970
Life Hack (lemm.ee)
you are viewing a single comment's thread
view the rest of the comments
[-] ricecake@sh.itjust.works 11 points 7 months ago

Oh sweet summer child.

First, injection attacks are third on the owasp list, although they do roll xss into it too, which changed the name, since "shit sanitization on input" and "shit escaping before use" are the cause of both.
https://owasp.org/Top10/A03_2021-Injection/

Secondly, SQL injection is freakishly common and easy. I don't know of any database libraries that prevent you from directly executing an SQL literal, they just encourage parameterized statements.

I have personally run into plenty of systems where people build SQL via string concatenation because for whatever reason they can't use an orm or "proper" SQL generator.

You can find them in the wild fairly often by just tossing ' or 1=1;-- into fields in forms. If it gets mad in a way that doesn't make sense or suddenly takes forever, you win!

Don't do that though, because it's illegal.

[-] dan@upvote.au 2 points 7 months ago

Secondly, SQL injection is freakishly common and easy.

Do you have any recent examples of major SQL injection holes?

[-] ricecake@sh.itjust.works 10 points 7 months ago* (last edited 7 months ago)

https://www.securityweek.com/millions-of-user-records-stolen-from-65-websites-via-sql-injection-attacks/

https://www.darkreading.com/remote-workforce/critical-security-flaw-wordpress-sql-injection

https://www.tenable.com/blog/cve-2023-48788-critical-fortinet-forticlientems-sql-injection-vulnerability

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a

https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cwe_id=CWE-89&isCpeNameSearch=false

You can fiddle with the nvd search settings to find whatever severity score you like, or filter by execution parameters.

https://nvd.nist.gov/vuln/detail/CVE-2024-1597

That one was a treat when I check under critical, since it's an injection attack that can bypass parameterized query protections for the database driver, which is why "defense in depth" and "always sanitize your fucking inputs" are such key things to remember.

I hope that provided what you're looking for, and maybe increases your awareness of SQL injection. ๐Ÿ˜Š

[-] dan@upvote.au 4 points 7 months ago

Great comment. Thanks!

[-] DrJenkem@lemmy.blugatch.tube 4 points 7 months ago

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sql+injection

And without giving away specifics, I've personally found SQLi vulns in the wild within the last 5ish years.

this post was submitted on 04 Apr 2024
970 points (97.5% liked)

Programmer Humor

19623 readers
1 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS