(note: This animation has no audio track.) – The Open University
Although many moons in the Solar System follow prograde orbits, there are some notable exceptions. The gas giant planets Jupiter, Saturn, Uranus and Neptune have several small outer moons that follow retrograde orbits; this means that they orbit their planet in the opposite direction to the planet’s rotation. In a retrograde orbit, a moon revolves in its orbit in the opposite direction from that in which the planet rotates about its axis.
In my previous post “Pentestit Lab v10 – The Mail Token”, we attained usernames through Intelligence Gathering, brute forced the SMTP Service, attained login credentials, and scored our first token. Today we will take our first steps at compromising the Global Data Security website – which will include the following:
A web application is the target of a SQL injection attack, so you must understand how these apps work. A web app can be described simply as an application that is accessed through a web browser or application (such as the apps on a smartphone). However, we need to be a little more detailed with our description in order to better understand SQL injection. In essence, a web application works by performing these steps:
The user makes a request through the web browser from the Internet to the web server.
The web server accepts the request and forwards it to the applicable web application server.
The web application server performs the requested task.
The web application accesses the entire database available and responds to the web server.
The web server responds back to the user once the transaction is complete.
The requested information appears on the user’s monitor. The details involved in these steps can change depending on the application involved.
Server-side vs. Client-side
First let’s look at the type of technologies involved in browsing and working with the Web. They mainly fall into two areas: client-side and server-side. Server-side technologies are those that run and are executed on the server itself before delivering information to the requester. Client-side technologies are those that run within the browser or somewhere on the client side. For the purposes of our discussion, we will not be covering client-side here.
Server-side technologies come in many varieties and types, each of which offers something specific to the user. Generally, each of the technologies allows for the creation of dynamic and data-driven web applications. There are a wide range of server-side technologies that you can use to create these types of web applications, among them:
All of these technologies are powerful and offer the ability to generate web applications that are extremely versatile. Each also has vulnerabilities that can lead to them being compromised, but this chapter is not about those. This chapter, like SQL injection, is designed to target the code that is used to make the technologies access a database as part of its functioning. This code, when incorrectly crafted, can be scrutinized and result in vulnerabilities uncovered and exploited.
SQL injection has been around for at least 20 years, but it is no less powerful or dangerous than any other attack we have covered so far. It is designed to exploit flaws in a website or web application. The attack works by inserting code into an existing line of code prior to its being executed by a database. If SQL injection is successful, attackers can cause their own code to run. In the real world this attack has proven dangerous because many developers are either not aware of the threat or don’t understand its seriousness. Developers should be aware that:
SQL injection is typically a result of flaws in the web application or website and is not an issue with the database.
SQL injection is at the source of many of the high-level or well-known attacks on the Internet.
The goal of attacks of this type is to submit commands through a web application to a database in order to retrieve or manipulate data. • The usual cause of this type of flaw is improper or absent input validation, thus allowing code to pass unimpeded to the database without being verified.
SQL Attacks in Action
In 2011, Sony Corporation was the victim of a SQL injection that compromised a multitude of accounts (estimated to be over one million e-mails, usernames, and passwords). The FBI revealed that a minimum of 100,000 records, including Social Security numbers of current and former federal employees, were compromised. Additionally, 2,800 of the records obtained included bank account numbers. When investigating this attack, the FBI revealed that not only the DoE and the Army were impacted; NASA, the U.S. Missile Defense Agency, and the Environmental Protection Agency were also affected. Details of these attacks have not been fully released as of this writing. SQL injection is achieved through the insertion of characters into existing SQL commands with the intention of altering the intended behavior. The following example illustrates SQL injection in action and how it is carried out. The example also reveals the impact of altering the existing values and structure of a SQL query.
