Last week, we looked at SQLMAP – a popular tool to test for SQL Injection vulnerabilities. Here is a video series from Imperva that demonstrates basic SQL Injection techniques for security testing.

Here is Part 2

Conclusion

One of the most common and dangerous web application vulnerabilities revolve around unsafe SQL (Structured Query Language) handling in applications. SQL injection is a type of security exploit in which the attacker inserts SQL code to a Web form input box to gain access to resources or make changes to data.

Successful SQL injection attempts can cause an attacker to not only steal data from a database, but also modify and/or delete it. Certain SQL Servers may also contain Stored and Extended Procedures (database server functions). If an attacker can obtain access to these Procedures it may be possible to compromise the entire system and through it, access other systems on the network.

Testing for SQL injection vulnerabilities is often a tedious and labor intensive process. Sqlmap is a powerful tool that aid in this test process. Currently at version 0.7 release candidate 1, sqlmap is a command-line automatic SQL Injection tool developed in python.

Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to retrieve remote DBMS databases, user names, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

sqlmap implements multiple techniques to attempt and exploit a SQL injection vulnerability. Inferential blind SQL injection, also known as boolean based blind SQL injection, UNION query (inband) SQL injection, also known as full UNION query SQL injection and Batched (stacked) queries support, also known as multiple statements support.

In addition to the common input sources, the tool can also test cookies. Since many applications store their session information using a cookie, this is a common practice during SQL injection attempts — one that most penetration tests often overlook.

Sqlmap excels more at exploiting an identified SQL injection vulnerability than finding it. Even with the high degree of automation, it still takes some time to identify vulnerabilities and requires some knowledge of SQL injection techniques.

Latest version of sqlmap is available at sourceforge. For information on preventing SQL injection vulnerabilities, refer to this cheat sheet.

Until this week, Conficker hadn’t done much beyond duplicating itself and spreading. Looks like it is finally started acting beyond that.

Early yesterday, a posting at viruslist alerted that,

The computers infected with Trojan-Downloader.Win32.Kido (aka Conficker.c) contacted each other over P2P, telling infected machines to download new malicious files.

This latest Kido variant – Net-Worm.Win32.Kido.js – is very different to previous ones, with two notable points: once again it’s a worm, and it’s only functional until 3rd May.

Infected machines can show an offering for scareware that promises to clean the PC for $49.95. Besides the scareware download attempt, conficker may also download;

• an update for a variant that will allow the worm to spread using a Microsoft vulnerability, to stop existing programs and block attempts to reach additional domains

• Email-Worm.Win32.Iksmas.atz to infected systems. This email worm is also known as Waledac, and may be able to steal data and send spam.

An eyechart from the conficker working group makes it easy to determine if you are infected.

See instructions for removal at Microsoft, Symantec and this blog for insight on using group policies to deal with conficker in an Active Directory environment.