0% found this document useful (0 votes)
56 views13 pages

Reference 1 - 2017

Uploaded by

abenezer ketema
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
56 views13 pages

Reference 1 - 2017

Uploaded by

abenezer ketema
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

Hindawi

Security and Communication Networks


Volume 2017, Article ID 3825373, 12 pages
https://doi.org/10.1155/2017/3825373

Research Article
Neutralizing SQL Injection Attack Using Server Side Code
Modification in Web Applications

Asish Kumar Dalai and Sanjay Kumar Jena


Department of Computer Science and Engineering, National Institute of Technology Rourkela, Odisha 769 008, India

Correspondence should be addressed to Asish Kumar Dalai; [email protected]

Received 6 July 2016; Revised 23 September 2016; Accepted 17 October 2016; Published 16 February 2017

Academic Editor: Kim-Kwang R. Choo

Copyright © 2017 Asish Kumar Dalai and Sanjay Kumar Jena. This is an open access article distributed under the Creative
Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the
original work is properly cited.

Reports on web application security risks show that SQL injection is the top most vulnerability. The journey of static to dynamic
web pages leads to the use of database in web applications. Due to the lack of secure coding techniques, SQL injection vulnerability
prevails in a large set of web applications. A successful SQL injection attack imposes a serious threat to the database, web application,
and the entire web server. In this article, the authors have proposed a novel method for prevention of SQL injection attack. The
classification of SQL injection attacks has been done based on the methods used to exploit this vulnerability. The proposed method
proves to be efficient in the context of its ability to prevent all types of SQL injection attacks. Some popular SQL injection attack
tools and web application security datasets have been used to validate the model. The results obtained are promising with a high
accuracy rate for detection of SQL injection attack.

1. Introduction renders the data in the dynamic web page. Most of the time,
the query that is passed to the database server for execution
Today’s web applications are built on 𝑛-tier architecture, in contains user-supplied parameters. The input parameters
which, the data management, application processing, and provided by the user may or may not be trustworthy. It is
presentation tier are logically separated. Instead of rewriting obvious that the query processor will execute the query and
the entire application, now the developers have to add or return the result to the user without considering about its
modify a specific tier as needed, which helps in ease of design type. But the query can still contain some malicious codes or
and maintenance. The data management tier consists of a may be logically incorrect.
database server, where confidential information relating to The attackers take advantage of such architecture and
the application and the users is stored and retrieved. The data can provide malicious code in the input parameter. If the
from the database is commonly used for authenticating the proper separation between program instructions and user
user, for storing the record and their relationship, and for data has not been done in the code, the malicious input
displaying the data in a dynamically created web page. by user/attacker may get executed. By modifying the SQL
The connection from the web application to the database query, the attacker may extract confidential information from
management system is made through Application Pro- the database and may get full control over the database and
graming Interfaces (APIs) like Open Database Connectivity the database server. This technique of exploiting the web
(ODBC) and Java Database Connectivity (JDBC). By using application is popular among the hackers by the name of
the built-in objects and methods, we make the connection “SQL injection attack.” The biggest plus point of the attack is
to the database server and execute the Structured Query that it uses port 80 (default port for HTTP) to communicate,
Language (SQL) queries. The queries are passed to the SQL and this port always remains open and neither blocked nor
query processor and get executed. The results of the queries filtered by the firewall. In this paper SQL injection attack and
are returned to the application server. The application server the steps to exploit this attack have been described, and their
checks the returned data and takes the decision and then classification has been done based on the technique that is
2 Security and Communication Networks

used to exploit the attack. The related work in preventing SQL This condition is always true and all the {Name, Depart-
injection attack has been studied, and a novel method has ment, Location} triplets will be returned to the user. The
been presented to prevent such attacks. Some popular SQL attacker can further exploit this vulnerability by inserting
injection attack tools and web application security datasets arbitrary SQL commands. For example, an attacker may give
have been used to evaluate the performance of the proposed request for the following URL:
model.
The rest of the paper is structured as follows: Section 2 http://www.domainname.com/Admission/
describes the SQL injection, various attack scenarios, and the Studnets.asp?Sid=165; DROP TABLE Student
classification of SQL injection attacks. In Section 3, the related The semicolon in the above URL terminates the server
works for mitigating the SQL injection attack and their pros side SQL query and appends another query for execution.
and cons are discussed. The proposed method to prevent SQL The second query is “DROP TABLE Student” which causes
injection attack has been given in Section 4. Evaluation of the database server to delete the table. In a similar way, an
the model and results has been examined in Section 5 and attacker can use “UNION SELECT” statement to extract data
Section 6, respectively. Finally, concluding remarks are given from other tables as well. The UNION SELECT statement
in Section 7. allows combining the result of two separate SELECT queries.
For example, consider the following SQL query:
2. SQL Injection
http://www.domainname.com/Admission/
SQL injection attacks are a form of injection attack, where the Studnets.asp?Sid=165 UNION SELECT
attacker inserts SQL commands in the input parameters, to UserId, Username, Password FROM Login;
alter the execution of the SQL query at the server [1].
Attackers take benefit of such situations where the develop- The default security model for many web applications
ers often combine the SQL statements with user-submitted considers the SQL query as a trusted command. This allows
parameters and thus insert SQL commands within those the attackers to exploit this vulnerability to evade access
parameters to modify the predefined SQL query. The result controls, authorization, and authentication checks. In some
is that the attacker can run arbitrary SQL commands and cases, SQL queries allow access to server operating system
queries on the database server through the application commands using stored procedures. Stored procedures are
processing layer [2]. A successful SQL injection attack can usually bundled with the database management server. For
read confidential data from the database, change the data example, in Microsoft SQL Server the extended stored pro-
(insert/alter/update/delete), run administrative processes, cedure xp cmdshell executes operating system commands.
and retrieve the content of a given file present on the database Therefore, in the previous example the attacker can set the
server and can also execute operating system level commands value of “Sid” to be “165; EXEC master..xp cmdshell dir
[3]. – –”; this if executed will return the list of files in the
An example of SQL injection attack is given below. current directory of the SQL Server process. The use of
Suppose a web page is generated dynamically by taking the LOAD FILE(‘xyz.txt’) in MySQL allows the attacker to load
parameter from the user in the URL itself, like and read arbitrary files from the server.

http://www.domainname.com/Admission/ 2.1. Vulnerability Exploitation Steps. To exploit SQL injection


Studnets.asp?Sid=165 vulnerability, the steps that may be followed are reconnais-
sance, enumeration, data extraction, and command execu-
The corresponding SQL query associated in the application tion. The steps are explained below in detail with appropriate
code is executed such as examples. In this discussion, Microsoft SQL Server has been
considered as the back-end database.
SELECT Name,Branch,Department FROM
Student WHERE StudentId = 165
2.1.1. Reconnaissance. It is the first and the foremost step in
An attacker may misuse the point that the parameter exploiting any application. It is a process of fingerprinting
“Sid” is accepted by the application and passed to the database the technologies used, which helps the attacker to launch the
server without necessary validation or escaping. Therefore, SQL injection attack successfully. Sometimes, if the database
the parameters can be manipulated to create malicious SQL server error messages are returned to the client, it reveals
queries. For example, giving the value “165 or 2=2” to the fairly precise information on the technology being used by
variable “Sid” results in the following URL: the web application in the database server. However, to get
the complete information about the back-end database server
http://www.domainname.com/Admission/ such as the particular version and the patch level, one can
Studnets.asp?Sid=165 or 2=2 use the query “SELECT @@version”; for instance, if the web
application displays the verbose error message returned by
The SQL statement will now become the database, then the URL like
SELECT Name,Department,Location FROM http://www.domainname.com/Admission/
Student WHERE StudentId = 165 or 2=2 Studnets.asp?Sid=@@version
Security and Communication Networks 3

would display http://www.domainname.com/Admission/


Studnets.asp?Sid=165+order+by+2
Microsoft OLE DB Provider for SQL Server
error ‘80040e0x’[Microsoft][ODBC SQL http://www.domainname.com/Admission/
ServerDriver][SQL Server]Conversion Studnets.asp?Sid=165+order+by+3
failed when converting the varchar
value ‘Microsoft SQL Server 2008 -9. We have to repeat these steps until the query executes
0x.13xx.0x (Intel X86) Nov 15 2008 without any error and the last successfully executed query
00:33:37 Copyright (c) 198X-2008 reveals the number of columns. In another way by gradually
Microsoft-Corporation Express Edition increasing the number of columns in the “UNION SELECT”
on Windows NT 5.5 (Build 379X: Service statement until the query executes correctly, we can also
Pack 2X)’ to data type int. /Studnetsx. determine the number of columns, for example,
aspx, line 213 http://www.domainname.com/Admission/
This clearly shows that the victim is using Microsoft Studnets.asp?Sid=165+union+select+1--
SQL Server 2008 as the back-end. It also includes the exact http://www.domainname.com/Admission/
build level and information about the host operating system. Studnets.asp?Sid=165+union+select+1,2--
Therefore, such techniques can be repeated for other pieces
of information, to obtain more accurate fingerprints such as http://www.domainname.com/Admission/
the following: Studnets.asp?Sid=165+union+select+
1,2,3--
(i) @@version: DBMS Version
As we know, UNION operator combines two separate
(ii) db name(): Name of the database SELECT statements and displays the result. Hence, the
(iii) @@servername: The server name where MS-SQL has UNION SELECT statement can be used to retrieve the
been installed desired data from the database server.
(iv) @@language: the language name
2.1.4. Command Execution. This step involves executing
(v) @@spid: current user’s Process ID system commands through the injection vulnerability. To
execute system commands, the current user must have high-
2.1.2. Enumeration. To perform a successful attack and to level privileges. In case of MS-SQL, by using xp cmdshell we
completely exploit the SQL injection vulnerability, one has can execute system commands such as
to enumerate the tables and their corresponding column
names that are present in the database. Some specific pre- exec master..xp cmdshell ‘ipconfig’
defined tables in the database management system contain
information about all the system and user defined tables, 2.2. Types of SQL Injection Attacks. There are different types
commonly referred to as metadata. Hence to enumerate the of SQL injection attack as presented in many studies [4–9].
tables/columns of the database server attacker has to access These attack types have been named based on the technique
those tables. The queries to extract database name, table, and implemented to exploit the injection vulnerability as listed.
column names are given below:
(1) Tautology. Tautology is such a logical statement which is
(i) Databases: select name from master..sysdatabases TRUE in every possible interpretation. In SQL queries, the
(ii) Tables: SELECT name FROM Databasename..sysob- same concept may be used in the conditional statement of the
jects WHERE xtype=‘U’ query, that is, in the WHERE clause, to make it always TRUE
returning all data. The simple use of tautology is
(iii) Columns: SELECT name FROM Databasename..sys-
columns WHERE id = (SELECT id FROM Database- select ∗ from admin where user id= ‘ ’
name..sysobjects WHERE name = ‘Tablename’) and password = ‘ ’ or ‘a’ = ‘a’

2.1.3. Data Extraction. Once the column names, table names, This is often inserted in the vulnerable parameter to perform
and the database names are known, the next step is to extract the injection attack. This tautology is mainly applied to bypass
the data that resides in the tables. For extracting the data, we the login authentication. Tautology is also used to confirm the
use the “UNION SELECT” statement. In UNION SELECT blind SQL injection vulnerability.
statement, the number of columns in the injected query must
match that of the preexistent SELECT query. To know the (2) Commenting the Code. Like other programing languages,
exact number of columns present in the existing query, we SQL also can specify comment line in the code. By adding
can use ORDER BY statement such as a double hyphen in MS-SQL or a # in the case of MySQL,
one can comment the code. The comment line prevents the
http://www.domainname.com/Admission/ code from execution. The attackers take advantage of this and
Studnets.asp?Sid=165+order+by+1 insert a comment in the vulnerable parameter to disable the
4 Security and Communication Networks

rest of the code following the vulnerable parameter. A simple can further modify the query to iterate through all the rows
example of using a comment line is of the login table.
SELECT ∗ from admin where userid= ‘xxx’; (6) Stored Procedure and System Functions. In DBMS, a stored
-- and password =‘yyy’; procedure is a group of SQL statements combined to create a
procedure that is stored in the data dictionary. Stored proce-
The above code can bypass the login authentication by giving
dures are present in compiled form so that many programs
only valid user id.
can share them. The practice of using stored procedures can
(3) Type Mismatch. In case of type mismatch in the query, be useful in improving productivity, preserving data integrity,
SQL provides a verbose error message, for instance, and controlling data access. The attacker can take help of these
stored procedures to impact the SQL injection attack severely.
http://www.domainname.com/Admission/ An example of using the stored procedure is
Studnets.asp?Sid=system user
exec master..xp cmdshell ‘ipconfig’
The error output is like
xp cmdshell is an extended stored procedure available in MS-
[Microsoft][ODBC SQL Server Driver][SQL SQL which allows the administrator to run operating system
Server] error: xxx, Conversion failed level commands and get the desired output.
when converting the varchar value ‘sa’ The use of system defined functions also helps in per-
to data type integer. forming SQL injection. In SQL Server 2005 hashes are stored
in the sql logins view. The system hash can be retrieved using
From the above error message, we can clearly know that the the query
current user is ‘sa’; hence, the attacker takes advantage of this
and provides type mismatch queries like giving characters to SELECT password hash FROM sys.sql logins
a numeric type and vice versa and can easily extract a lot of
information. http://www.domainname.com/Admission/
Studnets.asp?Sid=165+union+select+master.
(4) Stacked Query. When a sequence of multiple SQL queries dbo.fn varbintohexstr(password hash)+
executed in a single connection to the database server this is from+sys.sql logins+where +name+=+‘sa’
called stacked or piggybacked query. Being able to terminate
the existing query and attach a completely new one, taking The function fn varbintohexstr() converts the password hash
advantage of the fact that the database server will execute stored in the varbinary form into hex so that it can be
both of them, provides more freedom and possibilities to the displayed in the browser and then tools like “Cain and Abel”
attacker compared to simply injecting code in the original are used to decrypt the hash into plain text.
query. Most of the DBMS supports the stacked query. An
(7) Inference. Inference is the act or process of deriving logical
example of stacked query for DROP and UPDATE is given
conclusions. Sometimes we test through inference to extract
below:
some information; that is, “if we get this output, then this
http://www.domainname.com/Admission/ might be happening at the back-end.” Inference techniques
Studnets.asp?Sid=165; DROP TABLE Student can extract at least one bit of data by noticing the response to
a specific query. Observation is the key, as the response of the
http://www.domainname.com/Admission/ query will have a separate signature when the query is true
Studnets.asp?Sid=165; UPDATE login set and when it is false.
password = ‘xxx’ where userid = ‘yyy’ An example of using inference in SQL injection is
Similarly, stacked query can be written and executed for
http://www.domainname.com/
ALTER, DELETE, and so forth. This can severely impact the
Admission/Studnets.asp?Sid=165 and
back-end database.
SUBSTRING(user name(),1,1)=‘c’ --
(5) Union Query. The union operator combines the results of If the first character of the USER is indeed ‘c’ then the second
two SELECT queries and returns the result as one. Hence, condition (SUBSTRING(user name(),1,1)=‘c’) is true and we
once we enumerate the table names and column names, we would see the same result and if not then we may get the
can inject the UNION SELECT statement in the vulnerable output as “no records exist” or something other than the usual
parameter to combine the results with the original query and output.
retrieve the data. The example of using UNION SELECT is The False and True conditions states are inferred from
http://www.domainname.com/Admission/ the response on the page after each request is submitted; that
Studnets.asp?Sid=165 UNION SELECT is, if the response contains “no records exist” the state was
userid, password FROM login; False; otherwise, the state was True. Similarly, by repeating
the process, starting with the letter ‘a’ and moving through
The above request will combine the userid and password pair the entire alphabet, we can infer all successive character of
with the original query and will be displayed to the client. We the USER name, for example,
Security and Communication Networks 5

Sid=165 AND SUBSTRING(user name(),2,1)= one, it may generate false negatives too. Wassermann and
‘c’ (False) Su propose a method [20] that combines static analysis
Sid=165 AND SUBSTRING(user name(),2,1)= and automated reasoning techniques to detect whether an
‘d’ (True) application can generate queries that contain tautologies. This
technique is limited to the types of SQL injection attack that
Sid=165 AND SUBSTRING(user name(),3,1)= it can detect.
‘e’ (False)
Sid=165 AND SUBSTRING(user name(),3,1)= (ii) Static Analysis and Runtime Monitoring. Some approaches
‘b’ (True) like Analysis and Monitoring for Neutralizing SQL Injec-
tion Attack (AMNESIA) [21–23] have combined both static
analysis and runtime monitoring. In the static part, they
(8) Alternative Methods. Web applications often use input fil- build legitimate queries automatically that the application
ters that are designed to protect against basic attacks, includ- could generate. In the dynamic part, the dynamically created
ing SQL injection. To evade such filters, attackers may use runtime queries are monitored and are checked for the
some encoding technique. The technique is achieved using amenability with that of the queries generated in the static
case variation, URL encoding, CHAR function, dynamic part. This approach depends on the following:
query execution, null bytes, nesting striped expressions,
exploiting truncation, and so forth. By using the above (i) First is scanning the whole application code to define
methods, the attacker bypasses the defending mechanisms. the critical spots.
Examples of using alternative methods are as follows.
(ii) Within each critical spot, the authors of that paper
CHAR Function ”AMNESIA” generate SQL query models by figuring
the possible values of query string that may be passed
UNION = CHAR(85) + CHAR(78) + CHAR(73) + to the database server.
CHAR(79) + CHAR(78)
(iii) For each critical spot, this approach makes a call to the
HEX Encoding monitoring procedure with two different parameters
(the string that contains the actual query to be
SELECT = 0x53454c454354 submitted and a unique identifier).
URL Encoding (iv) During execution when the application reaches that
spot, the runtime monitor is being invoked, and the
SELECT%20%2a%20FROM%20LOGIN%20WHERE% string that is about to be submitted as a query is passed
20USERID%20%3E%2010 as a parameter with unique id.
Case Variation (v) Then the method AMNESIA retrieves the SQL query
model for that spot and checks the query against the
uNiOn SeLeCt usErID, password FrOm previously generated static model.
tblAdmins WhErE uname=‘admin’--
This tool limits the SQL injection attack during static analysis
3. Related Work phase for query building and also it has certain limitations
particularly in thwarting attacks related to stored procedures.
A detailed study of the literature shows that considerable
efforts have been made to devise many techniques for (iii) Context-Oriented Approach. Context-oriented approach
preventing SQL injection attacks. One of the current security by Prokhorenko et al. [24] provides a novel method for
trends is focused mainly on the security of smart devices protection against different types of attack in web applica-
primarily working on the Android operating system. Some of tions. This work presents a single generic solution for various
the recent works [10–15] show the techniques for preserving types of injection attack associated with web applications. The
security in Android environment. However, security in web authors have taken an alternative view of the core root of
applications can not be disregarded as it has a wide existence. the vulnerabilities. In this work the common attack traits are
In accordance with this, we have studied the existing litera- analyzed and on this basis a context-oriented model for web
ture for preventing SQL injection attacks in web applications. applications protection is developed. But the presence of a
backdoor in the code may not get detected by the model. In
(i) Static Analysis. Some approaches rely purely on static the case of code obfuscation, code hiding, and so forth the
analysis of the source code [16–19]. These methods scan the method may not be able to function as intended. Another
application and use heuristics or information flow analysis approach by Prokhorenko et al. [25] provides a generic
to detect the code that could be vulnerable to SQL injection and extensible PHP-oriented protection framework. The pro-
attack. Each and every user input is inspected before being posed framework is mainly based on intention understanding
integrated into the query. Because of the inaccurate nature of the application developer. It makes a real-time supervision
of the static analysis that is being used, these methods can of the execution and detects deviations from the intended
produce false positives. Moreover, since the method relies on behavior, which helps it in preventing potentially malicious
declassification rules to convert untrusted input into safer activity. This method purely focuses on attack detection in
6 Security and Communication Networks

