SQL Injection through HTTP Headers

原文：http://www.oschina.net/translate/sql-injection-through-http-headers
译文：http://www.databasetube.com/database/sql-injection-through-http-headers/

Identifying the input vectors of the target application is a primordial step during vulnerability assessment or penetration testing. This article explains how to people can attempt SQL injection in your database through HTTP Headers and discusses which vulnerability scanners tools to choose for testing SQL injection.

Author: Yasser Aboukir, InfoSec Institute

We increment the number and add this time: order by 5. The response to this injection is as follows:

What’s next?

For developers

Cookies and other stored HTTP headers should be treated by developers as another form of user input and be subjected to the same validation routines.

For testers

The manipulation of HTTP header information on page requests (especially the REFERER and USER-AGENT fields) is important to identify whether the application is vulnerable to SQL Injection vectors or even to other standard vulnerabilities (XSS). It’s a good practice to define and describe every way that a user may manipulate data which is used by the application. These data may be stored, fetched and processed from Cookies, HTTP-headers (like HTTP_USER_AGENT ), form-variables (visible and hidden), Ajax-, JQuery-, XML-requests.

Yasser Aboukir is a security researcher for InfoSec Institute. InfoSec Institute s a security certification company that provides popular CEH and CCNA training.

References

[1] Penetration Testing with Improved Input Vector Identification, William G.J. Halfond, Shauvik Roy Choudhary, and Alessandro Orso College of Computing Georgia Institute of Technology

[2] Security Tools Benchmarking – A blog dedicated to aiding pen-testers in choosing tools that make a difference. By Shay-Chen http://sectooladdict.blogspot.com/2011/08/commercial-web-application-scanner.html

[3] https://en.wikipedia.org/wiki/X-Forwarded-For

[4] http://www.techbrunch.fr/securite/blind-sql-injection-header-http/

[5] http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#user-agent

[6] http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14

[7] https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus/

[8] https://addons.mozilla.org/en-US/firefox/addon/tamper-data/

[9] http://sqlmap.sourceforge.net/doc/README.html

[10] http://msdn.microsoft.com/en-us/library/ms161953.aspx