The Defenseless Defender - SQL Query Embedded in URL

 
 
By eweek  |  Posted 2007-09-07
 
 
 

The Defenseless Defender

Even the militaries of major countries are guilty of lax security and weak patching. Heres the story of one European nation that left its doors wide open.

The Defenseless Defender

The Defenseless Defender - Defense Department for Dummies

Sunbelt Software on July 18 came across a SQL command passed as a query within a URL belonging to a European defense department. With that, any visitor can pass queries in the URL straight to the back-end database and squeeze out any data it contains.

The Defenseless Defender - Defense Department for Dummies

The Defenseless Defender - SQL Query Embedded in URL

This is the URL of a defense department in a European country. Its name and the search terms used to reveal the contents of the back-end database have been obscured, and the language in places has been rendered in English to more thoroughly protect the co

The Defenseless Defender - SQL Query Embedded in URL

The Defenseless Defender - The Ever-Helpful Error Message

At one point, Sunbelt Vice President of Product Management Greg Krass changed his select statement to include information schema columns, which he expected would give him the database structure. This image shows two of the error messages he received, whic

The Defenseless Defender - The Ever-Helpful Error Message

The Defenseless Defender - Determining the Operating System

Finding out which operating system is in use is trivial. Krass typed this query into the URL: &strsql=select+%2A+from+test.txt, which returned the error message shown in this image. The error message references the c:\ directory, which had been called C W

The Defenseless Defender - Determining the Operating System

The Defenseless Defender - The Payoff

Data that can be retrieved from the defense agencys Web site include a table of what appears to be job bids, with base names and locations, and various details regarding distribution fuels, warehousing and barracks.

The Defenseless Defender - The Payoff

The Defenseless Defender - It\s *Still* Vulnerable

As of Sept. 6, the site still hadnt been fixed, in spite of Sunbelt having twice been assured by security researchers from the country in question that they had notified the defense agency and that the problems with the site had been fixed.

The Defenseless Defender - It\s *Still* Vulnerable

The Defenseless Defender - See More Slide Shows Like This One!

  • Worst Data Breaches Ever
  • The Most Poisonous Bugs
  • The Defenseless Defender - See More Slide Shows Like This One!

  • Rocket Fuel