PHP environment. This method fails to defend the attacks user may not be trusted, our aim is to take care of the
if the application is developed using technologies other than query which contains any user input. The attacker may input
PHP. malicious code along with the input parameter. The malicious
input can make a severe impact on the database server,
(iv) Input Validation. The cause of many injection vulnera- starting from extracting the sensitive data from the database
bilities is the improper separation of code and input data. to taking complete control over the database server. Hence,
Hence various techniques have been proposed on the basis the proposed method monitors the query to check whether
of input validation. Security Policy Descriptor Language the user has added any such additional character other than
(SPDL) [26, 27] is used for controlling the flow of user input the intended parameter. The method involves the following
through the secure gateway. The specified policy analyses and steps for dealing with the SELECT query which contains a
transforms each request/response by enforcing user input WHERE clause.
constraints. Tools like PowerForms [28], AppShield [29],
and InterDo [30] use the similar methodology. As these Step 1. From the SELECT query, all characters after the
approaches are signature-based, they can have insufficient WHERE clause are extracted and stored in a string S1.
input validation routines and may introduce false positives.
As these approaches are human based, much effort is required Step 2. Input parameters are accepted from the user. The
to determine the data that needs to be filtered and the policy parameters are checked for their appropriate type. If the input
to be applied. type matches the required type, the input parameters are
added to the query. Otherwise, the parameters are rejected,
(v) Instruction Set Randomization. The SQLrand [31] is such and the page is reloaded with a warning message of “Invalid
a method which adds a random token to each keyword Parameters.”
and operator to all SQL statements in the program code.
Before the query is being sent to the database, it is checked Step 3. The query string is normalized to convert it into a
that all the operators and keywords must contain the token. simple statement by replacing the encoding if any.
The attacks would be easily detected as the operators and
keywords injected by the attacker would not have that token. Step 4. Using the string extraction method all characters after
This method involves randomizing both the underlying SQL the WHERE clause are extracted.
parser in the database and the SQL statements in the program
code which makes it cumbersome. Adding the random tag Step 5. The input parameters from the extracted string
to whole SQL statement and each keyword makes the query are removed sequentially as they were added. For numeric
arbitrarily long. Also using this method makes it open to the parameters, we remove the numbers and, for alphanumeric
possibility of brute-force attack. parameters, we remove the characters enclosed in single
quotes. The new string is named as S2.
(vi) Learning-Based or Anomaly Detection Methods. A set of
learning-based approaches has been proposed to learn all Step 6. Strings S1 and S2 are compared if they match and then
the intended query structure statically [22] or dynamically it is considered that there is no injection attack, and the query
[32, 33]. The effectiveness of detection largely depends on the is sent to the database server for execution. Otherwise, the
accuracy of the learning algorithms. The approach in [34] query is dropped and the page is reloaded with a warning
focuses on securing the web application from external and message of “The user is trying for SQL Injection!!!”
internal attacks. SQL Injection and Insider Misuse Detection
The SQL query may have NONWHERE clauses such as
System (SIIMDS) is a technique that takes advantage of both
HAVING, LIKE, and ORDER BY, which may contain the
misuse detection methods and anomaly detection methods to
user-supplied parameter. In such cases at Steps 1 and 4 the
reduce the risk resulting from SQL injection attack. It consists
developer has to replace the WHERE with these NON-
of three modules such as misuse detection, anomaly detec-
WHERE clauses.
tion, and a response module. The SQL statement is compared
Figure 1 explains the architecture of the proposed model.
with a list of stored SQL injection signature patterns. If
The proposed model is incorporated in the test web appli-
there is a match, there is an attack and the SQL statement
cation for implementation purposes. The web application
is now passed to the response module for necessary action.
contains queries to display pages containing data from several
Furthermore, if there is no match found with the stored attack
tables. The similar set of codes with necessary changes has
pattern, the SQL statement is forwarded to anomaly detection
been tested with all types of SQL queries, a combination of
module for behavioral analysis. If some abnormality is found,
all parameter types, and queries for INSERT, UPDATE, and
then the SQL statement is passed to the response module
DELETE operations. A sample code developed using C#.Net,
for appropriate action. Otherwise, the SQL statement is
for making a connection to the database and executing the
considered to be perfectly attack-free and ready for execution.
SELECT query with WHERE construct, is given below.

