SQL Injection Attacks Up-to-date Summary (Sept 19, 2014)

SQL Injection vulnerability is one of the popular security breaches in applications’ software. SQL Injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution code injection technique. The first public discussions of SQL injection started appearing around 1998.

A typical SQL injection occurs when user input is not filtered for escape characters and is then passed into a SQL statement. The following line of code illustrates this vulnerability:

 statement = "SELECT * FROM users WHERE name ='" + userName + "';" 

This SQL code is designed to pull up the records of the specified username from its table of users. However, if the “userName” variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended. For example, setting the “userName” variable as:

 ' or '1'='1 

renders the following SQL statements by the parent language:

 SELECT * FROM users WHERE name = '' OR '1'='1'; 

If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of ‘1’=’1′ is always true.

Dell SonicWALL Threat Research Team has developed multiple IPS signatures to protect their customers. These signatures include but are not limited to:

• 10504 ManageEngine Password Manager SQL Injection
• 10417 Nagios Core Config Manager SQL Injection
• 10416 SolusLabs SolusVM SQL Injection
• 10365 Advantech WebAccess DBVisitor.dll SQL Injection
• 10346 lighttpd Host Header SQL Injection
• 10246 SQL Injection Attack 23
• 9584 MyBB birthdayprivacy SQL Injection
• 9547 F5 BIG-IP SQL Injection

According to NVD (National Vulnerability Database), multiple SQL Injection vulnerabilities have been discovered for various applications every year. The following figure shows the SQL Injection related vulnerabilities found in different years. The SQL Injection vulnerability counts topped at 2008 and declined in the following years:

The statistics we observed shows the attack attempts addressing SQL Injection topped at 2010:

Although the SQL Injection attacks recently are much less than the peak time in 2010, it is still active and the following shows the geography graph of the attacks attempts happened in year 2014.

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.