Net applications. Firstly, the vast majority of ASP.Net applications are
deployed within Microsoft environments and use Microsoft SQL Server as the database
backend. An attacker can save some database fingerprinting time by assuming she is attacking
Microsoft SQL and using the appropriate attacks. Secondly, ASP.Net is the most
popular .Net web platform. Using this knowledge, attackers can attempt to compromise
applications with information about how queries are likely to be put together on the
backend. This little bit of information can go a long way when attempting to figure out
how to exploit a given SQL injection vulnerability.
For instance, a common attack against versions of SQL Server prior to 2005 is to call
the infamous xp_cmdshell stored procedure in the hope that the web application is
running with high database privileges. This attack is unique to Microsoft SQL Server
and is not worth attempting against other DBMS installations.
When performing whitebox testing against a new .Net application, one of your first
tasks is to look for locations where developers set the CommandText property on
SqlCommand objects. It is often easy to enumerate these calls by searching for
CommandText or CommandType.
Pages:
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241