4. Proposed Method string source = @"Provider=Microsoft.


Jet.OLEDB.4.0;DataSource=
The query written by the developer is static until it gets |DataDirectory|sricce.mdb;Jet
input parameters from the user. As the input provided by the OLEDB:Database Password= ∗ ∗ ∗ ∗ ∗ ∗ ∗";
Security and Communication Networks 7

Web application server

Extract
Query
string

User input Type Matched Query plus Matched


Web client Normalize Compare Database
checking input Sent query
for execution

Failed Extract Remove Failed


string parameter
Warning message

Result returned

Figure 1: Model for prevention of SQL injection attack.

ocn = new OleDbConnection(source); The above-given code only considers the SELECT state-
ocn.Open(); ment of the SQL query containing a WHERE clause. The
SELECT statement can have NONWHERE clauses such as
string staticquery = "select password HAVING, LIKE, and ORDER BY. In such cases, the developer
from login where code = # #"; has to replace the WHERE with these NONWHERE clauses
string substaticquery = in the string extraction function. In a similar way, the code is
RightOf(staticquery, "where"); also applicable for queries like UPDATE, INSERT, and
string dynamicquery = "select password DELETE with little modification.
from login where code = ‘" + param1 +
"’";
5. Evaluation of the Proposed Model
if(param1.IsAlphanumaric)
{ The proposed method is easy to implement by the web
application developers. The method involves few clearly illus-
dynamicquery = Normalize(dynamicquery); trated steps which can be easily implemented irrespective of
string subdynamicquery = the platform. All SELECT and DELETE queries which con-
RightOf(dynamicquery, "where"); tain a conditional statement can have WHERE/HAVING,
string subdynamicquerypless = LIKE, and ORDER BY clause in it. All UPDATE queries can
RemoveParameter(subdynamicquery, "str"); contain SET clause in it. All INSERT queries may contain
VALUES clause in it. Hence, we have used a string extraction
substaticquery = substaticquery.Trim(); function to extract all characters from the query string just
subdynamicquerypless = after the WHERE, HAVING, LIKE, ORDER BY, SET, and
subdynamicquerypless.Trim(); VALUES clause, respectively, till the end of the string. The
if(substaticquery == input parameters from the user are checked for its appropriate
subdynamicquerypless) type. Type checking reduces the chance of attack to some
extent. Then, the query string is normalized to replace the
{ encoding. The string extraction function is called again to
ocmd = new OleDbCommand(dynamicquery, extract the string. Then, by specifying the number of parame-
ocn); ters and their types, the parameters are removed. For numeric
odr = ocmd.ExecuteReader(); parameters, numbers are removed and, for character type,
characters enclosed in single quotes are removed. Finally,
odr.Read(); strings are compared for their equality. If the strings are
} equal, then the query is sent to the database for execution.
else Otherwise, a warning is generated suspecting SQL injection
attack.
{ Further, the proposed method has few more advantages
Response.Write("The user is trying for in comparison with existing techniques. Unlike input vali-
SQL Injection!!! The web page will be dation approach [26, 27], no input filtering is done, and the
reloaded."); user is free to supply any input character he wants. Further,
} the method does not involve any white listing or black
listing approach, as it is difficult to maintain such list. Unlike
} SQLrand [31], no brute-force or guessing attack is possible.
ocn.Close(); However, if the query contains both user input parameters
8 Security and Communication Networks

and developers specified parameters, developer specified Here the intended parameter is of type integer but the attacker
parameters have to be present at the end. For example, has given a string. The input type checking phase at Step 2 will
detect the attack
Select ∗ from table name where
id = ? name = ? and city not (4) Stacked Query. By using stacked query, the attacker
in(‘delhi’,‘chennai’,‘mumbai’) appends malicious SQL command at the end of the actual
query. As per the proposed model when the two strings S1
The “city not in(‘delhi’,‘chennai’,‘mumbai’)” has to be present and S2 are compared at Step 6, they fail to match, and the
at the end of the query. attack will be detected.
It has been explained how our proposed model with-
stands the various types of SQL injection attacks. Actual Query: select ∗ from
product details where product id= ‘ ’
(1) Tautology. In the case of tautology the attackers insert S1: product id= ‘’
commands like “or 1 = 1” to make the query true for all Attack Query: select ∗ from
conditions. As per the proposed model when the two strings product details where product id= ‘P1’;
S1 and S2 are compared at Step 6, they fail to match, and the drop table acnts--
attack will be detected.
S2: product id= ‘’; drop table accounts
Actual Query: select ∗ from admin where --
user id= ‘ ’ and password= ‘ ’
(5) Union Query. By using a union, the attacker combines
S1: user id= ‘’ and password= ‘’
the results of two SQL statements and displays the output. As
Attack Query: select ∗ from admin where per the proposed model when the two strings S1 and S2 are
user id= ‘abc’ and password= ‘xyz’ or compared at Step 6, they fail to match, and the attack will be
‘a’=‘a’ detected.
S2: user id= ‘’ and password= ‘’ or Actual Query: select ∗ from
‘a’=‘a’ product details where product id= ‘ ’
S1: product id= ‘’
(2) Commenting the Code. In the case of Commenting the Attack Query: select ∗ from
Code the attacker inserts some character sequence which product details where product id= ‘P1’
converts the rest of the statement into comment line. As union select uid, pwd form login--
per the proposed model when the two strings S1 and S2 are S2: product id= ‘’ union select uid, pwd
compared at Step 6, they fail to match, and the attack will be form login --
detected.

Actual Query: select ∗ from admin where (6) Stored Procedure and System Functions. The attacker uses
user id= ‘ ’ and password= ‘ ’ the stored procedures to impact the SQL injection attack
severely. As per the proposed model when the two strings S1
S1: user id= ‘’ and password= ‘’ and S2 are compared at Step 6, they fail to match, and the
attack will be detected.
Attack Query: select ∗ from admin where
user id= ‘abc’; -- and password= ‘xyz’ Actual Query: select ∗ from
student details where roll no= ‘ ’
S2: user id= ‘’; -- and password= ‘’
S1: roll no= ‘’
Attack Query: select ∗ from
(3) Type Mismatch. In the case of type mismatch the attacker student details where roll no=
inserts the input with the different data type, which creates ‘S123’ +union +select+ master.dbo.
a type mismatch error and responds with a verbose error fn varbintohexstr(password hash)
message containing sensitive data. As per the proposed +from+sys.sql logins+where +name+=+‘sa’
model at Step 2 the input parameters are checked for their
appropriate type. If the input type mismatch occurs, it blocks S2: roll no=‘’ +union +select+master.dbo.
the code from further execution. fn varbintohexstr(password hash)+from+
sys.sql logins+where +name+=+‘ sa ’
Actual Query: select ∗ from
student details where sid= (7) Inference. In the case of inference the attackers add some
commands to infer the information from the resultant output.
S1: sid=
As per the proposed model when the two strings S1 and S2 are
Attack Query: select ∗ from compared at Step 6, they fail to match, and the attack will be
student details where sid=system user detected.
Security and Communication Networks 9

Actual Query: select ∗ from


product details where product id= ‘ ’
S1: product id= ‘’
Attack Query: select ∗ from
product details where product id= ‘P1’
and SUBSTRING(user name(),1,1)=‘c’--
S2: product id= ‘’ and SUBSTRING(user Figure 2: Test result of SQLInjectMe.
name(),1,1)= ‘ c’ --

(8) Alternative Methods. To evade input filters, attackers may


use some encoding technique. As per the proposed model
at Step 3, the query is normalized and converted into plain
characters which can detect the SQL injection attack if any.
Actual Query: select ∗ from admin where
user id= ‘ ’ and password= ‘ ’
S1: user id= ‘’ and password= ‘’
Attack Query: select ∗ from
admin where user id= ‘abc’
UNION%20SELECT%20%2a%20FROM%20LOGIN
%20WHERE%20USERID%20%3E%2010
Figure 3: Test result of NTO SQL Invader.
Here the attacker has used URL encoding technique to evade
the web application firewall. But the use of string decoding at
Step 3 will detect the attack.

6. Results and Discussion


The method has been implemented in the web application
named sricce, a web application developed for managing the
ongoing projects in the Institute. The website (http://Server-
IP/sricce/login.aspx) is hosted in the Internet Information
Server (IIS) server. The web application is developed in
ASP.NET with MS-SQL as the back-end database. The site
contains pages such as an authentication page, a change
password page, page containing retrieval of the various
project related data, search pages, and pages for inserting
new records and updating the existing record. To test the
trustworthiness of the model, SQL injection attacking tools
such as SQLInjectMe, NTO SQL Invader, Scrawlr, SQLPow-
erInjector, and SQLSentinel have been used. It has been found Figure 4: Test result of Scrawlr.
that the web application can withstand these attacking tools.
The snapshots showing the output of these tools are given in
Figures 2–6.
The performance of the proposed model has been tested
with attack vectors collected through web resources and
HTTP dataset CSIC 2010 [35]. TECAPI Attack Vectors [36]
contain the resources for SQL injection attacks of different
variants including Direct: SQL injection attack, Persistent:
second-order SQL injection attack, and Session variants: SQL
injection via session puzzling. We have collected all these
types of attack vectors from the corresponding links to
generate a set of attack vectors for validating the proposed
model.
The HTTP dataset CSIC 2010 [35] contains thousands of
automatically generated web requests. The author of the
dataset has provided it for testing of web attack protection Figure 5: Test result of SQLPowerInjector.
10 Security and Communication Networks

Table 1: Comparative analysis of the proposed method on different


databases.
Databases AUC (%) FAR (%) GAR (%)
TECAPI Attack Vectors 91.84 13.51 86.54
HTTP dataset CSIC 2010 98.05 11.44 89.61

1
0.9
Figure 6: Test result of SQLSentinel. 0.8

Genuine acceptance rate


0.7
0.6
0.5
0.4
0.3
0.2
0.1
0
Figure 7: Test result of manual attack vectors. 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
False acceptance rate

TECAPI Attack Vectors


systems. It was developed at the “Information Security HTTP dataset CSIC 2010
Institute” of CSIC (Spanish Research National Council). The
Figure 8: Performance analysis of the proposed method for SQL
dataset is generated automatically and contains 36,000 nor-
injection attack detection in TECAPI Attack Vectors and HHTP
mal requests and more than 25,000 anomalous requests. The Dataset CSIC 2010.
HTTP requests are labeled as normal or anomalous, and the
dataset includes attacks such as SQL injection, buffer over-
flow, information gathering, files disclosure, CRLF injection, approach when operating in the attack verification
XSS, and parameter tampering. From the dataset, the SQL mode. A genuine acceptance occurs when an authen-
injection attack vectors have been collected for evaluating the tic web request is classified as a normal (nonattack)
proposed model. pattern.
The model is also verified by manually injecting the attack
vectors. The snapshot displaying the output of manual attack (iii) False Rejection Rate (FRR). FRR is the frequency
vector is shown in Figure 7. It is clear from the figure that the of rejections relative to the genuine web requests
proposed model also withstands the manual attack vectors. which should be sent for execution. These statistics
are used to measure the performance of the proposed
approach when operating in the verification mode. A
6.1. Performance Measures Used. False Acceptance Rate
false rejection occurs when an authentic web request
(FAR), Genuine Acceptance Rate (GAR), False Rejection
is classified as a malicious one.
Rate (FRR), Receiver Operating Characteristics (ROC) curve,
and Area Under ROC curve (AUC) have been used as (iv) Receiver Operating Characteristic (ROC). ROC curve
the performance measures to evaluate the efficiency of the depicts the dependence of GAR (Genuine Acceptance
proposed model. Rate) with FAR for change in the value of the thresh-
old. The curve is plotted using linear, logarithmic, or
(i) False Acceptance Rate (FAR). FAR is the frequency semilogarithmic scales.
of attack vectors able to bypass the attack detection (v) Area Under ROC Curve (AUC). AUC is the percentage
mechanism. This statistic is used to measure the of coverage under the ROC curve. The more the
performance of the proposed approach when oper- coverage, the more the accuracy of the system. In ideal
ating in the attack detection mode. A false accep- case, for a system with 100% accuracy, GAR = 1 at FRR
tance occurs when the protection mechanism at the = 0, causing AUC = 100%.
application server is unable to stop the malicious web
request and the query having SQL injection code is (vi) Equal Error Rate (EER). The EER refers to the point in
sent to the database server for execution. a ROC curve, where the FAR equals the FRR. Thus a
lower EER value indicates better performance.
(ii) Genuine Acceptance Rate (GAR). GAR is the fre-
quency of acceptance relative to the authentic web The proposed method provides satisfactory results as
requests which are sent for execution. These statistics presented in Table 1 and Figure 8. The proposed method
are used to measure the performance of the proposed is further compared with the existing techniques regarding
Security and Communication Networks 11

