Ascii encoded binary injection attacks

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Hendeca
Forum Commoner
Posts: 29
Joined: Tue Nov 18, 2008 1:27 pm

Ascii encoded binary injection attacks

Post by Hendeca »

Hi all,

I've been reading about ascii encoded binary injection attacks that are carried out my bots and target vulnerable pages. You can read about them here:

http://gala4th.blogspot.com/2009/01/asc ... mated.html

My question is this:

It seems as though pages that escape SQL queries are still safe, but the solutions listed on the pages I've read about these attacks seem much more complicated. I'm not sure I fully understand the solution from the page above or how to carry it out. Can anyone tell me how whether or not escaping quotes works for this problem?

Thanks!
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Ascii encoded binary injection attacks

Post by kaisellgren »

Before talking about escaping data that goes into the SQL database, you need to define what RDBMS you are using. MySQL? SQL Server?

It seems that you are using SQL Server. SQL Server uses Sybase -style escaping scheme while MySQL uses slashes to escape. Properly enclosing data within quotes and escaping will usually do. If you are not passing user input as values, for instance, you are passing them into "ORDER BY $order", then you need proper input filtering.
Post Reply