Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "SQL backdoor"
From NetSec
(Created page with "{{info|'''SQL Malware''' affects a variety of database-driven applications, including but not limited to web applications, services, and desktop ...") |
(→MySQL) |
||
Line 11: | Line 11: | ||
{{warning|These notes are for educational purposes only. Use of these code snippets on systems or databases that you do not own is a criminal act.}}{{protip|Depending on the [[Databasing_engine|databasing engine's]] version and configuration, it may be possible to inject [[SQL]] malware using [[SQL injection]].}} | {{warning|These notes are for educational purposes only. Use of these code snippets on systems or databases that you do not own is a criminal act.}}{{protip|Depending on the [[Databasing_engine|databasing engine's]] version and configuration, it may be possible to inject [[SQL]] malware using [[SQL injection]].}} | ||
==[[MySQL]]== | ==[[MySQL]]== | ||
− | + | * '''CREATE FUNCTION''' and '''CREATE PROCEDURE''' require the '''CREATE ROUTINE''' privilege to execute successfully. Depending on the security context of the CREATE statement's '''DEFINER''' clause, the '''SUPER''' privilege may also be required. (As of [[MySQL]] 5.0.3) | |
+ | * '''CREATE TRIGGER''' requires the '''SUPER''' privilege on the selected [[database]] in order to execute successfully. | ||
+ | * '''CREATE TRIGGER''' was added to [[MySQL]] in version 5.0.2 and has not been removed since. | ||
+ | |||
===Syntax=== | ===Syntax=== | ||
Revision as of 08:56, 24 January 2012
SQL Malware affects a variety of database-driven applications, including but not limited to web applications, services, and desktop applications. This breed of malware is made possible by the SQL functionality for triggers and stored sub-procedures. |
Contents
Concept
Notice: SQL malware persists beyond deletion of rows containing it from a table.
SQL malware can exist in subprocedures and triggers, resulting in its activation at the execution of every (or a specific) query. It can do anything from resetting a password hash to replacing user-contributed content with redirects browser exploits and other malware distribution tactics.
Subprocedures
Sub-procedures are similar to functions or methods in other programming languages. They can be passed arguments, perform operations on the arguments passed, and return computed data.
Event Procedures
Triggers, otherwise referred to as event procedures in other programming languages, may be attached to any table for update,delete, or insert queries. It is important to note that while triggers cannot be bound to select queries, many applications store user activity history in SQL (search history, for example). In stead of hooking the SELECT ... LIKE statement against the table being searched to determine if a search query contained a particular keyword, a developer can hook the INSERT query against the history table where the search is logged.
Implementation
These notes are for educational purposes only. Use of these code snippets on systems or databases that you do not own is a criminal act. |
Protip: Depending on the databasing engine's version and configuration, it may be possible to inject SQL malware using SQL injection.
MySQL
- CREATE FUNCTION and CREATE PROCEDURE require the CREATE ROUTINE privilege to execute successfully. Depending on the security context of the CREATE statement's DEFINER clause, the SUPER privilege may also be required. (As of MySQL 5.0.3)
- CREATE TRIGGER requires the SUPER privilege on the selected database in order to execute successfully.
- CREATE TRIGGER was added to MySQL in version 5.0.2 and has not been removed since.