Report Penetration Test: Examples of Exploitation Findings (en)
Exploit Findings: SQL Injection Vulnerability in Web Applications
Vulnerabilities Discovered:
SQL Injection (SQLi) is a security vulnerability where an attacker can insert or modify SQL queries executed by an application. In this case, it was discovered that the input provided to the “username” parameter on the web application’s login page was vulnerable to SQL injection due to inadequate input validation. This allowed an attacker to execute SQL commands that were not intended by the application, potentially granting unauthorized access to sensitive data or administrative privileges to the database.
Exploit Steps Performed:
- Step 1: Identify Vulnerable Parameters We started by examining the application’s login form. When invalid input, such as `' OR '1'='1` into the “username” field and leaving the “password” field blank, was entered, the login page returned an incorrect response indicating a possible SQL Injection vulnerability.
- Step 2: Test for SQL Injection After identifying the vulnerable parameters, we tested with a simple payload:
' OR '1'='1' --
This payload causes the SQL query that should be:
SELECT * FROM users WHERE username='[input_user]' AND password='[input_password]';
to become:
SELECT * FROM users WHERE username= OR '1'='1' -- ' AND password=;
Since the expression `1=1` is always true, the application grants access without verifying the password.
- Step 3: Verify Unauthorized Access After inserting the above payload, the application grants direct access to the user account without verifying the correct credentials. This confirms that the application is vulnerable to SQL Injection.
- 3. Supporting Evidence:
- Screenshot 1: SQL injection payload inserted in the “username” field on the login page.
- Screenshot 2: Application response after injection, showing unauthorized access to user account.
- Screenshot 3: Successfully executed SQL query in the background (taken from server log), showing query manipulation by SQL injection.
Impact:
With this vulnerability, an attacker could gain unauthorized access to the system, steal user information, or even escalate privileges to gain full control over the database. If left unaddressed, this risk could lead to data leakage or malicious modification of the system.
Recommendations:
- Implement prepared statements or parameterized queries to prevent SQL injection.
- Perform strict input validation by limiting acceptable characters in input fields.
- Conduct regular audits of applications and databases to detect and fix similar vulnerabilities.
Conclusion:
The SQL Injection vulnerability found in this web application is a high risk that must be fixed immediately to prevent unauthorized access and misuse of data.