An error-based attack is based on errors emitted by the database server, which allows understanding the database structure and exfiltrating database content.
- Allow an attacker to interfere with the queries that an application makes to its database.
- Retrieve information from the database an even extract data.
- Affect the authentication and authorization aspects of the application.
- Steal sensitive information stored in databases.
- Use of prepared statements (with parameterized queries).
- Use of stored procedures.
- Enforcing the least privilege.
Anonymous attacker from an intranet.
⌚ 60 minutes.
Default score using CVSS 3.1. It may change depending on the context of the src.
Default score using CVSS 4.0. It may change depending on the context of the src.
The application performs queries using standardized and sanitized parameters.
static void getQuery(param){
param = java.net.URLDecoder.decode(param, ""UTF-8"");
//Clean User parameters
cleanParam = getCleanValue(param)
//Do Query with a standard sentence
String sql = ""INSERT INTO users (username, password) VALUES ('foo','""+ cleanParam + ""')"";<br><br> try {
java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
} catch (java.sql.SQLException e) {
...
);
}
The application contains possible harmful time-delay query
static void getQuery(userSql){
try {
java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();<br><br> // make query without filtering user input
org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
} catch (java.sql.SQLException e) {
...
);
}