AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Insecure Database Administrative Mechanism

The attacker can execute direct sql commands on the remote database that application uses leading to sensitive information theft or total system ownage

Severity

Critical

Fix Cost

Medium

Trust Level

High

Sometimes it may be desirable to allow application administrators to run free text administrative operations on the backend servers. Most of the time this ability is implemented through executing free SQL statements with data provided directly from the administrators or support members through the web application.

As it may be a requirement in order to provide a fast analysis for support users, this mechanism may lead to various and very dangerous security exploits.

Let the backend code is similar to the following snippet;

                            
SqlConnection con = new SqlConnection(connStr);
SqlCommand sqlComm = new SqlCommand(con);
sqlComm.CommandText = TextBox1.Text;
con.Open();
SqlDataReader DR = sqlComm.ExecuteReader();
            
            

Here the application provides a free text box where, probably authenticated and authorized, user can enter any SQL statements and execute on the target database and get the results.

Although very similar to SQL Injection, this is not a code and data mix. Still with the existence of vulnerabilities such as XSS or CSRF, it may be quite possible for an attacker to execute any SQL statements on behalf of the victim support member, for example.

Sometimes it may be desirable to allow application administrators to run free text administrative operations on the backend servers. Most of the time this ability is implemented through executing free SQL statements with data provided directly from the administrators or support members through the web application.

As it may be a requirement in order to provide a fast analysis for support users, this mechanism may lead to various and very dangerous security exploits.

Let the backend code is similar to the following snippet;

                                
statement = connect.createStatement();       	 
sqlStatement = request.getParameter(“sql”);
resultSet = statement.executeQuery(sqlStatement);
            
            

Here the application provides a free text box where, probably authenticated and authorized, user can enter any SQL statements and execute on the target database and get the results.

Although very similar to SQL Injection, this is not a code and data mix. Still with the existence of vulnerabilities such as XSS or CSRF, it may be quite possible for an attacker to execute any SQL statements on behalf of the victim support member, for example.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!