Reconstructing an SQL injection from its fix

John Lightsey gives another of his security-related talks. In this instance, he walks through a security fix on the Movable Type software. After demonstrating the problematic code and showing how it can be exploited to answer arbitrary yes/no questions about data in the database, he uses sqlmap to automate actual effective attacks on a server he controls.

We all know that SQL injection attacks are dangerous, but I think most of us had a very simplistic view of what was possible. John showed how a relatively small leak of information through a SQL injection could be used to query information about the database and extract valuable information in an automated fashion.

He pointed out that the sqlmap software is easily installable on Debian. It can be used both to exploit a particular vulnerability or as a fuzzer to find vulnerabilities.

After the main demonstration, John gave a set of other resources in the same area.

• OverTheWire - Practice scenarios for leveraging various types of security defects.
• The phineas fisher video that demonstrates using sqlmap to take down a website.
• The Perl Jam 2 video that talks about the same type of SQL injection issue in Bugzilla.
• The original Perl Jam video. Primarily about return context issues.

We had 9 people attending this month. As always, we'd like to thank HostGator, LLC for providing the meeting space and food for the group.