Table 2: Comparison of the proposed method with existing approaches.

Comment Type Stacked Stored Alternative


Methods Tautology Union query Inference
line mismatch query procedure methods
AMNESIA Y Y Y Y Y N Y Y
SQLrand Y P P Y Y N Y N
SPDL P Y P P P P P N
SIIMDS N P P P N P P N
SQLIPA Y Y Y Y Y Y Y N
Proposed Method Y Y Y Y Y Y Y Y
Y: successfully detect/prevent the attack types.
N: not able to detect/prevent the attack types.
P: partially handles the attack type.

their defending ability against the various SQL injection [4] A. S. Yeole and B. B. Meshram, “Analysis of different tech-
attack types. The result shows that the proposed model is nique for detection of SQL injection,” in Proceedings of the
more efficient than its counterparts. Table 2 summarizes the International Conference and Workshop on Emerging Trends in
result of comparisons with existing methods. It clearly shows Technology (ICWET ’11), pp. 963–966, ACM, Mumbai, India,
that the proposed method can withstand all types of SQL February 2011.
injection attacks. [5] G. Buehrer, B. W. Weide, and P. A. G. Sivilotti, “Using parse
tree validation to prevent SQL injection attacks,” in Proceedings
of the 5th International Workshop on Software Engineering and
7. Conclusion Middleware (SEM ’05), pp. 106–113, ACM, Lisbon, Portugal,
September 2005.
The proposed model is a novel online detection method [6] E. Al-Khashab, F. S. Al-Anzi, and A. A. Salman, “PSIAQOP:
against SQL injection attack. It depends on sequentially preventing SQL injection attacks based on query optimization
extracting the intended user input from the dynamic query process,” in Proceedings of the 2nd Kuwait Conference on e-
string to check for any malicious input. Unlike other Services and e-Systems (KCESS ’11), pp. 10–18, ACM, Kuwait City,
approaches, the proposed method is quite simple to imple- Kuwait, 2011.
ment yet highly effective. The method has been implemented [7] A. Liu, Y. Yuan, D. Wijesekera, and A. Stavrou, “SQLProb:
in the test web application to demonstrate its effectiveness. a proxy-based architecture towards preventing SQL injection
The model can also be incorporated into existing application attacks,” in Proceedings of the Annual ACM Symposium on
of different environment. To measure the performance of Applied Computing (SAC ’09), pp. 2054–2061, New York, NY,
the model we have manually tested the application with all USA, March 2009.
attack vectors. Some of the popular SQL injection attacking [8] S. W. Boyd, G. S. Kc, M. E. Locasto, A. D. Keromytis, and
tools have also been used to check for the effectiveness of V. Prevelakis, “On the general applicability of instruction-set
the model. The experimental result shows that the proposed randomization,” IEEE Transactions on Dependable and Secure
model can defend all kinds of SQL injection attack. The model Computing, vol. 7, no. 3, pp. 255–270, 2010.
is ideal for web application developers to prevent the threat [9] K. Elshazly, Y. Fouad, M. Saleh, and A. Sewisy, “A survey of SQL
of SQL injection attack in the web application. The proposed injection attack detection and prevention,” Journal of Computer
approach can be further extended to deal with another type of and Communications, vol. 2, no. 8, pp. 1–9, 2014.
injection attack such as Command Injection, Code Injection, [10] A. Azfar, K.-K. R. Choo, and L. Liu, “A study of ten popular
and File Injection. Android mobile VoIP applications: are the communications
encrypted?” in Proceedings of the 47th Hawaii International
Conference on System Sciences (HICSS ’14), pp. 4858–4867, IEEE,
Competing Interests Waikoloa, Hawaii, USA, January 2014.
[11] A. Azfar, K. K. R. Choo, and L. Liu, “Forensic taxonomy of
The authors declare that there is no conflict of interests
popular Android mHealth apps,” in Proceedings of the 21st
regarding the publication of this paper. Americas Conference on Information Systems (AMCIS ’15), San
Juan, Puerto Rico, August 2015.
References [12] A. Azfar, K. K. R. Choo, and L. Liu, “An android communication
app forensic taxonomy,” Journal of Forensic Sciences, vol. 61, no.
[1] Foundation TO: SQL Injection, https://www.owasp.org/index 5, pp. 1337–1350, 2016.
.php/SQL Injection. [13] A. Azfar, K. R. Choo, and L. Liu, “Forensic taxonomy of android
[2] V. Prokhorenko, K.-K. R. Choo, and H. Ashman, “Web appli- productivity apps,” Multimedia Tools and Applications, pp. 1–29,
cation protection techniques: a taxonomy,” Journal of Network 2019.
and Computer Applications, vol. 60, pp. 95–112, 2016. [14] A. Azfar, K.-K. R. Choo, and L. Liu, “Android mobile VoIP
[3] B. D. A. Guimarães, Advanced SQL injection to operating apps: a survey and examination of their security and privacy,”
system full control, Black Hat Europe, white paper, 2009. Electronic Commerce Research, vol. 16, no. 1, pp. 73–111, 2016.
12 Security and Communication Networks

