SQL Injection made easy
Don’t you just love Windows? I’ve just been looking on a fairly popular online store running IIS on Windows, but it appears to be having some problems:
…snip… Dim Connectview, RSview, Queryview, qtyview, line_totalview, subtpriceview, full_totalview, clientidview clientidview = Request.Cookies(”user”) Set Connectview = Server.CreateObject(”ADODB.Connection”) Connectview.ConnectionString = “Provider=Microsoft.Jet.OLEDB.4.0;” & “Data Source=D:stagingbasketdb******.mdb” Connectview.Open Set RSview = Server.CreateObject(”ADODB.Recordset”) Queryview = “SELECT * FROM basket WHERE Clientid =’”& clientidview & “‘ “ RSview.Open Queryview, Connectview …etc…
(I’ve trimmed and censored some bits to help protect the identity of the web site.) As you can see, the website decided to give me the raw ASP code instead of a nice, rendered, HTML page. You’ll spot the very nasty bit of SQL in there too. An unescaped variable is taken right out of a cookie and dumped straight into a string and then executed. This site is begging for a SQL-injection attack if ever I saw one! All I need to do is modify the value of the cookie on my machine, reload the web page, and hey presto — I’ve dropped their database (or worse…). Crazy!
The web page makes a reference to a file called CommonSubs.inc too, and as luck would have it, I could paste this path into my web browser address bar and download this too. More interesting information:
…snip… ‘ Hardcode accnt, userid and password accnt = “****” userid = “” password = “” …snip… obj.Provider = “RedBack.RedPages.1″ obj.Open accnt, userid, password …snip…
(Again this has been censored a bit. Note also the very poor code format. Not nice.) Now I’m no hacker — nor am I the best coder around — but I can’t believe a successful e-commerce site is actually managing to run like this! I’ll probably contact them in the morning and let them know they have a serious problem. Anyone got any suggestions about how I can do this and get some money out of them (legally, that is)?
RSS Feed for posts