Buffer Overflow

Well here we are, the last blog of this series. The last type of SQL injection attack to cover is blind based injection attacks. There are two types of Blind Based injection attacks, Boolean and time based. Let us focus on the Boolean and if the reader finds themselves curious, they can follow the link below how time based attacks work: https://app.pluralsight.com/library/courses/ethical-hacking-sql-injection Let's revisit our favorite site: http://www.site.com/table?column=x Let's say this site has a table that allows users to order the columns. When navigating to this table, the address changes to: http://www.site.com/table?order=column This table contains two creatively named columns: column column2 Utilizing our previous attacks (e.g. error and union based attacks) only returns a generic error. It seems our targeted web developers have become a little smarter and are starting to implement error handling for invalid queries. This still doesn't stop us fro

Hello all, Here is another post on SQL Injection attacks. This week, we'll be taking a look at Union Based SQL injection attacks. Union based injection attacks allow the attacker to extract data out of the system. Let's consider the following address again: http://www.site.com/table?column=x Union based attacks go along with error based attacks. Errors inform the attacker on which columns and tables exist in the database schema, which in turn makes guessing tables and columns in union based injection attacks easier. One good method for discovering the underlying database is to use common system tables. The example below demonstrates this: Attack 1: http://www.site.com/table?column=x' union select 1 from all_tables--                 Error: table or view does not exist. Attack 2: http://www.site.com/table?column=x' union select 1 from information_schema.tables--                 Error: Incorrect number of result columns. In attack 1 the attacker incorrectl

Hello all, We will be diving into the different types of SQL Injection attacks. Before delving into SQL Injection attacks, however, let's look at the OWASP definition of what a SQL Injection is. An SQL Injection attack consists of injecting a query via input data from the client to an application. This can allow the attacker to access to the database's CRUD (create, read, update, and delete) permissions if done successfully. It may even give the attacker access to administrative privileges. SQL Injection is consistently at or near the top of the OWASP top 10, so it is worth while to look at each of these attacks. There are 3 types of SQL Injection attacks, error based, union based injection, and blind sql injection. Each of these types deserves multiple pages so we will focus on one at a time. We shall start with the most basic attack, error-based. Let's first consider the following web address: http://www.site.com/table?column=x If the attacker was to append a &#

The central theme of this blog site is to discuss the technical aspects of prevalent attacks. The title of the blog site is buffer overflow which may bring to question, what is buffer overflow? Another question may be how is buffer overflow relevant to cybersecurity? Too understand what buffer overflow is, it is first necessary to define what a buffer is. A buffer is temporary storage that follows a queue (first in first out) implementation. Buffer memory sizes are fixed, and it is this feature that allows buffer overflows to occur. Buffer overflows occur when a program (could be malicious in nature) overruns a buffer's boundary. In the case of a stack buffer overflow, if the return address of buffer is overwritten it will cause a segmentation fault. This may cause a program to point back to an unintended area of the buffer. If an attacker was to build a NOP sled, this would give the attacker complete control over the program. This is were buffer overflow attacks become relev