Introducing SQL Injection 335
Record or Row Each record in a database represents a collection of related data such as
information about a person.
Column A column represents one type of data, for example, age data for each person in
the database.
Databases have a broad range of applications for everything from storing simple
customer data to storing payment and customer information. For example, in an
e-commerce application when customers place an order their payment and address
information may be stored within a database that resides on a server.
While the function of databases may sound mundane, databases come into their own
when linked to a web application. A database linked as part of a web app can make a
website and its content much easier to maintain and manage. For example, if you use a
technology such as ASP.NET, you can modify a website’s content simply by editing a record
in a database. With this link, simply changing a record in a database will trigger a change in
any associated pages or other areas.
Another common use of databases, and one of the higher-profile targets, is in membership
or member registration sites. In these types of sites, information about visitors who register
with the site is stored within a database. This information can be used for a discussion
forum, chat room, or many other applications. With potentially large amounts of personal
information being stored, an attacker would find this setup ideal for obtaining valuable data.
Locating Databases on the Network
A tool that is effective at locating rogue or unknown database installations is a tool known
as SQLPing 3.0, as described on the vendor’s website:
SQLPing 3.0 performs both active and passive scans of your network
in order to identify all of the SQL Server/MSDE installations in your
enterprise. Due to the proliferation of personal firewalls, inconsistent
network library configurations, and multiple-instance support, SQL
Server installations are becoming increasingly difficult to discover,
assess, and maintain. SQLPing 3.0 is designed to remedy this problem by
combining all known means of SQL Server/MSDE discovery into a single
tool, which can be used to ferret out servers you never knew existed on
your network so you can properly secure them; see http://www
.vulnerabilityassessment.co. uk/.
SQLRecon is very similar to SQLPing, but it also provides additional techniques to discover
SQL Server installations that may be hidden (http://www.vulnerabilityassessment.co. uk/):
SQLRecon performs both active and passive scans of your network
in order to identify all of the SQL Server/MSDE installations in your
enterprise. Due to the proliferation of personal firewalls, inconsistent
network library configurations, and multiple-instance support, SQL
Server installations are becoming increasingly difficult to discover,
assess, and maintain. SQLRecon is designed to remedy this problem by
combining all known means of SQL Server/MSDE discovery into a single
tool which can be used to ferret-out servers you never knew existed on
your network so you can properly secure them.