[15] A. Azfar, K. K. R. Choo, and L. Liu, “An android social app [31] S. Boyd and A. Keromytis, “SQLrand: preventing SQL injection
forensics adversary model,” in Proceedings of the 49th Hawaii attacks,” in Applied Cryptography and Network Security, pp.
International Conference on System Sciences (HICSS ’16), pp. 292–302, Springer, Berlin, Germany, 2004.
5597–5606, IEEE, Koloa, Hawaii, USA, January 2016. [32] S. Lee, W. Low, and P. Wong, “Learning fingerprints for a
[16] Y. Xie and A. Aiken, “Static detection of security vulnerabilities database intrusion detection system,” in Computer Security—
in scripting languages,” in Proceedings of the 15th Conference on ESORICS 2002, pp. 264–279, Springer, 2002.
USENIX Security Symposium, pp. 179–192, Vancouver, Canada, [33] F. Valeur, D. Mutz, and G. Vigna, “A learning-based approach to
2006. the detection of SQL attacks,” in Proceedings of the 2nd Interna-
[17] V. Livshits and M. Lam, “Finding security vulnerabilities in tional Conference on Detection of Intrusions and Malware, and
Java applications with static analysis,” in Proceedings of the Vulnerability Assessment (DIMVA ’05), pp. 123–140, Springer,
14th Conference on USENIX Security Symposium, pp. 18–25, Vienna, Austria, July 2005.
Baltimore, Md, USA, 2005. [34] A. Asmawi, Z. M. Sidek, and S. A. Razak, “System architecture
[18] M. S. Lam, J. Whaley, V. Benjamin Livshits et al., “Context for SQL injection and insider misuse detection system for
sensitive program analysis as database queries,” in Proceedings DBMS,” in Proceedings of the International Symposium on
of the 24th ACM SIGMOD-SIGACT-SIGART Symposium on Information Technology (ITSim ’08), Kuala Lumpur, Malaysia,
Principles of Database Systems (PODS ’05), pp. 1–12, New York, August 2008.
NY, USA, June 2005. [35] C. T. Giménez, A. P. Villegas, and G. Á. Marañón, HTTP
[19] C. Gould, Z. Su, and P. Devanbu, “JDBC checker: a static DATASET CSIC, 2010.
analysis tool for SQL/JDBC applications,” in Proceedings of the [36] “TECAPI I: List of Attack Vectors 2015,” http://www.tecapi
26th International Conference on Software Engineering (ICSE .com/public/relative-vulnerability-rating-gui.jsp.
’04), pp. 697–698, IEEE Computer Society, Edinburgh, UK, May
2004.
[20] G. Wassermann and Z. Su, “An analysis framework for security
in Web applications,” in Proceedings of the FSE Workshop
on Specification and Verification of Component-Based Systems
(SAVCBS ’04), pp. 70–78, Citeseer, 2004.
[21] W. G. J. Halfond and A. Orso, “Preventing SQL injection attacks
using AMNESIA,” in Proceedings of the 28th International
Conference on Software Engineering (ICSE ’06), pp. 795–798,
Shanghai, China, May 2006.
[22] W. G. J. Halfond and A. Orso, “AMNESIA: analysis and mon-
itoring for NEutralizing SQL-injection attacks,” in Proceedings
of the 20th IEEE/ACM international Conference on Automated
Software Engineering (ASE ’05), pp. 174–183, ACM, Long Beach,
Calif, USA, 2005.
[23] W. G. J. Halfond and A. Orso, “Combining static analysis and
runtime monitoring to counter SQL-injection attacks,” ACM
SIGSOFT Software Engineering Notes, vol. 30, no. 4, pp. 1–7,
2005.
[24] V. Prokhorenko, K. R. Choo, and H. Ashman, “Context-
oriented web application protection model,” Applied Mathemat-
ics and Computation, vol. 285, pp. 59–78, 2016.
[25] V. Prokhorenko, K. R. Choo, and H. Ashman, “Intent-based
extensible real-time PHP supervision framework,” IEEE Trans-
actions on Information Forensics and Security, vol. 11, no. 10, pp.
2215–2226, 2016.
[26] D. Scott and R. Sharp, “Abstracting application-level web
security,” in Proceedings of the 11th International Conference on
World Wide Web (WWW ’02), pp. 396–407, ACM, May 2002.
[27] D. Scott and R. Sharp, “Specifying and enforcing application-
level web security policies,” IEEE Transactions on Knowledge
and Data Engineering, vol. 15, no. 4, pp. 771–783, 2003.
[28] C. Brabrand, A. Møller, R. M. Christensen, and M. I.
Schwartzbach, “PowerForms: declarative client-side form field
validation,” World Wide Web Journal, vol. 7, no. 43, pp. 205–314,
2000.
[29] Sanctum Inc, AppShield 4.0 Whitepaper 2002, http://www
.sanctuminc.com.
[30] I. Kavado, InterDo Version 3.0, 2003, http://www.protegrity.com/
data-security-platform.
International Journal of

Rotating
Machinery

International Journal of
The Scientific
Engineering Distributed
Journal of
Journal of

Hindawi Publishing Corporation


World Journal
Hindawi Publishing Corporation Hindawi Publishing Corporation
Sensors
Hindawi Publishing Corporation
Sensor Networks
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

Journal of

Control Science
and Engineering

Advances in
Civil Engineering
Hindawi Publishing Corporation Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

Submit your manuscripts at


https://www.hindawi.com

Journal of
Journal of Electrical and Computer
Robotics
Hindawi Publishing Corporation
Engineering
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

VLSI Design
Advances in
OptoElectronics
International Journal of

International Journal of
Modelling &
Simulation
Aerospace
Hindawi Publishing Corporation Volume 2014
Navigation and
Observation
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
in Engineering
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Engineering
Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014
Hindawi Publishing Corporation
http://www.hindawi.com
http://www.hindawi.com Volume 2014

International Journal of
International Journal of Antennas and Active and Passive Advances in
Chemical Engineering Propagation Electronic Components Shock and Vibration Acoustics and Vibration
Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation Hindawi Publishing Corporation
http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014 http://www.hindawi.com Volume 2014

You might also like