| What is SQL Injection Attacks | | | | environment to find the injection point.b) Determine the |
| With the growing up of B/S model application | | | | type of database.c) Guess datasheet.d) Guess the |
| development, more and more programmer write | | | | field.e) Guess the content. |
| program with it. Unfortunately, many programmers did | | | | The steps "Guess datasheet", "Guess the field" and |
| not judge the validity of users' input data during | | | | "Guess the content" are very important fro SQL |
| encoding, and then, there will be security risk in the | | | | Injection Attack during the full process. Let's analyze |
| application. | | | | these there steps. |
| Malicious attackers submit a special section of | | | | Sax2 will detect and alarm the attacks in network |
| database query code to the server, the server will | | | | real-time. It will show the in the table Event when there |
| disclosure some sensitive information when respond | | | | is SQL Injection Attacks, see the figure 1. |
| with corresponding result. This is SQL Injection Attack. | | | | Figure 1 Sax2 alarm the MS_SQL Injection Attacks |
| The main trend Firewall currently will not alarm when | | | | real-time |
| there is SQL attack because of the SQL Injection is | | | | The selected event in the Figure 1 shows the |
| via normal point and hidden and difficult to be detected, | | | | attacker's IP 192.168.21.103, the victim's IP 125.65.112.10. |
| seemingly normal website visit. | | | | And the original message is "slect * from [dirs]", means |
| The danger of SQL Injection Attack | | | | enquire whether there is a datasheet named "dirs" in |
| According to the statistics of CVE in 2006, there are | | | | current database, in the Original Communication view. |
| more than 70% attacks based on web application. The | | | | The attacker will repeat the operation to gain the |
| SQL Injection Attack increase year by year, it arrives | | | | expected datasheet. He will try to guess the filed in the |
| at 1078 in 2006. Even though, these data is only for the | | | | datasheet if found the corresponding datasheet in the |
| vulnerability in universal applications currently. | | | | database. |
| The danger of SQL Injection Attack including: | | | | Figure 2 Sax2 analysis the attacker is guessing the |
| Change the data in database without authorization. | | | | filed in the admin database |
| Gain the administration authority of a site without | | | | The code in the red circle in the Figure 2 show the |
| authorization. | | | | attacker is guessing the "paths" filed in the admin |
| Maliciously change content of a site without | | | | database. Also, the attacker will repeat the operation till |
| authorization. | | | | find the corresponding filed. |
| XSS attacks. | | | | The attacker will determine the length of the filed and |
| Gain the control authority of the server without | | | | guess the content after found the corresponding filed. |
| authorization. | | | | It will be a SQL Injection Attack after the attacker |
| Add, delete and change the accounts in the server | | | | guess the content in the filed successfully. Sometimes, |
| without authorization. | | | | the attacker has to decryption the content if it in MD5 |
| The process of detect and revert SQL Injection | | | | encryption. |
| Attack with Sax2 | | | | Above is the whole process of SQL Injection Attack |
| Some IDS softwares will execute effective detection | | | | and we detect it with Sax2. As we know, Sax2 can |
| for SQL Injection Attack, though, firewall can not. Now, | | | | effictively detect and alarm the SQL Injection Attack |
| we go to the process of detect and revert SQL | | | | when it occurs. IDS software Sax2 is a useful tool for |
| Injection Attack with IDS software Sax2. | | | | SQL Injection Attack and make your network security |
| The steps of SQL Injection Attack are:a) Determine | | | | combine with firewall software. |