies.
Tamper Data:
Second-order Injection
This is a rarely used technique because it is difficult to tell if a web application has this error or not. The technique is described as follows: First, we will 'inject' into the database a piece of code. This code does not pose any danger to the system but it will be used as a springboard for the next injection. Let's see a concrete example to better understand this technique.
We will access a web application and try to register an account with the username "administrator' --". Then we will perform the password change operation. Changing the password is handled by the web application as follows:
With the username registered above, the above query becomes:
Thus, we can change the password of the administrator account and can completely log in as the administrator account.
You should read it
- Web3: SQL injection - Exploit directions
- Web6: SQL Injection - Some Exploit Tools
- Web5: SQL injection - Some techniques to bypass the filtering mechanism
- Web4: SQL injection - Exploitation steps
- Learn about SQL Injection and how to prevent it
- What is Fault Injection Attack (FIA)? Is it worrisome?
- WordPress plugins with more than 300,000 pages that use vulnerabilities are vulnerable to SQL Injection attacks
- What is AI Prompt Injection attack?
- Discuss IFrame Injection Attacks
- Block hacker SQL Injection with ASP
- Some basic points about the mechanism of attacking SQL Injection and DDoS
- How to Prevent SQL Injection in PHP