Injection flaws

Everyday we see attacks happening and most of them happen because of present vulnerabilities in the system. Many organizations use legacy code, functions etc. This can lead to exposures and breaches. Injection flaw is one of the popular vulnerabilities, which is critical. The following is a brief explanation on what an injection flaw is.

Injection flaws such as SQL, OS and LDAP injection, takes place when someone (an attacker) sends data to a database or interpreter as a part of command or query. If a malicious code is sent as a query and it successfully injects a code in the system, subsequently this can result in a breach where the attacker can gain usernames and passwords to confidential information, PII, delete data or even invoke stored procedures. Any source of data can be an injection vector, such as: environment variables, parameters, external and internal web servers, and even users.

To mitigate this vulnerability, we should investigate the legacy code, as often companies use older legacy functions, and unpatched systems which remains untouched. In my experience, many decision-making leaders think that if the system is working why tamper with it, which results into a breach. Specifically, injection flaws are often found in SQL, LDAP, Xpath, OS commands, XML parsers, SMPT headers, expression languages and ORM queries. Today’s technology has given us great tools to discover this vulnerability and how to avoid any exploitation (which is also available to attackers for free) such as Nmap and Metasploit which can easily scan a web site by commands/script and as such informs about all the open ports, OS, potential vulnerabilities etc. In a scenario of a small business which cannot afford any help from an MSSP, they can educate themselves/Internal IT team and perform vulnerability scans, risk assessment, and prepare a time sensitive strategy to improve their legacy systems. One of the cost effective and compensative measures (as per my knowledge) would be adding software to their current network which provides stronger firewall, IDPS, access controls, and continuous monitoring which can alert and respond to actions which are assumed as malicious.

I really liked Professor Messer’s video on Injection attacks. Very Informative !!!

Leave a Reply

Your email address will not be published. Required fields are marked *