Identifying Database Servers

Identifying Database Servers

Identifying database servers is even trickier than identifying front-end and internal application servers. Identifying front-end and internal application servers is easier because both communicate in HTTP. Their signatures work their way into various elements of HTTP, such as the URL, HTTP header, and cookies.

In contrast, database servers communicate with internal application servers in SQL. The only elements of a URL that get passed to the database interface are the values being exchanged by means of various input fields and URL parameters. Thus the only way to identify back-end databases through URLs is to force them to generate errors that are reflected by the application server and end up being sent back to the Web browser.

Let's consider two URLs:

         http://www.example.com/public/index.php?ID=27

         http://www.example.org/Profile.cfm?id=3&page=1

The first URL has a PHP script, index.php, which seems to make use of a database as suggested by the URL parameter "ID=27." The second URL is a ColdFusion application, which again seems to perform database queries based on the parameter id.

To force the database servers to return an error involves tampering with the values passed to the parameters in both cases. For the first URL, we substitute a nonnumeric ID value for "27." For the second URL, we prematurely truncate the query by replacing the value 3 with a single quotation mark. Figures 6-11 and 6-12, respectively, show how the errors appear.

Figure 6-11. Forcing a database error with PHP

graphics/06fig11.gif

Figure 6-12. Forcing a database error with ColdFusion

graphics/06fig12.gif

We leave it to you to figure out how much damage is done by simply obtaining the types of information displayed in these error messages! Hint: The ColdFusion SQL Server error message contains enough information to launch a URL request that possibly could cause remote command execution with Administrator privileges on the database server of the Web application.

 



Web Hacking(c) Attacks and Defense
Web Hacking: Attacks and Defense
ISBN: 0201761769
EAN: 2147483647
Year: 2005
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net