Sql Injection Reloaded: Access To The Operating System

[Peaches]

17 April 2009, 16:40

SQL injection reloaded: access to the operating system

SQL (Structured Query Language) injection lets attackers not only manipulate a database, but to immediately take control of a complete server along with the operating system. (Further information about this is available in The H Security feature – Lethal injection - SQL injection – attack and defence. Bernardo Damele Assumpcao Guimaraes, a security specialist, demonstrated this at the Black Hat hacker conference with his sqlmap tool. The tool that Guimaraes developed has a repertoire of attack methods to use against all three current SQL servers – running on both Windows and Linux.

Sqlmap detects whether MySQL, PostgreSQL or Microsoft SQL Server is involved and automatically selects the appropriate attack route for each one. Guimaraes says the methods used to attain the various objectives of the attack differ fundamentally depending on the type of server. Different user rights are required as well, according to the target, but he says most database installations have user rights configured, by default, in a way that allows the sqlmap attacks to be successful.

Unlike previously known SQL injections, sqlmap doesn't confine itself to reading out values from the database, changing tables or attaching content to tables. More than that, this tool is designed to automate far more complex attacks by making stacked queries. Previously known SQL injections only constitute the preliminary stage, a stepping stone to what sqlmap can really do.

Heise security - http://www.h-online.com/security/SQL-injec...m--/news/113095

>>>>>>>>>>>>>>>