Skip to main content

Software Security Vulnerabilities



According to one recent study, the top three software security loopholes are mainly due to following reasons:
1. Cross Site Scipting
2. SQL Injection
3. Malicious File Execution

SQL Injection

In this type of software vulnerability, hackers try to gain the access to the application by injecting SQL code. 

Below is the simple example :
Lets say an application is giving access to the user by asking them to enter user id and password in its login screen.

But the application code is written in such a way [Concatenated user input strings] that it gives the access based on checking the below SQL statement in the backend.

SELECT FIRST_NAME FROM USERS_TABLE WHERE USER_ID = ‘’’ ||user_id_input ||’’’ and password== ‘’’ ||password_input ||’’’;

Lets say users_table in the database is having following data :
Users Table




Row Number
First_Name
Last_Name
user_Id
password
1
Mike
Tyson
mike
trickme

Now if Mike enters user id as ‘mike’ and password as ‘trickme’ then he would be allowed to enter into the website as it generates the following statement and the SQL statement retrieves the record successfully from database:

SELECT FIRST_NAME FROM USERS_TABLE WHERE USER_ID=’mike’ AND PASSWORD=’trickme’;

Output from Database
First_Name
Mike

Now lets say some hacker wants to gain access to the website and he enters
User ID = ‘’’ or 1=1 and Rownum=1--
Password = ANY PASSWORD

Then it would generate the following SQL statement and will get executed successfully (Surprisingly)
SELECT FIRST_NAME FROM USERS_TABLE WHERE USER_ID=’ ‘’’ or 1=1 and Rownum=1--’ AND PASSWORD= ‘ANY PASSWORD’;

Dissecting the above statement:
  1.    SELECT FIRST_NAME FROM USERS_TABLE WHERE USER_ID=’ ‘’’  or 1=1
  2.    and Rownum=1
  3.    --’ AND PASSWORD= ‘ANY PASSWORD’;

First line will get FIRST_NAME of the user where USER_ID is empty or any other row
Second line will get the first row
Third line is commented so it will not get executed

Thus he always gets the first row’s FIRST_NAME from the database and thus gets entry into the website.

Comments

Post a Comment

Popular posts from this blog

Outsystems Integrations - Connecting to Microsoft Azure Sql Server

In this article, I will show you how to set up your own Microsoft Azure SQL Server Database and then how to integrate this SQL Server database in Outsystems. Create a free Microsoft Azure Account. https://portal.azure.com. Microsoft Azure is a cloud computing service for building, deploying and testing application through Microsoft managed data centers (similar to Amazon’s AWS services) Microsoft provides free accounts with free credit of $200 to spend in the first year of new account. I am using this feature to create a Microsoft Azure SQL Server database in the cloud and will show how easy it is to connect this Azure AQL Server from Outsystems. Click on Add button to add a Azure SQL Database Fill in the details and click on Create button. Your deployment will take few seconds to few min to create. Look for the status in the table. It will change to Created automatically without refreshing the screen and finally when your screen says deployment is compl...
Post a Comment
Read more

Outsystems Tips and Tricks : Adding iFrame in Reactive Web App

In Outsystems Version 11+, there is no iFrame widget available when you are building Reactive Web Applications. So in case you want to add an iFrame HTML tag or for that matter any other HTML element, you could do so by creating a generic web block and pass HTML in to it by doing as follows.
Post a Comment
Read more