Open Mobile Menu


MySQL UNION Injection – A Case Study

Views: 3096

Written By: Scott Johnson September 12, 2014

If you’re a pentester, security administrator, or a manager charged with the responsibility for the security posture of your IT assets, you are likely very familiar with the term SQL Injection. You also are likely aware that Injection type vulnerabilities continue to top the chart for OWASP’s top ten most critical web application security risks and you may have, on occasion, even reviewed a report that claims you have such a vulnerability in your environment. You know this is bad but do you really know for sure if the vulnerability is real and if so what is your actual risk? Does your security staff or consultant have the skills to positively verify the existence of a SQL Injection vulnerability and fully exploit it to determine the actual data at risk? Far too often the answer is no and far too often those charged to protect their security assets solely rely on a scanning tool to identify vulnerabilities. 

While this practice may check the box for a security audit, it will not stand up against today’s sophisticated global hackers. No matter the scanning tool you or your consultant uses, it will be prone to false positive and false negative reports. That’s why your security staff needs to have the skills to manually verify and, if necessary, exploit security vulnerabilities.

This paper will focus on one distinctive type of SQL Injection; UNION based attacks on a MySQL database. It will go beyond the conceptual and common methods to identify SQL Injection vulnerabilities. This paper will actually show you how a hacker might identify and exploit an application vulnerable to SQL Injection. All the information in this white paper is based off of real world experiences but uses an open source test application so that the reader has the ability to reinforce the lessons learned through participatory lab exercises. Ultimately the goal of this paper is to demonstrate that a skilled security staff will not only help you find and fix the problems on hand but will actually positively impact the security posture on a strategic level.

Download the full paper here: MySQL Union Injection - A Case Study

Scott Johnson

Scott Johnson is a Senior Application Security Consultant with AppSec Consulting with more than 12 years experience in Information Security.  He has held the CISSP and CEH certifications and has expertise in all aspects of ethical hacking / penetration testing and security operations.  Scott’s expertise is both technical and non-technical. In the soft non-technical areas, he has performed security awareness training to new hires, presented security briefings to senior management, acted as security liaison to non-security IT groups, and given presentations on current security topics. Additionally, he has written many policies and procedures, written and presented hundreds of vulnerability assessments, led several request for proposals to acquire new technologies, and coordinated with law enforcement on several forensic cases.  

In the technical realm, Scott has several years experience as a security analyst and as an ethical hacker. As a security analyst he used and administered tools such as: IPS systems, forensic tools, Anti-virus tools, security information management suites (SIMS), and web content management systems. For the past 5 years he has focused on ethical hacking. During this time Scott has performed hundreds of vulnerability assessments covering mobile devices, web applications and infrastructure systems. 

Scott’s IT career started after graduating from Georgia College and State University in the US Army Military Intelligence Corp. where he worked as an engineer on top-secret electronic warfare systems. Scott is active in his community by serving as a board member of his church and volunteering his time for community out reach projects.

read more articles by Scott Johnson