Data Retrieval over DNS in SQL Injection Attacks
نویسنده
چکیده
This paper describes an advanced SQL injection technique where DNS resolution process is exploited for retrieval of malicious SQL query results. Resulting DNS requests are intercepted by attackers themselves at the controlled remote name server extracting valuable data. Open source SQL injection tool sqlmap [1] has been adjusted to automate this task. With modifications done, attackers are able to use this technique for fast and lowprofile data retrieval, especially in cases where other standard ones fail.
منابع مشابه
Assessing DNS Vulnerability to Record Injection
The Domain Name System (DNS) is a critical component of the Internet infrastructure as it maps human-readable names to IP addresses. Injecting fraudulent mappings allows an attacker to divert users from intended destinations to those of an attacker’s choosing. In this paper, we measure the Internet’s vulnerability to DNS record injection attacks—including a new attack we uncover. We find that r...
متن کاملPreventing SQL Injection Attacks
With the recent rapid increase in web based applications that employ back-end database services, results show that SQL Injection and Remote File Inclusion are the two frequently used exploits rather than using other complicated techniques. With the rise in use of web applications, SQL injection based attacks are gradually increasing and is now one of the most common attacks in the internet. It ...
متن کاملRuntime Monitoring Technique to handle Tautology based SQL Injection Attacks
Over the recent years our dependence on web applications has increased drastically in our everyday routine activities. Therefore, we expect these web applications to be secure and reliable when we are paying bills, shopping online, making transactions etc. These web applications consist of underlying databases containing confidential user’s data like financial information records, medical infor...
متن کاملA Literature Review and Comparative Analyses on SQL Injection: Vulnerabilities, Attacks and their Prevention and Detection Techniques
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The attack takes advantage of poor input validation in code and website administration. It allows attackers to obtain unauthorized access to the back-and database to change the intended application generated SQL queries. Researchers have proposed various solutions to address SQ...
متن کاملExplorative Study of SQL Injection Attacks and Mechanisms to Secure Web Application Database- A Review
The increasing innovations in web development technologies direct the augmentation of user friendly web applications. With activities like online banking, shopping, booking, trading etc. these applications have become an integral part of everyone’s daily routine. The profit driven online business industry has also acknowledged this growth because a thriving application provides the global platf...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1303.3047 شماره
صفحات -
تاریخ انتشار 2012