AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Linq SQL Injection

The attacker can inject unauthorized partial SQL query strings and steal data, such as user passwords, or run unauthorized commands on database server.This can lead to total ownage of database and other servers in the corporate environment.

Severity

Critical

Fix Cost

Low

Trust Level

High

SQL Injection is the most popular attack vector that hackers exploit. It is also by far the most known attack method that developers and business owners are aware of.

The SQL standard supports complex queries and it is the de facto query standard against stored data in web applications.

Let the backend code is similar to the following snippet;

                            
using System.Data.Linq;

// db is an instance of DBContext or a class inherited DBContext
db.ExecuteQuery<Customer>("select * from Customers where City = {0}", Request["city"]);
            
            

Every injection attack occurs because of mixing code and untrusted data in the code. As developers, we are rarely provided secure APIs in order to keep these two piece of information (code and data) apart, until the runtime. In the above code, mixing the data, as name coming from the user, and code, as the partial SQL filter in the program, result in SQL injection. The attacker can potentially manipulate the SQL query and access the information that he can’t access otherwise.

For example, by sending admin' or 2 > 1 ) -- as Request["city"], the attacker may force the application return all customers in all cities although he is not the user having the required role to accomplish this. This is just one of the possibilities that attacker can do with the vulnerable code such as above.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!