Hacking Rhetoric

SQL Injection Hacks

Leave a comment

During our analysis of “Hack This Site”, I noticed the header ad for the “NETSPARKER”– a tool that would scan your website searching for SQL injection vulnerabilities. I just happened to learn what this particular hack was last night while browsing Kevin (security consultant and hacker icon) Mitnick’s twitter timeline:

I did not get what was so funny at all, but it seemed to make all these hackers lol– I had to figure out what was going on!

Search bars, login portals… entry fields on a website can be a vulnerable point of access hackers may attempt to exploit. As I understand it, (and I could very well be wrong, so if any of y’all have a better explanation please jump in!)SQL is a programming language utilized for database management. A hacker may enter interjection commands into the entry field, such as the ones seen healthcare.gov’s search autocomplete above, in order to gain access to the database. These interjections seem to be a fairly simple hack, as well as fairly simple to secure against. I found an article on hackthissite.org discussing sql interjections– learning how to hack a site is a good way to understand how to make your own site more secure. Yet, the site does encourage curiosity, as well as ‘sticking it to the man’. Maybe some trainees from the hacker underground were looking for vulns??

This XKCD also humourously references an SQLI attack (with explanation!): http://www.explainxkcd.com/wiki/index.php?title=327:_Exploits_of_a_Mom

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s