We’re talking about injection attacks and I was original you know I often put pictures in my slides that are like vaguely related to the thing I’m talking about and so I looking at pictures of syringes and I’m like I can only do whatever looking at some of them are just like freaking hell out so there’s a new feature.
And you’ve got the lectures say it’s but we are talking about injection attacks so.
In the two examples are command injection and sacral injection but there are loads of different kinds of injection attacks and in fact across that scripting is a form of injection attack which is what we covered last week so basically an injection attacks what happens when we get some input from a.
Not been careful enough about the way that we’re treating the information coming from the user we’re not accidentally running it as code that gets executed somewhere so there’s all kinds of security problems that basically the root.
Cause is like an injection attack so some examples are operating system like command injection so we can inject something into a.
Shell script for example or an inject something that ends up getting interpreted by a shell when we can inject sequel code or SQL depending on how you want to pronounce ur or no sequel we can inject commands into LDAP lookups.
So LDAP is an authentication system.
Used well it’s a lightweight directory basically a database that has often it’s used to store information about an organization which can include like phone numbers and details of employees.
But it’s also often used to store like as a central store for passwords but it’s basically database you do lookups against so again injections are possible you can inject.
Into an XML file or a lookup in an XML file like an XPath which is a way of addressing a location within an XML and all sorts of other things where you can inject code into an object and for the parser to interpret it not the way that it’s intended so injection attacks are super prevalent and you know last what we talked about cross-site scripting and I said that.
Is the most prevalent kind of attack that exists well that is a form of injection attack so.
If you want to speak more broadly than injection attacks as a whole is obviously you know huge so but again that you can have a.
Severe impact it can basically anything you can imagine that could go wrong can go wrong with injection attacks where you can end up having mass disclosure of data so we managed to trick.
For example to returning more like sensitive information that we don’t expect.
Get access to so for example getting access to every other users account on a web page for example and all their sensitive information like losing the data in the sense of like actual modification and.
Deletion of data there is potentially complete databases or entire systems can be compromised talking about operating system command injection you can end up with like shell access where the attacker ends up being able to take full control of the server and in other cases like for sequel injection there are some fringe cases where you end up.
With shell on the server but often you end up with that full readwrite access to a database and that can be just as harmful to an organization so you can imagine this massive business impact and it just depends on the kind of business and what you’re trying to protect and the actual details so we talked about cross-site scripting and that is an example of.
Injection attacks and basically in that.
Example that we talked about last.
Actually end up injecting code into like an a query that’s sent to a command shell by – for example the bash shell on a Linux system so this is an example that is not website based this is.
A nice little small piece of C code where we’ve got basically we’re including standard input/output yeah the main function which is where most all the code lives in this case we’ve got two variables a name and a command we ask them what their name is we store that into the variable name we print to the screen hello sorry we’re not printing it’s going printing to a variable hello person’s name and then echo the time is currently and then we’re running.
At the command date so it basically were constructing a string that we then end up sending 32 bash which then runs that command so if we have a look say so that he is a safer ground I just mentioned might as well fix the agenting because I just notice that.
It’s not quite all right so we got a main function and I’ve just talked through that code so all as well so save that with a c program we obviously we just compile it for GCC and then the name of the file that we want to compile and if we want to specify an output we.
Can specify we want that to go it compiles the program we can run that program us for the name it’s as hello world at the time is currently clearly the.
The security problem here is that we’re sending through the what the users entering directly through to bash and so we’re trusting that the user.
Is actually going to enter in their name and not something like which will basically that because it’s passing that 32 bash it’s just passing 3 and the input that I providers which was like a semicolon which tells it to start.
A new command and then type cat ATC password and it happily run that command and and send that to the to the console so the error there is again same as last week there’s a lack of validation sanitization they’re not we’re not being careful about how.
We’re using the the users information and the reason as a command injection attack is because we’re taking what the user has entered and we’re sending a 32 an interpreter in this case bash without being careful about how it’s going to interpret that information that’s.