Why SQL injection is dangerous?


Warning: count(): Parameter must be an array or an object that implements Countable in /home/styllloz/public_html/qa-theme/donut-theme/qa-donut-layer.php on line 274
0 like 0 dislike
10 views
Why SQL injection is dangerous?
How can they be circumvented?
What can you do instead?

// Get a single article by its id get_lesson_by_id function($id) { global $db; $bookmarks = $db->query("SELECT * FROM entries WHERE id = $id"); foreach ($bookmarks as $bookmark) { return $bookmark; } }
by | 10 views

4 Answers

0 like 0 dislike
exploits_of_a_mom.png
by
0 like 0 dislike
Dangerous because you can get all the information from the database, or break it.
For example, in your query replace $id = '1 OR true'
Protection - the use of prepared statements with placeholders.
by
0 like 0 dislike
Because you can do everything, what is right the current user database. For example:
1; DROP TABLE entries; --
turn in the request
SELECT * FROM entries WHERE id = 1; DROP TABLE entries; --

You can also change, add, delete records if you have this right from the user, as they usually are. If in the database there is a possibility of execution of arbitrary shell commands, you can entire server to fuck, well, or pour the backdoor.
What can you do instead?

google://sql prepared statement
by
0 like 0 dislike
Sql Injection is not the top "danger". At the CVE score of about 6-7.
Of course it all depends on configuration, privileges, upgrades, etc.
But it is worth considering the fact that the bulk of vulnerabilities such as sql injection is still not error with union base, 80% blind, making it difficult to conduct the operation, but if the admin doesn't sleep in the same Shoe, you completely eliminate and fix.
The receiving structure may take two days. Let's not forget also about WAF's, cloudflare, incapsula.

Well, even in the case of the sleeping admin, let's say it was the records privileged zapasami resource. Again, the question to the developer.. With md5,sha1, everything is clear, and be in at least 8мизначный blowfish password even in words, this factor is usually just delayed, because the observing methods, the minimum password policies and encryption may present security pretty for a long time (of course not excluding planovoe changing passwords).

Suppose the purpose of life was to discredit the service, and the poor guy spent about a week on promotion whine crawls waf, and iterating a hash of the administrator. I hope php is configured properly, and do not have any privileges from the mysql user of the type dba grand. But even in such case, you can protect sensitive data, even if complete draining of the database. Encrypt important data by storing the key is not in the database. This best practice vstrechaetsya rarely, usually on huge resources, and with "delicious" for attackers.
Yes pricniple as an example of such a standard for storing your credit cards, if the admin wants to log. braintree and a bunch of other solutions, but still with a powerful monitoring, and cool features.

In fact rather trivial steps when the specifics and the load of the resource.

But still damn terrible as he is painted) a talented hacker will be on one vector of attack is always greater than the applied means of protection and fix. Do not forget about a few dozen much more serious vulnerabilities than injections. And to understand that the question is only in time. Sooner or later appear loophole, does not take into account an admin, or another 0day.. And cried all the works on defense
by

Related questions

0 like 0 dislike
2 answers
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
0 like 0 dislike
1 answer
110,608 questions
257,186 answers
0 comments
35,391 users