According to this report , you can perform SQL injection through a User-Agent. I would like to understand how it works, and how to protect against such attacks?
1 answer
User-Agent checks the database with a command like this:
cursor.execute(""" SELECT * FROM log WHERE user_agent = '{}' """.format(user_agent)) We have a User-Agent:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87'XOR(if(now()=sysdate(),sleep(5*5),0))OR' At the same time we get the SQL command:
SELECT * FROM log WHERE user_agent = 'Mozilla/5.0...'XOR(if(now()=sysdate(),sleep(5*5),0))OR'' Profit
SQLFiddle working example
You can protect yourself by using parametric queries:
cursor.execute(""" SELECT * FROM log WHERE user_agent = ? """, user_agent) Code examples - in Python
Sergey Nudnov Sergey Nudnov
3,450 one 6 17
|