Hello, everyone. Welcome back to the course. Good for me. But thanks through logs in the last video, we talked about brute force attacks Amigo Vieira. And this is the model. Too absurd for in this video we start talking about injection attacks.
The first injection attack will be SQL injection
to start. Let's check the video Project Chiefs
first, a brief introduction off injection attacks.
After this, we will review SQL or secret injection attacks
followed by webs every log analysis to identify their scare injection attacks.
Injection attacks are related to a wasp talk. A one in 2007 is the top from that ability.
The jets are so common that you know what's 2010? In 2013 it waas the top from their ability to
here the injection definition from over
injection attacks. Of course, when they sent requests contain some unexpected data and this data is executed by the Web server. Remember that the Web server doesn't care about the requests
And if the request is malicious,
the Web server you process it.
Ask your rejection is one type of injection attack. There are many other injection attacks
here. Alicia Awesome
SQL injection, file injection and others. In this video, we'll talk about escape rejection
because off the multilayer Web applications stature, the Clyde should only access the Web server
in the SQL injection attack. The client saying the request to the Web server. But they will be serving. You send the request to the database
and the database. You process it.
The penny only requires the database case accused, inspected Commons and this Commons came back to database server impacting the Web application.
SQL injection is considered a critical vulnerability.
It affects directly the database server.
Here we have a strip off unknown joke about that scare injection
closing all the database office students.
but if this happens in a production environment, the consequence could be trashed.
So let's talk about SQL injection
here. Some considerations about SQL injection Tex
it need to use sq are the database one processes.
Usually it's caused by wrong user input validation,
like allowing special characters in the form
it is. Old Attic is no scenes 99 eighties.
It's also more common
on Lagos applications.
It is a service side attack,
and it has some types like Blind Klasky Union, based in Air Base.
In our lab, there is a Web application vulnerable to escape orange actual tax.
It is simple. It's just a form with only one text books to put. They use a Reggie
if we tried the number one.
We have the Jimmy years of information
Here. You have the request, Major, the Web server. It is a simple request.
You can see that the I G has the number one
So they formation about the ad Me it's shown.
if we do not say a number, what will happen?
This is an example off a malicious requests
to summarize this user I d requests you say to the database.
I want other user orgies that are it goes to a r one equals one
one equals one is always true. So the database you sent all the user names.
This is a result off the requests Oh, user names and information about the user names. So maybe we're thinking
Kindy Web server logs You didn't find escape rejection attacks.
Let's analyze the both requests Web server logs.
The force is the I D number one request
and the second logline is a malicious request.
Notices that whatever your boot in there user i g you'll be sent to the Web server and to the database server are not important thing is that this request is encoded.
And after decoding, we'll see the same request that we use it
because off the scale is that you see encoded requests during a scare injection attacks
is important to note is that the IBIs ever answered the both requests, and this includes the malicious request.
Depending on your application, it means they're your application is vulnerable to the SQL injection.
Let's analyze this real love lines.
These lines were generated by Eskil Mato Eskil. Map is a well know to. To perform in a very scans are to perform s Kevin Jackson
Many of different abilities cans, cans, acute SQL injections. So during different are beauties cans, it's possible to see escape of injections
and the penny on the pulse off your company. You can classify that as a vulnerability scan are as I ask you, Jack contact again. The user agent can help you. He didn't find that
analyzing the logs. You should see s care related words are Commons like End Select case when union and others
and I always check the response off. The Web server on the previews is wide. The answer. Waas 200. So the Web server insert the request.
In this re line off logs, we have the 300 to the right direction.
Sometimes you need to correlate. Martin won the logline.
You understand all that
as information here. The same three lines off logs, but now decoded.
If you do not know about sq, have comments, you can ask to your database that he means and asked to them if this common is militias are impact. The database server.
Next is like we're on allies to more log lines,
and here they are again. We use of the SQL map, but we change it. The user Asians
you can notice included requests and many a scare words.
In the second log line, you have the wear, and there's a common
taking a better look. You can find more Commons in words,
but, well, a ritual in its operational system
like get in past apogee
and in this is live the decoded requests one more question.
What about the Post requests
to analyze the post requests, you need more logs from other sources.
Good source is a pact capture. For example, this is a website. Dialogue for a Post requests the Web. Seven. Log on Lee shows the Post request to the logging page. There is no information about the request,
but in the package capture, you can see they should be requests.
And all the form data that was sent
notices that this request a similar to our examples. How, though, is not that easy. Get a package capture, but if possible, try to ask for them
to summarize how to identify desk a rejection.
First, they're scaled Commons like from select where and others look for included requests.
Also, remember to look for user's agents and operational system related Commons awards.
Now let's do some post assessment questions to proxy.
In the first question on ELISA, Log below and identify the Web application attack after choose the option with the correct attack,
you can pause the video if you want.
This isn't you see that this log is big
and contains a lot off, including
in objection is that you find the escaped words like select and
So this is our escape rejection attack.
As information, the decoded the request showing desk your requests.
Now check this information
Web. Several logs We always show on formation about user actions. Is this information true or false?
There's a few missions force.
If there were application uses posed.
If the Web server logging configuration is wrong,
maybe the law cannot help you.
If this happened, you need to ask for the right configuration.
Are for the other logs
In this video, we talked about type of ejector attacks
SQL injection on tax,
70 reactions to then try that scare injection attacks on the Web. Several logs like SQL Commons encoded requests, User agent and Operational System Commons
and after we showed the difference between post and get requests
showing an example off a package capture where SQL injection attack.
In the next video, we'll keep talking about injection attacks.
We'll discuss about finish action are for inclusion
entity to types off inclusion loco and remote file inclusion