This is a mirror of official site: http://jasper-net.blogspot.com/

Creating Backdoors Using SQL Injection

| Sunday, February 12, 2012
Introduction

If you’re reading this article than I’m reasonably sure that you have heard of a virus, otherwise refered to as a Trojan horse or worm, which can infect your system. Once infected, your system may possibly infect others as well, e.g., when you connect your infected system to a network. Many times the malware not only spreads to other systems but makes changes to every system it infects. These changes will let the virus remotely control every system that it infects at a later date. It accomplishes this by first executing and then copying a small executable onto the user’s disk; this executable simply listens on an unused port of the user’s system to which the malware can connect to whenever the machine is connected to the Internet. This little executable is called a backdoor. I’ve over simplified everything here; but my purpose was to introduce the concept of a backdoor.

In this article, we will look at a couple of ways in which different kinds of backdoors can be introduced onto a server via a SQL injection vulnerability. We are going to take an application that I have which is already vulnerable to SQL injection and I’m going to use an existing vulnerability to introduce a backdoor to the system.


What is SQL Injection?

There are already well over 1 million articles about what SQL injection is and how it can be discovered and mitigated, so I won’t repeat that here. Here’s a link to an introductory article that I wrote if you need more background information on SQL injections. In the article I also include a number of references where you can find additional information on the topic.

Right, so now you’re clear about what SQL injection is and how you can extract data from a database. Now we will use this discovered injection vulnerability to drop a backdoor onto the system.


An operating system (OS) backdoor…

The aim here is to be able to execute random commands against the operating system by exploiting the SQL injection vulnerability. To run OS commands we will need a command (CMD) shell, or need to run code which allows us to run OS commands. Let’s try both techniques.

Read more: InfoSec
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://resources.infosecinstitute.com/backdoor-sql-injection/

Posted via email from Jasper-net

0 comments: