SQL injection tactics revealed

SQL injection attacks have become the most reliable way for hackers to gain access to valuable data on back-end systems, with many high-profile Web sites falling victim to the technique over the last couple of years. The attacks themselves are fairly straightforward, but the results can be devastating, as this explanation of SQL injection from IBM ISS’s X-Force shows.

SQL injection attacks have become the most reliable way for hackers to gain access to valuable data on back-end systems, with many high-profile Web sites falling victim to the technique over the last couple of years. The attacks themselves are fairly straightforward, but the results can be devastating, as this explanation of SQL injection from IBM ISS’s X-Force shows.

From the X-Force’s Frequency X blog:

SQL injection can be pretty simple and straightforward. Yet, through this vector, an attacker could infiltrate deep into an infrastructure and be relatively unseen. What many database administrators don’t understand is that SQL injection doesn’t merely allow the attacker to manipulate the data in a web application’s underlying database – it can provide direct access to the operating system that database is running on. Using features like xp_cmdshell in Microsoft SQL Server, SQL injection can be leveraged to run dos shell commands against the underlying operating system of the SQL Server at the same privilege level as the database application, which is most often SYSTEM level.

Read the full post on SQL injection here.

Suggested articles

FBI Warned State Election Board Systems of Hacks

The Federal Bureau of Investigation’s Cyber Division warned election officials nationwide this month to fortify their systems in the wake of two breaches it was able to detect earlier this summer.

Study: SQL Attacks Jump 69 Percent In Recent Months

The number of SQL attacks jumped by nearly two thirds earlier this year according to cloud hosting firm FireHost who recorded over 450,000 blocked SQL injection attacks between the first and second quarter this year.

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.