<<< Date Index >>>     <<< Thread Index >>>

SQL Smuggling



After our corporate website reshuffling, I thought that now would be a good 
time to send this here too...
We released a research paper a few months ago, regarding a sub-class of SQL 
Injection that has not received attention till now. The crux is that when it 
comes to SQLi, protection and detection do not typically take the architecture 
into account; this can allow smuggling attacks which are not blocked or 
discovered.

The paper can be found at:
http://www.ComsecGlobal.com/framework/Upload/SQL_Smuggling.pdf 

>From the paper:
"This paper will present a new class of attack, called SQL Smuggling. SQL 
Smuggling is a sub-class of SQL Injection attacks that rely on differences 
between contextual interpretation performed by the application platform and the 
database server.  While numerous instances of SQL Smuggling are commonly known, 
it has yet to be examined as a discrete class of attacks, with a common root 
cause. The root cause in fact has not yet been thoroughly investigated; this 
research is a result of a new smuggling technique, presented in this paper. It 
is fair to assume that further study of this commonality will likely lead to 
additional findings in this area. 

SQL Smuggling attacks can effectively bypass standard protective mechanisms and 
succeed in injecting malicious SQL to the database, in spite of these 
protective mechanisms. This paper explores several situations wherein these 
protective mechanisms are not as effective as assumed, and thus may be bypassed 
by malicious attackers. This in effect allows an attacker to succeed in 
"smuggling" his SQL Injection attack through the applicative protections, and 
attack the database despite those protections.  "

Of course, I'm looking forward to hearing about other instances of this...

Cheers,
AviD