Re: [PEN-TEST] database security

[Nicolas Gregoire <nicolas.gregoire () 7THZONE COM>]

Please first excuse my (so poor) english ...

David Jahne a écrit :

> do you know any site which has some whitepapers about database security
> issues especially on MS SQL, Oracle and
> Sybase.

There is DB vulns (like the 'sa' password) and SQL hacking which is the
same (or nearly the same) on all SQL databases.

For example :

insert into test values
("","My Name","My Nick","My Password","My Address",100)

should insert a record for a member of the target web site, with a value
of 100 meaning "Normal User" (500 are for "Admin" account)

So a SQL-hacker can send in your form :
name = evil
nick = 31337
pass = haha
address = 33, avenue des Lilas",500) #

which is executed like :

insert into test values
("","evil","31337","haha","33, avenue des Lilas",500) #,100)

In MySQL, # or -- told the DB engine not to look after them.
So, looking to the DB, you evil-hacker is "Admin"

This is a very dummy technique.

I'm actually writing a paper on Perl/MySQL security problems, and I will
release it to the list if it can help you ...