Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

SQL Injection Attacks

Attack ID: CPSA-2004-02
Publish Date:
Last Update:
Category: Web Intelligence Protections
Vulnerable Systems: SQL Databases with Web-based front end
Source: SmartDefense Research Center
Description: A vulnerable web application may allow a remote attacker to inject SQL commands disguised as a URL or form input to the database. A successful SQL injection attack may cause the SQL server to run undesirable commands and manipulate the contents of the database.
Severity:
  SQL Injection attacks can allow an attacker to:
  • login to the application without supplying valid credentials
  • perform queries against data in the database
  • modify the database contents or drop the database altogether
Details:

Structured Query Language (SQL) is a textual language used to interact with relational Databases. Applications often use SQL statements to authenticate users to the application, validate roles and access levels, store and obtain information for the application and user, and link to other data sources.

SQL Injection flaws allow attackers to relay a malicious code through a web application to another system. This is done through calls to backend databases using SQL queries. To exploit a SQL injection flaw, the attacker must find a parameter that the web application passes through to a database. By carefully incorporating malicious SQL commands into the content of the parameter, the attacker can manipulate the web application into forwarding a malicious query into the database.

The consequences are particularly damaging, as a successful attack may get the database to run undesirable commands, resulting in disclosure of confidential information, database modifications or even database shutdown.
Attack Detection:

Using SmartView Tracker, users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra that have enabled the Web Intelligence SQL Injection protection mentioned below, will identify SQL Injection attacks by the following entries (example only):

Attack name: SQL Injection
Information: reason: WSE0040001 SQL injection detected in URL: 'UNION'
Solution:

Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of Connectra with Web Intelligence license are protected against SQL Injection attacks.

Web Intelligence can inspect for the presence of SQL commands in web forms or URLs sent in HTTP requests to a server. The protection looks for several categories of commands, including distinct SQL commands (i.e. strings that are unique to SQL), non-distinct SQL commands (i.e. strings that may appear in common language, such as "select", "join" etc), as well as special SQL separator characters (+ ' -).

To enable the Protection (R55W, R60):

Select the Web Intelligence tab > Application Layer and check SQL Injection.

To enable the protection (Connectra):

  1. On the navigation tree, click Security > Web Intelligence
  2. The Web Intelligence page appears. The Application Layer Protection pane is shown below:



  3. In the Application Layer Protection, enable SQL Injection. Select a Security Level from the Security Level drop-down box.
Industry Reference: CAN-2004-0266
CAN-2004-0269
CAN-2004-0271
CAN-2004-0272
CAN-2004-0275
CAN-2004-0291
CAN-2004-0300
CAN-2004-0304
CAN-2004-0323
CAN-2004-0338
CAN-2004-0343
CAN-2004-0348
Additional Information: Top Ten Vulnerabilities
NGSSoftware