Ver Mensaje Individual
  #3 (permalink)  
Antiguo 05/06/2006, 23:59
franco190453
 
Fecha de Ingreso: abril-2006
Mensajes: 1.128
Antigüedad: 18 años, 7 meses
Puntos: 33
SQL Injection

Estimado Argon:
Es un tanto confuso eso de ".dll Injection".
Lo que si existe es SQL Injection.
Situaciòn Inicial: Un programa que utiliza una base de datos para guardar su informaciòn; por Ejemplo, este Foro, y
esta activo o la base de datos està abierta y en comunicaciòn permanente con el programa.
El atacante entra al programa y hace un "Database Footprinting", posteriormente te la puede alterar y causar daños irreparables.
Es importante hacer notar que el atacante, seguramente tiene amplios conocimientos sobre programaciòn (SQL, HTML, PHP, Etc.)
Aquì te paso una parte de un artìculo en Ingles, donde paso a paso te explica como se hacen las "SQL Injection".
Recuerda que "Injection" es como introducir algo, alterar una estructura (Base de Datos) illegalmente. Logicamente, antes de poder alterar algo tenemos que saber como entrar vìa un mapeo de la Base de Datos.
Este documento esta en el sitio: www.governmentsecurity.org.
Para ubicar todo el artìculo entra a google y busca: "SQL Injection: Modes of Attack, Defense, and Why It Matters"

SQL Injection: Modes of Attack, Defence, and Why It Matters

By Stuart McDonald
Abstract
SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. Despite these risks an incredible number of systems on the internet are susceptible to this form of attack.
Not only is it a threat easily instigated, it is also a threat that, with a little common-sense and forethought, can be almost totally prevented. This paper will look at a selection of the methods available to a SQL injection attacker and how they are best defended against.
Introduction
It's drilled into a programmer from "Programming 101": The importance of input validation and ensuring that the data a user sends you is the data you want, not some poisoned lump of characters that's going to break your site and/or lose you your job.
As valuable as it may be to ensure your users are crossing their t's and dotting their i's, there's a more important reason for this validation and that centres around the principle of SQL injection.
When I first stumbled across an SQL injection paper, I gave it a cursory read and then tried a couple of the attacks against a test backend version of a site I was then looking after. Within six hours I had almost totally destroyed the site - and that was without using the more advanced tools available.
SQL injection is not a "dark art", nor is it new. Numerous white papers and other references are available on the internet (see references), some of which are over a year old. Yet many sites play the roles of the lowest apples in the tree by being completely vulnerable to this form of attack.
As SQL injection how-tos, attacker awareness and now even automated tools such as wpoison that check for SQL injection vulnerabilities become more prevalent, these 'low apples' will be harvested at increasing rates.
Summary
This paper consists of five sections.
Part One - Injection principles: Yes, it really is this easy
Contains a detailed look at the basics of SQL injection. This will walk you through the anatomy of an attack. It is only by knowing exactly how an attacker will use SQL injection that you will be in a better position to protect your site.
Part Two - Advanced injection: Sprocs and the leverage of your position
Looks at some of the more advanced methods of SQL injection which can result in system compromise. This describes the use of stored procedures and extended stored procedures that come pre-installed on a MS-SQL 2000 set-up. It is Microsoft specific.
Part Three - Protection: How many walls to build around your site
Describes methods for the developer to protect their site and system from these kind of attacks.
Part Four - Conclusion: See, it does matter
Summarises why the threat of SQL injection is so serious.
Part Five - References: The information is out there
Contains a detailed listing of references and additional reading.