attacks against database by: behnam hossein ami rnrn i { }
TRANSCRIPT
Attacks Against
Databaseg
By:
Behnam
HosseinAmi
R
Ni{ }
Top 10 Database Attacks1) Excessive Privilege Abuse 2) Legitimate Privilege Abuse 3) Privilege Elevation 4) Database Platform Vulnerabilities 5) SQL Injection 6) Weak Audit7) DOS8) Database Communication Protocol Vulnerabilities 9) Weak Authentication 10)Backup Data Exposure
}Privilege Attacks
Privilege Attacks
1)Excessive Privilege Abuse University operator … Query-Level Access Control
2)Legitimate Privilege AbuseExport patient record Control volume of data retrieved
3)Privilege ElevationUse buffer overflow to become
admin IPS and Query-Level Access Control
Mise
rab
le Pa
rt …
4. Database Platform Vulnerabilities
Vulnerabilities in operating systems
0 Day AttacksUnpatched Systems
Windows server 2008Year
# of Vulnerabilitie
s DoS
Code Executi
on Overfl
ow
Memory
Corruption
Sql Injecti
on XSS
Directory
Traversal
Http Respo
nse Splittin
g
Bypass something
Gain Information
Gain Privile
ges CSRF
File Inclusi
on
# of exploit
s
2007 1 1
2008 20 3 11 8 2 1 5 9
2009 78 8 47 16 15 1 2 13 1
2010 91 25 37 16 14 1 5 3 26 5
2011 105 18 17 11 10 4 3 2 66 2
2012 51 5 16 7 3 3 24
2013 104 18 23 24 7 1 2 2 66 5
2014 38 9 12 5 3 7 4 12 4
Total 488 86 164 87 51 5 1 21 17 212 26
% Of All 17.6 33.6 17.8 10.5 0.0 1.0 0.2 0.0 4.3 3.5 43.4 0.0 0.0
Windows server 2008
Year # of Vulnerabilities
DoS Code Execution
Overflow
Memory Corruptio
n
Sql Injection
XSS Directory
Traversal
Http Response Splitting
Bypass
something
Gain Information
Gain Privileges
CSRF File
Inclusion
# of exploits
2012 5 2 2 1 2
2013 51 12 17 18 3 1 2 2 21 4
2014 38 9 11 5 3 6 5 12 4
Total 94 21 30 25 6 1 9 7 35 8
% Of All 22.3 31.9 26.6 6.4 0.0 0.0 1.1 0.0 9.6 7.4 37.2 0.0 0.0
Windows server 2012
Windows server 2012
Year # of Vulnerabilities
DoS Code Execution
Overflow
Memory Corruptio
n
Sql Injection
XSS Directory
Traversal
Http Response Splitting
Bypass
somethin
g
Gain Information
Gain Privileges
CSRF File
Inclusion
# of exploits
2013
7 4 4 3 2 1
2014
38 8 13 5 4 5 5 12 4
Total 45 12 17 8 6 5 5 13 4
% Of All 26.7 37.8 17.8 13.3 0.0 0.0 0.0 0.0 11.1 11.1 28.9 0.0 0.0
Windows 8.1
Windows 8.1
SQL Server2005 sp3
Year # of Vulnerabilities
DoS Code Execution
Overflow
Memory Corruptio
n
Sql Injection
XSS Directory
Traversal
Http Response Splitting
Bypass
something
Gain Information
Gain Privileges
CSRF File
Inclusion
# of exploits
2009 8 8 6 3
2011 1 1
Total 9 8 6 3 1
% Of All 0.0 88.9 66.7 33.3 0.0 0.0 0.0 0.0 0.0 11.1 0.0 0.0 0.0
SQL Server2005 sp3
MySQL
Year # of
Vulnerabilities
DoS Code Execution Overflow
Memory Corruptio
n Sql
Injection XSS Directory Traversal
Http Response Splitting
Bypass something
Gain Informatio
n Gain
Privileges CSRF File Inclusion
# of exploits
2000 3 1 1
2001 6 1 2 3 1 3
2002 8 2 3 1 1
2003 5 1 2 2 1
2004 9 4 2 3 1
2005 11 3 4 1 1 1
2006 14 5 2 2 2 1 2 1
2007 10 4 1 1 1 3 2
2008 6 1 1 1 1 3
2009 7 4 1 1 1 2 1
2010 6 2 1 1 1 1
2011 16 16
2012 59 3 2 2 1 1
2013 43 1 2
2014 38 1 1 1
Total 241 47 23 20 1 4 1 3 10 4 9 4
% Of All 19.5 9.5 8.3 0.4 1.7 0.4 1.2 0.0 4.1 1.7 3.7 0.0 0.0
MySQL
Wappalyzer
5. SQL Injection;--
Pentest Monky.NETMSSQL Injection Cheat SheetOracle SQL Injection Cheat SheetMySQL SQL Injection Cheat Sheet…
SQLmap a cool tool
6. Weak Audit
• Problems of usual database audit tools– Lack of User Accountability – Performance Degradation– Separation of Duties
7. DOS• Drawback of the “account locking” feature• DDOSControl in source
DDOS Targets
8. Database Communication Protocol Vulnerabilities
SQL is standardNo standard exists for:– Creating Client session– Conveying commands from client to server– Conveying data and status from server to client
9. Weak Authentication
Brute Force Strong Authentication, Biometric,
… Integration Failed login Detection
Social EngineeringDirect Credential Theft
password complexity checkhttps://www.grc.com/haystack.htm
10. Backup Data Exposure
The best Solution for all problems…
GODMr. Ker@m@t Pour
& U
Special TNX to: