We are living in a digital era, as the internet and technology are expanding and becoming more and more popular with each passing day, so are the crimes committed on it. In recent years, the cyber-crimes on businesses or in general have significantly grown. These malicious cybercriminals take advantage of poorly designed or flawed systems used by these businesses for either some self-monetary gains by selling data, Ransom, or by any other means; or for besmirching the company’s name and its reputation. MySQL relational database management system is among one of the most popular open-source RDBMS in use currently, the main purpose of using it is to store the data for web servers or websites. Mostly all of the currently popular web servers and also the frameworks use MySQL as their preferred database. Just like any other piece of software MySQL too has some vulnerabilities which can be exploited and can cause significant damage if carried out properly, so to avoid them and to secure the data let’s look at what these vulnerabilities are and their possible fixes.
1. SQL Injection: It is among the most common and perilous attacks, in this type of attack the attackers steal information or foist data loss by attacking the database. Basically, it is an injection-type attack where the attacker runs malicious SQL queries that could have various serious implications such as losing data or even data stealing.
Mostly SQL Injections are carried out on web apps. Attackers make use of some known loopholes and vulnerabilities to target the application by SQL Injection vulnerabilities mainly to bypass application authentication process and security or to cause some harm to the database.
After carrying out a successful attack the malicious user can access the authorized and authenticated sections of web servers and applications, and can also modify, add or delete the data and can also retrieve the records as well.
Let’s take an example of a situation where we are trying to authenticate a user on some application. To do that first we would have to send or input the user’s login credentials for authentication purposes.
After the credentials are entered the application will build an SQL query below to check if the user with the entered credentials already exists or not. Query:
SELECT * FROM utable WHERE username = “UserName001”
AND password = “user1_password”
This was the case of a normal user. Now, what if an attacker is trying to exploit the system they might enter the password as “ ’*’ OR ‘1’ = ‘1’ ” and when the application builds its query it will look like this:
Query:
SELECT * FROM utable WHERE username = “UserName001”
AND password = ‘*’ OR ‘1’ = ’1’.
So, whenever the system runs this query it would always give the result to be true and the application thinks that the password is correct. In this query, the first part will look for the user with username “UserName001” with the password “*” and it will either give no result or rule it out to be false. This is where the second part of the query comes into play, here the password will always result in true. The application will let the query pass and hence the malicious user will be able to bypass the authentication. In similar ways, the attacker can also modify, add, delete or retrieve the data as they please. However, this can be circumvented either by using parameterized query/ prepared SQL statements or by sanitizing the user inputs, before the application generates the query for the provided inputs.
2. Improper Input Validation: Improper Input Validation is a dangerous type of attack where a malicious user carries out an attack on web servers or their instances such as MySQL. These attacks are used to make the instances, services, or network resources inaccessible momentarily or even permanently by disrupting the host, system, or the instance it is connected to. In MySQL, it can make the instance of MySQL crash hence making it momentarily inaccessible by any of the services that are using it as its data source.
The other issue with this type of vulnerability is that it allows remote authenticated users to cause a DoS attack by using a crafted SELECT statement along with a UpdateXML() command with many unique nested elements. The result of this is a more susceptible MySQL to DoS vulnerability. An attacker could exploit this flaw to takedown the whole database and its instances, rendering other services useless and making them inaccessible to the user.
The payload along with the commands that can be used in this scenario is as follows:
Syntax:
$mysql->query("SELECT UpdateXML('<a>$a<b>ccc</b>
<d></d></a>', '/a', '<e>fff</e>') AS val1");To avoid this vulnerability the updated versions of MySQL can be used where this exploit has been patched, version 5.5.* and above are free from this vulnerability.
3. Concurrent Execution using Shared Resources with Improper Synchronization or Race Condition: Concurrent Execution using Shared Resources with Improper Synchronization is an undesired condition that happens when a system tries to run two or more than two operations concurrently, though in a majority of the system the operations are performed in the right order or timing because of the uncontrolled events to make sure that the operations are done effectively.
In MySQL, this can give rise to a race condition, which can be considered a serious problem. It allows a local user to access the database and after that, they can use privilege escalation or escalate their user privileges and after changing their user privileges, they can carry out an arbitrary code execution attack as a local user of the database. This problematic concurrent execution using shared resources with improper synchronization condition is present in MySQL versions before version 5.5.51, 5.6.x to 5.6.32, 5.7.x to 5.7.14 and 8.x to 8.0.0; MariaDB is also affected with this condition MariaDB versions before version 5.5.52, 10.0.x to 10.0.27, and 10.1.x to 10.1.17. The attackers can use this vulnerability to their advantage by exploiting it and bypassing the imposed security restrictions to run unauthorized and arbitrary commands. This could in turn be used as a launchpad for other attacks. Though now this vulnerability has been patched on the vulnerable versions.
4. Permission, Privileges, and Access Controls: It is an old vulnerability that now has been patched. This vulnerability allowed the malicious users to override the config file of MySQL with numerous settings, so these settings could be implemented when MySQL is started next time.
5. DNS Injection in ghost: This vulnerability was present in ghost (a triggerless schema migration tool for MySQL) versions before version 1.1.3 which had a file path traversal or directory traversal vulnerabilities. In order to exploit it, the attacker either needs to have access to the target host or they need to trick the admin to run a crafted ghost command on the host running ghost along with the network access from the target host running ghost to the attack's malicious MySQL server. The -database parameter must also be properly sanitized to avoid this.
If the code is vulnerable then a command like the below could be crafted and used to exploit this vulnerability.
Syntax:
./gh-ost -user test -password -test -alter
test -table test -database “test?allowAllFiles=true&”
Similar Reads
SQL Tutorial Structured Query Language (SQL) is the standard language used to interact with relational databases. Mainly used to manage data. Whether you want to create, delete, update or read data, SQL provides the structure and commands to perform these operations. Widely supported across various database syst
8 min read
Basics
What is SQL?Structured Query Language (SQL) is the standard language used to interact with relational databases. Allows users to store, retrieve, update, and manage data efficiently through simple commands. Known for its user-friendly syntax and powerful capabilities, SQL is widely used across industries.How Do
6 min read
SQL Data TypesSQL data types define the kind of data a column can store, dictating how the database manages and interacts with the data. Each data type in SQL specifies a set of allowed values, as well as the operations that can be performed on the values.SQL data types are broadly categorized into several groups
4 min read
SQL OperatorsSQL operators are symbols or keywords used to perform operations on data in SQL queries. These operations can include mathematical calculations, data comparisons, logical manipulations, other data-processing tasks. Operators help in filtering, calculating, and updating data in databases, making them
5 min read
SQL Commands | DDL, DQL, DML, DCL and TCL CommandsSQL commands are the fundamental building blocks for communicating with a database management system (DBMS). It is used to interact with the database with some operations. It is also used to perform specific tasks, functions, and queries of data. SQL can perform various tasks like creating a table,
7 min read
SQL Database OperationsSQL databases or relational databases are widely used for storing, managing and organizing structured data in a tabular format. These databases store data in tables consisting of rows and columns. SQL is the standard programming language used to interact with these databases. It enables users to cre
3 min read
SQL CREATE TABLEIn SQL, creating a table is one of the most essential tasks for structuring your database. The CREATE TABLE statement defines the structure of the database table, specifying column names, data types, and constraints such as PRIMARY KEY, NOT NULL, and CHECK. Mastering this statement is fundamental to
5 min read
Queries & Operations
SQL SELECT QueryThe SQL SELECT query is one of the most frequently used commands to retrieve data from a database. It allows users to access and extract specific records based on defined conditions, making it an essential tool for data management and analysis. In this article, we will learn about SQL SELECT stateme
4 min read
SQL INSERT INTO StatementThe SQL INSERT INTO statement is one of the most essential commands for adding new data into a database table. Whether you are working with customer records, product details or user information, understanding and mastering this command is important for effective database management. How SQL INSERT I
6 min read
SQL UPDATE StatementIn SQL, the UPDATE statement is used to modify existing records in a table. Whether you are updating a single record or multiple records at once, SQL provides the necessary functionality to make these changes. Whether you are working with a small dataset or handling large-scale databases, the UPDATE
6 min read
SQL DELETE StatementThe SQL DELETE statement is an essential command in SQL used to remove one or more rows from a database table. Unlike the DROP statement, which removes the entire table, the DELETE statement removes data (rows) from the table retaining only the table structure, constraints, and schema. Whether you n
4 min read
SQL | WHERE ClauseThe SQL WHERE clause allows filtering of records in queries. Whether you are retrieving data, updating records, or deleting entries from a database, the WHERE clause plays an important role in defining which rows will be affected by the query. Without WHERE clause, SQL queries would return all rows
4 min read
SQL | AliasesIn SQL, aliases are temporary names assigned to columns or tables for the duration of a query. They make the query more readable, especially when dealing with complex queries or large datasets. Aliases help simplify long column names, improve query clarity, and are particularly useful in queries inv
4 min read
SQL Joins & Functions
SQL Joins (Inner, Left, Right and Full Join)SQL joins are fundamental tools for combining data from multiple tables in relational databases. For example, consider two tables where one table (say Student) has student information with id as a key and other table (say Marks) has information about marks of every student id. Now to display the mar
4 min read
SQL CROSS JOINIn SQL, the CROSS JOIN is a unique join operation that returns the Cartesian product of two or more tables. This means it matches each row from the left table with every row from the right table, resulting in a combination of all possible pairs of records. In this article, we will learn the CROSS JO
3 min read
SQL | Date Functions (Set-1)SQL Date Functions are essential for managing and manipulating date and time values in SQL databases. They provide tools to perform operations such as calculating date differences, retrieving current dates and times and formatting dates. From tracking sales trends to calculating project deadlines, w
5 min read
SQL | String functionsSQL String Functions are powerful tools that allow us to manipulate, format, and extract specific parts of text data in our database. These functions are essential for tasks like cleaning up data, comparing strings, and combining text fields. Whether we're working with names, addresses, or any form
7 min read
Data Constraints & Aggregate Functions
SQL NOT NULL ConstraintIn SQL, constraints are used to enforce rules on data, ensuring the accuracy, consistency, and integrity of the data stored in a database. One of the most commonly used constraints is the NOT NULL constraint, which ensures that a column cannot have NULL values. This is important for maintaining data
3 min read
SQL PRIMARY KEY ConstraintThe PRIMARY KEY constraint in SQL is one of the most important constraints used to ensure data integrity in a database table. A primary key uniquely identifies each record in a table, preventing duplicate or NULL values in the specified column(s). Understanding how to properly implement and use the
5 min read
SQL Count() FunctionIn the world of SQL, data analysis often requires us to get counts of rows or unique values. The COUNT() function is a powerful tool that helps us perform this task. Whether we are counting all rows in a table, counting rows based on a specific condition, or even counting unique values, the COUNT()
7 min read
SQL SUM() FunctionThe SUM() function in SQL is one of the most commonly used aggregate functions. It allows us to calculate the total sum of a numeric column, making it essential for reporting and data analysis tasks. Whether we're working with sales data, financial figures, or any other numeric information, the SUM(
5 min read
SQL MAX() FunctionThe MAX() function in SQL is a powerful aggregate function used to retrieve the maximum (highest) value from a specified column in a table. It is commonly employed for analyzing data to identify the largest numeric value, the latest date, or other maximum values in various datasets. The MAX() functi
4 min read
AVG() Function in SQLSQL is an RDBMS system in which SQL functions become very essential to provide us with primary data insights. One of the most important functions is called AVG() and is particularly useful for the calculation of averages within datasets. In this, we will learn about the AVG() function, and its synta
4 min read
Advanced SQL Topics
SQL SubqueryA subquery in SQL is a query nested within another SQL query. It allows you to perform complex filtering, aggregation, and data manipulation by using the result of one query inside another. Subqueries are often found in the WHERE, HAVING, or FROM clauses and are supported in SELECT, INSERT, UPDATE,
5 min read
Window Functions in SQLSQL window functions are essential for advanced data analysis and database management. It is a type of function that allows us to perform calculations across a specific set of rows related to the current row. These calculations happen within a defined window of data and they are particularly useful
6 min read
SQL Stored ProceduresStored procedures are precompiled SQL statements that are stored in the database and can be executed as a single unit. SQL Stored Procedures are a powerful feature in database management systems (DBMS) that allow developers to encapsulate SQL code and business logic. When executed, they can accept i
7 min read
SQL TriggersA trigger is a stored procedure in adatabase that automatically invokes whenever a special event in the database occurs. By using SQL triggers, developers can automate tasks, ensure data consistency, and keep accurate records of database activities. For example, a trigger can be invoked when a row i
7 min read
SQL Performance TuningSQL performance tuning is an essential aspect of database management that helps improve the efficiency of SQL queries and ensures that database systems run smoothly. Properly tuned queries execute faster, reducing response times and minimizing the load on the serverIn this article, we'll discuss var
8 min read
SQL TRANSACTIONSSQL transactions are essential for ensuring data integrity and consistency in relational databases. Transactions allow for a group of SQL operations to be executed as a single unit, ensuring that either all the operations succeed or none of them do. Transactions allow us to group SQL operations into
8 min read
Database Design & Security
Introduction of ER ModelThe Entity-Relationship Model (ER Model) is a conceptual model for designing a databases. This model represents the logical structure of a database, including entities, their attributes and relationships between them. Entity: An objects that is stored as data such as Student, Course or Company.Attri
10 min read
Introduction to Database NormalizationNormalization is an important process in database design that helps improve the database's efficiency, consistency, and accuracy. It makes it easier to manage and maintain the data and ensures that the database is adaptable to changing business needs.Database normalization is the process of organizi
6 min read
SQL InjectionSQL Injection is a security flaw in web applications where attackers insert harmful SQL code through user inputs. This can allow them to access sensitive data, change database contents or even take control of the system. It's important to know about SQL Injection to keep web applications secure.In t
7 min read
SQL Data EncryptionIn today’s digital era, data security is more critical than ever, especially for organizations storing the personal details of their customers in their database. SQL Data Encryption aims to safeguard unauthorized access to data, ensuring that even if a breach occurs, the information remains unreadab
5 min read
SQL BackupIn SQL Server, a backup, or data backup is a copy of computer data that is created and stored in a different location so that it can be used to recover the original in the event of a data loss. To create a full database backup, the below methods could be used : 1. Using the SQL Server Management Stu
4 min read
What is Object-Relational Mapping (ORM) in DBMS?Object-relational mapping (ORM) is a key concept in the field of Database Management Systems (DBMS), addressing the bridge between the object-oriented programming approach and relational databases. ORM is critical in data interaction simplification, code optimization, and smooth blending of applicat
7 min read