In the following example, an attacker with the username link inputs for the original code after the = sign in WHERE owner which used to include the string ‘name’; DELETE FROM items; — for itemName into an existing SQL command, and the query becomes the following two queries:
SELECT * FROM items
WHERE owner = 'link'
AND itemname = 'name';
DELETE FROM items;--
Many of the common database products such as Microsoft’s SQL Server and Oracle’s Siebel allow several SQL statements separated by semicolons to be executed at once. This technique, known as batch execution, allows an attacker to execute multiple arbitrary commands against a database. In other databases, this technique will generate an error and fail, so knowing the database you are attacking is essential.
If an attacker enters the string ‘name’; DELETE FROM items; SELECT * FROM items WHERE ‘a’ = ‘a’, the following three valid statements will be created:
SELECT * FROM items
WHERE owner = 'link'
AND itemname = 'name';
DELETE FROM items;
SELECT * FROM items WHERE 'a' = 'a';
A good way to prevent SQL injection attacks is to use input validation, which ensures that only approved characters are accepted. Use whitelists, which dictate safe characters, and blacklists, which dictate unsafe characters.
Results of SQL Injection
What can be accomplished as a result of a SQL injection attack? Well, there are a huge number of possibilities, which are limited only by the configuration of the system and the skill of the attacker.
If an attack is successful, a host of problems could result. Consider the following a sample of the potential outcomes:
Identity spoofing through manipulating databases to insert bogus or misleading information such as e-mails and contact information.
Alteration of prices in e-commerce applications. In this attack, the intruder once again alters data, but does so with the intention of changing price information in order to purchase products or services at a reduced rate.
Alteration of data or outright replacement of data in existing databases with information created by the attacker.
Escalation of privileges to increase the level of access an attacker has to the system, up to and including full administrative access to the operating system.
Denial of service, performed by flooding the server with requests designed to overwhelm the system.
Data extraction and disclosure of all data on the system through the manipulation of the database.
Destruction or corruption of data through rewriting, altering, or other means.
Eliminating or altering transactions that have been or will be committed
Next up will be all about the anatomy of a SQL Injection and Database vulnerabilities.
This image from Hubble’s Wide Field Camera 3 (WFC3) shows NGC 1448, a spiral galaxy located about 50 million light-years from Earth in the little-known constellation of Horologium (The Pendulum Clock). We tend to think of spiral galaxies as massive and roughly circular celestial bodies, so this glittering oval does not immediately appear to fit the visual bill. What’s going on?
Imagine a spiral galaxy as a circular frisbee spinning gently in space. When we see it face on, our observations reveal a spectacular amount of detail and structure — a great example from Hubble is the telescope’s view of Messier 51, otherwise known as the Whirlpool Galaxy. However, the NGC 1448 frisbee is very nearly edge-on with respect to Earth, giving it an appearance that is more oval than circular. The spiral arms, which curve out from NGC 1448’s dense core, can just about be seen.
Although spiral galaxies might appear static with their picturesque shapes frozen in space, this is very far from the truth. The stars in these dramatic spiral configurations are constantly moving and spinning around the galaxy’s core, with those on the inside whirling around faster than those sitting further out. This makes the formation and continued existence of a spiral galaxy’s arms something of a cosmic puzzle, because the arms wrapped around the spinning core should become wound tighter and tighter as time goes on — but this is not what we see. This is known as the winding problem.Credit:
This artist’s impression shows the light of several distant quasars piercing the northern half of the Fermi Bubbles, an outflow of gas expelled by the supermassive black hole in the centre of the Milky Way. The NASA/ESA Hubble Space Telescope probed the quasars’ light for information on the speed of the gas and whether the gas is moving toward or away from Earth. Based on the material’s speed, the research team estimated that the bubbles formed from an energetic event between 6 million and 9 million years ago.
The inset diagram at bottom left shows the measurement of gas moving toward and away from Earth, indicating the material is traveling at a high velocity.
Hubble also observed light from quasars that passed outside the northern bubble. The box at upper right reveals that the gas in one such quasar’s light path is not moving toward or away from Earth. This gas is in the disc of the Milky Way and does not share the same characteristics as the material probed inside the bubble.