"The Blind SQL Injection Issue" explanation

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

"The Blind SQL Injection Issue" explanation

Hi members,

A web application of mine has been scanned by a "security tool".
It reports some issues about "Blind SQL Injection Issue"

The test result seems to indicate a vulnerability
because it shows that values can be appended to parameter
values, indicating that they were embedded in an SQL
query. In this test, three (or sometimes four)
requests are sent. The last is logically equal to the original,
and the next-to-last is different. Any others are for control
purposes. A comparison of the last two responses with the first
(the last is similar to it, and the next-to-last is different)
indicates that the application is vulnerable.

This message is widely used on internet: https://goo.gl/Gtqkbk

My problem is I cannot figure out how this could work.

Let's suppose the web app is vulnerable, the reasoning of this test is:

- req. 1 gets resp. 1 and changed database state to state 1
- req. 2 gets resp. 2 and changed database state to state "whatever"
- req. 3 gets resp. 1 and changed database state to state "whatever"

My questions are:
- How could database state "whatever" would give the same response as
  "state 1" ? (a.k.a "resp. 1")
- As a "blind" one (mostly random input then), how could these
  assertions work?

Would you please help me to figure out how this works?
I have basic security level and maths are far away in the past ;-)

Thank you in advance.

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.