Textual Manipulation for SQL Injection Attacks

Full Text (PDF, 673KB), PP.26-33

Views: 0 Downloads: 0

Author(s)

Hussein AlNabulsi 1,* Izzat Alsmadi 2 Mohammad Al-Jarrah 1

1. Department of Computer Engineering, Yarmouk University, Irbid, Jordan

2. Department of Information Systems, Prince Sultan University, Riyadh, KSA

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2014.01.04

Received: 4 Feb. 2013 / Revised: 27 May 2013 / Accepted: 16 Aug. 2013 / Published: 8 Nov. 2013

Index Terms

Network security, vulnerability, Intrusion detection systems, SNORT, vulnerability assessment, rule-based detection

Abstract

SQL injection attacks try to use string or text manipulations to access illegally websites and their databases. This is since using some symbols or characters in SQL statements may trick the authentication system to incorrectly allow such SQL statements to be processed or executed. In this paper, we highlighted several examples of such text manipulations that can be successfully used in SQL injection attacks. We evaluated the usage of those strings on several websites and web pages using SNORT open source.  We also conducted an extensive comparison study of some relevant papers.

Cite This Paper

Hussein AlNabulsi, Izzat Alsmadi, Mohammad Al-Jarrah, "Textual Manipulation for SQL Injection Attacks", International Journal of Computer Network and Information Security(IJCNIS), vol.6, no.1, pp.26-33,2014. DOI:10.5815/ijcnis.2014.01.04

Reference

[1]U Aickelin, J Twycross and T HeskethRoberts, "Rule Generalisation using Snort", International Journal of Electronic Security and Digital Forensics (IJESDF), April 2008.
[2]Martin Roesch, "Snort — Light Weight Intrusion Detection for Networks", Proceedings of LISA '99: 13th Systems Administration Conference, November 1999.
[3]Mohammad Dabbour, IzzatAlsmadi and EmadAlsukhni,” Efficient Assessment and Evaluation for Websites Vulnerabilities Using SNORT”, International Journal of Security and its Applications IJAST, Vol. 7, No. 1, January 2013.
[4]Ashley Deuble, “Detecting and Preventing Web Application Attacks with Security Onion”, SANS Institute, 26th July 2012.
[5]Brad Warneck, “Defeating SQL Injection IDS Evasion”, SANS Institute, January 4th 2007.
[6]K. K. Mookhey, NileshBurghate, "Detection of SQL Injection and Cross-site Scripting Attacks”, SecurityFocusInfocus article, Created March 2004, Updated Nov 2010.
[7]GerrieVeerman, RazvanOprea, “Database SQL Injections Detection & Protection”, University van Amsterdam, May 30, 2012.