tags:

views:

267

answers:

5
+5  Q: 

How to confirm SQL injection

Is there any way to confirm that a particular breach of security was done through SQL injection?

+1  A: 

after the attack has already happened? no. there isn't. you'll have to check all your sql serevr access point for potential risk. tere are some tools you can use. Check here under SQL Injection tools section.

Mladen Prajdic  2009-11-30 10:59:41
A: 

Only one reliable way is probably analysing the SQL log files. Those should be done by a DBA who can spot things quickly as the size of logs would be huge.

It is better to prevent those.

There are some tools for that but the best one is the brain of the developer.

Stick with one simple rule - always use parameters when generating SQL query.
Just do the code review and if you find string cocatenations - that is first and highly possible place for SQL Injection.

Dmytrii Nagirniak  2009-11-30 11:04:01
the request uses past tense, I suspect that it has already happened.
lorenzog  2009-11-30 11:51:17
Yes. You are right. I've updated the answer a bit.
Dmytrii Nagirniak  2009-11-30 11:59:44
A: 

You can log all http requests and check the requested pages for GET/POST sql injection tryouts.

Spidey  2009-11-30 11:19:33
+4  A: 

There is no easy way here, but if you have the enabled the SQL server you use to log every single sql statement, here is what I would do.

Normally, when I SQL inject somewhere, i use one of these as my always true statement for passing throgh the Where clause, after ending the former string. 

1=1 
0=0

both being used as : 

blahblahblah' or 1=1 --

You would not use this clauses in everyday code. So if you spot one of these in your history, well, it is a high candidate. Test the sql history to find :

(space)(number)(optional spaces)(equal)(optional spaces)(same number)(space)

Keep in mind that is heuristical, and will not always work, but could be the only way to give a hint after it had happened . Also, if you are in doubt about SQL injection, you should check the code for string concatenation and use of parameters.

kurast  2009-11-30 11:48:01
+1  A: 

Use mod_security to log POST requests and install an Intrusion Detection System to log/stop suspicious activity from now on. Logging every SQL request is an overhead if you are just looking for the breach points.

There are open source alternatives for IDS these days. I use PHPIDS (http://php-ids.org/) for all my PHP applications.

pcp  2009-12-03 07:30:56

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP