INFA 610 UMDC SQL Injection Discussion

Can you help me understand this Computer Science question?

Peer 1:

Common Software Vulnerabilities

For many years, governments and organizations have been storing sensitive data on computer systems and hackers having been finding ways to attack those systems. This has led to billions in economic loss due to these crimes. Computer virus and malware are programs that have been designed to disrupt computer operations in varying degrees, other forms of computer crimes include hacking. These attacks are either done for fun or to steal highly sensitive information like financial information or government secrets (DiLascio, 2021).  For this discussion, I will explain what an SQL Injection is, famous attack that have leveraged it and how it can be prevented/minimized.

Structured Query Language SQL Injection

An SQL injection is one of the most devastating and dangerous vulnerabilities that can devastate an organization. It can lead to the exposure of highly sensitive information such as usernames, passwords, names, credit details or even social security numbers (Justin, 2012). SQL injection is the vulnerability that results when a hacker or an attacker gets the ability to influence the SQL queries that is used to access and manage database and be able to perform various operations. By having an influence, the attacker can leverage the system and be able to gain access to the information, modify it and delete it (Justin, 2012).

An Examples of Successful SQL Injection Attack

According to (Greg, 2009) in 2009, Mr. Gonzalez and two unnamed Russian co-conspirators were convicted by the US prosecutors for stealing data related to 130 million credit and debit cards by hacking the payment systems of retailers including 7-Eleven. Mr. Gonzalez used the SQL injection to access the databases and steal the information. He was able to find weaknesses and errors within the program which gave him access to the system. According to the indictment, the three did extensive research on the payment system used by the victims, attacked their networks and were able to send the data to other computer servers. This data could be sold and be used to make fraudulent purchases.

How To Prevent or Minimize an SQL Injection Attack

There are ways which an organization can prevent or minimize the SQL injection attacks. Some of these ways are: Implementing monetary tool, monitoring the access activity at the application can be a quick way to notice when an attack is happening. Simple clues, like increase in errors or activities can be a major warning sign. Implementing filtering tools, real time security applications can work hand in hand with the monitoring systems to detect and block attacks as they happen (Frank,2014). Use of web application firewall. By using firewalls, unusual server requests and malicious data can be filtered out. These firewalls have the ability to nullify SQL injection attacks. The use of cryptography algorithms like hashing for passwords is a very safe method and can also save the database from getting breached by an SQL injection attack (Appknox,2021).

Summary

SQL injection is one of the most commonly used modules in the world for hacking. Given that majority of the websites are built on a database server the SQL injection can be deadly. It is very important for organizations to find ways to protect their systems and find security solutions to prevent them from happening.

Reference

DiLascio, T. M. (2021). Cyberwarfare. Salem Press Encyclopedia.

Justin, C. (2012). SQL injection attacks and defense. Waltham, Mass Syngress.

Greg, W. (2009). US man ‘stole 130m card numbers. BBC UK

Frank, O. (2014). Tips to prevent rising danger from SQL injection attacks. TechRepublic. 

Peer 2:

SQL is a domain-specific language designed for data management in relational database management systems. The attack using SQL codes is known as SQL injection. SQL Injection is also known as SQLI. It is one of the most significant flaws that a web application may have. If a user’s input is passed invalid and unsanitized as a form of a SQL query, the user can modify the query and force it to generate results that are different from what it was expected to return. In other words, SQLI is the attack where harmful SQL code is being inserted into the backend database and unintended output is generated. 

Based on the methods used to access backend database and their impact, SQLI has three categories; 

In-band SQLi (Classic): The attacker uses the same channel of communication for the attack and generates results.

Inferential SQLi (Blind): The attacker is unaware of the result generated while performing the attack. The attacker sends payloads to the server and observes the performance of the server. 

Out-of-band SQLi: The attack is performed only when certain features are enabled in the database server used by the web application.

The Accellion Attack

One of the famous attacks of SQLI is the Accellion Attack. The Accellion attack was the attack on File Transfer Appliance (FTA) affecting many industries in the supply chain market. It was an attack made with SQL injection and a combination of operating system commands. 

Flow of Acceleration Attack

1. The SQLi and command execution attack worked as follows, according to a study commissioned by Accellion:
2. To obtain access to document root.html, attackers used SQL Injection and extracted encryption keys from the Accellion FTA database.
3. The keys were utilized by attackers to produce valid tokens, which they then exploited to obtain access to other files.

Attackers exploited a vulnerability in the operating system command execution in the sftp account edit.php code to run their own instructions.

The attackers installed a web shell at the server path /home/seos/courier/oauth.api.

They uploaded a unique, full-featured web shell to disk using this web shell, which contained highly specialized tools for data exfiltration from the Accellion system. DEWMODE is the term given by the researchers to this shell.

The attackers used DEWMODE to extract a list of accessible files from a MySQL database on the Accellion FTA system, and then displayed the files and their information on an HTML website.

The attackers sent file download requests that included DEWMODE component requests with encrypted and encoded URL parameters.

1. DEWMODE is capable of accepting these requests and subsequently removing them from the FTA weblogs.
2. Thus, this can be taken as a crucial example of how a SQL Injection can hamper the functioning of different organizations.
3. Prevention
4. The best approach to prevent SQL Injection attacks is by controlling and sanitizing user inputs before processing them. Furthermore, the following best practices can be adopted to prevent SQLI attacks:
5. Input verification and validation
6. Pre-compiling the SQL i.e. using parametrized queries
7. Creating an execution plan by combining SQL statements also known as use of stored procedure.
8. Use of characters-escaping

Not using administrative privileges

Use of Firewalls

To sum up, SQL injection is one of the most crucial vulnerabilities which leads to unauthorized access of sensitive data as we learned from the Accellion attack. Since, there is a wide variation in the SQL injections, one should apply all available prevention methods to avoid such SQL injection attacks.

References

1. Kerman, D., Ray, T., McKeever, G., Simmons, E., Hewitt, N., Hasson, E., McKeever, G., P.W., & Hewitt, N. (2021, March 11). What is SQL Injection | SQLI Attack Example & Prevention Methods | Imperva. Learning Center. https://www.imperva.com/learn/application-security/sql-injection-sqli/
2. Positive Technologies. (2020, December 4). How to prevent SQL injection attacks. https://www.ptsecurity.com/ww-en/analytics/knowled…
3. Prodromou, A. (2020, July 14). Exploiting SQL Injection: a Hands-on Example. Acunetix. https://www.acunetix.com/blog/articles/exploiting-… 
4. Peer 3: 
5. Good explainer on buffer overflow – concise and informative. I wanted to add my two cents, based on what I learnt about this vulnerability while researching this week’s discussion topic. First, buffer overflow is considered the most common vulnerability in software security, according to an article on the subject in OWASP (n.d.). Also, despite being quite common, the same article claims buffer overflow is neither easily discoverable nor exploitable.
6. I also learnt that advances in programming have made it possible for this vulnerability to be mitigated, which is very encouraging. One of the mitigation methods used by machine language compilers is to create random values called canaries and insert them after each buffer layer to flag potential dangers which can then be identified, isolated and addressed (Synopsys, 2017).