Re: why most sql injection is not occurred at mysql?

Annyo MontyRee,

Funny you mention this because in my experience I found more sql
injections in mysql websites. But as you mention it's not related to the
database but how it has been implemented inside the web application
or/and inside the stored proc.

As for MySQL, since there were no stored proc before version 5.0 it
removes that threat inside the stored proc in the older versions.
However, the thing is, most of developers rely on the magic quotes
function that might seem to reduce the problem in MySQL but is still
there when an integer parameter is used. The bottom line is they might
just be harder to find or require more energy to find them.

Here what I noticed with experience, depending of the languages used for
the web development the chances were higher to get SQL injection if it
was ASP, PHP or Perl. Why? Because the learning curve for those
languages is small and unfortunately most of the examples used for
database interaction (SELECT, UPDATE, etc...) in books and websites use
string concatenation for simplicity and space limitation. Also, PHP
didn't have any system of prepared statement until (relatively)
recently, so by design there was blind sql injection.

Now, if you ask me if in general a SQL injection is more dangerous in
MS-SQL or Oracle than MySQL. I'll say most definitely. MS-SQL and Oracle
are closer to the OS and have more powerful stored procs. But again,
MySQL has enough harmful functions to create as much damage than any
other DBMS and it takes only one good vulnerability to own the system...

My 2 cents,

Cheers

Francois
Hello, all.


A I know, sql injection itself has not relation with DataBase.

Surely I have seen sql injection is occurred at mysql.
but in my short experience, most sql injection is occurred at ms-sql or oracle based not mysql.

I don't know why.

Any idea?


Thanks for your help in advance.



_________________________________________________________________
나의 글로벌 인맥, Windows Live Space!
http://www.spaces.live.com



Relevant Pages

  • glFusion <= 1.1.2 COM_applyFilter()/order sql injection exploit
    ... software site: http://www.glfusion.org/ ... Vulnerability, sql injection in 'order' and 'direction' arguments: ... To successfully interrogate MySQL you need at least 2 records in the ...
    (Bugtraq)
  • Re: Safe insert queries for mysql ?
    ... and you've got a potential SQL injection attack opened up. ... placeholders - or using the database's native support if it has it (older MySQL ... The library does whatever is required to get the values into the database - ... consistently and without you having to worry about quotes, escaping and so on. ...
    (comp.lang.php)
  • Re: escaping vs stored procedure
    ... it's really (PHP's MySQL library)'s function? ... It is a library function in MySQL. ... ng that mysql_escape_string prevents sql injection. ... mysql_real_escape_stringstrings, ...
    (comp.lang.php)
  • Writing a phpshell via SQL Injection to a host
    ... I've really been hitting SQL Injection pretty hard lately. ... comfy with SQL Injection on MSSQL server now, ... with with it on MySQL. ... The best reference on this type of attack that I've found so far is: ...
    (Pen-Test)
  • Somewhat new SQL Injection concept
    ... While I believe I know something about SQL Injection I have not found any ... Penetration tester can get free access to SQL subsystem and execute ... My example uses MySQL because this seems to be most used database on the web ... Comments shown above treated as comments in every database except MySQL. ...
    (Bugtraq)
Quantcast