SQL Injection via URL in IE brower
I have been trying to inject SQL into my application which supports IE only.
The question is for this web application the URL is same from the point User log into the System and till log out.
I tried all this pattern
but each time nothing happens the login screen just gets refresh.
Does that mean the site is secure?? and not vulnerable to SQL injection ?
You should use an interception proxy like Fiddler or Charles and manually modify the request at the request payload level. The browser IE, will do alot of url escaping for you. You'll also want to monitor the server logs to make sure it doesn't throw any unexpected exceptions or leak confidential information. Usually an improperly crafted SQL attack will not how any symptoms but will cause the code to error, which might mean a properly crafted code could cause something more harmful. There's also a possibility that say a SQL attack will cause information to leak into a log file, so say something with access to remote logs, but without production server credential such as a typical developer could say steal a bunch of social security numbers. (so imagine working at a comapny where customer data such as a HIPPA compliant company where developers do not have control of a production instance and data in it, but do have access to the log files to troubleshoot production problems.)
But ideally you shouldn't be manually testing SQL injection. You'll want to use something like OWASP zap, Skipfish, App.Scan or other tools that can test 1000's of combinations and fuzzings of those combinations.
Hi Dlai for quick response.
Originally Posted by dlai
I am new to security testing so I did not understand what exactly you mean by "to monitor the server logs" how can we even do that?
Also I don't have access to database of client Application.
one more point here, you said You'll want to use something like OWASP zap, Skipfish, App.Scan or other tools that can test 1000's of combinations and fuzzings of those combinations. I Installed fiddler but its the same thing is happening. The URL is same though out the user session.
Could you please point me to correct direction here.. Am I missing something?
Any link to documnetation or any help would be appreciated!
Monitoring the server logs is just that. Usually the devs will have setup a logging framework. And they usually feed into a log monitoring tool like Operational Intelligence, Log Management, Application Management, Enterprise Security and Compliance | Splunk or logstash - open source log management. You'll want to watch for any log messages labeled Critical, Errors, and Exceptions. Those could be bad data being kicked back from the database causing some errors before it reaches the response.
Originally Posted by Youga
SQL injection as I mentioned can have 1000's of variations. Not only you have to worry about the simple case attack, you have to think about escaped versions of the attack, url encoded variants of the attack, attacks that escalate the access level of the data, attacks that can trigger a stored procedure, etc... You'll want to use a tool that can exhastively run a huge list of known attack signatures like, https://www.owasp.org/index.php/OWAS..._Proxy_Project or https://code.google.com/p/skipfish/ (those 2 are good open source tools for this), but if you have the budget and serious about security, you'll want to used a paid tool maintained by a reputable security vendor.