[Owasp-cincinnati] Meeting Follow Up:SQL Injection Attacks And FilterEvasion Techniques
Marco M. Morana
marco.m.morana at gmail.com
Sat Feb 28 12:25:39 EST 2009
In one of the use cases that was shown during the last meeting, the attacker will split the SQL injection attack vector to by-pass IDS filter signatures.
Bypass techniques can be changing an attack vectors to evade the signature checked by the IDS.
For example in the case of SQL attack vector, http://[site]/page.jsp?id=2or1=1-- changing = to "like" in the signature
it will becomes http://[site]/page.jsp?id=2or1like1-- or by inserting comments http://[site]/page.jsp?id=2/**/or/**/1/**/like/**/1/**--
Other techniques include encoding (like for XSS), using char(), using white spaces
Some of the techniques for by pass filters (including IDS signatures) as well as the linked server attacks being presented are covered by Victor Chapela OWASP paper herein:
In general IDS evation techniques are documented herein
a tool such as nmap can also do a test of your IDS actually can be bypassed
OWASP Chapter Lead
Writing Secure Software Blogger
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-cincinnati