Platzi: Plataforma de aprendizaje profesional online

Holiver Hurtado

student

The query string

http://www.example.com/servicestatus.php?serviceID=420&serviceID=420'%20;DROP%20TABLE%20Services;--

contains malicious code injected into a legitimate web request. Here's a breakdown of the injected code and why it constitutes a SQL injection:

serviceID=420
: This is a standard parameter value.
serviceID=420'
: The single quote (
'
) is a common character used to break out of the intended data field in a SQL query. If the application's code is vulnerable, it might take the value of
serviceID
and insert it directly into a SQL statement like this:
SELECT status FROM Services WHERE serviceID = '420';
. The injected quote changes this to
SELECT status FROM Services WHERE serviceID = '420'
. The second quote makes the database interpret the rest of the string as a new command.
%20
: This is the URL-encoded representation of a space.
;
: This is a command separator in SQL. It allows the attacker to terminate the first SQL command and begin a new one.
DROP TABLE Services;
: This is the malicious SQL command. The
DROP TABLE
statement is used to delete an entire table from the database. In this case, the attacker is trying to delete the
Services
table.
--
: This is a comment marker in SQL. It tells the database to ignore the rest of the line. The attacker uses this to "comment out" the rest of the original query, preventing a syntax error that would otherwise be caused by the trailing single quote from the application's original query.

This attack is known as a SQL injection because the attacker is injecting SQL code into an application's input fields to manipulate the database.

A. Cross-site scripting (XSS): XSS attacks involve injecting malicious client-side scripts (like JavaScript) into web pages viewed by other users. The goal is to steal cookies, session tokens, or other sensitive information. The code in the query string is not JavaScript; it's SQL.
B. On-path (formerly man-in-the-middle): An on-path attack involves an attacker secretly relaying and possibly altering the communication between two parties who believe they are directly communicating with each other. This attack is executed by manipulating the application's input, not by intercepting network traffic.
C & D. Session hijacking: Session hijacking is a type of attack where an attacker takes over a user's session after the user has authenticated themselves to a server. This is often done by stealing or guessing the session ID. The provided query string doesn't attempt to steal or use a session ID.

Bienvenido a Platzi