Test Your Protection Against SQL Injection with PHP
As we discussed in previous articles, an important part of keeping your scripts secure is to test them for protection against possible vulnerabilities.
The best way to make certain that you have protected yourself against injection is to try it yourself, creating tests that attempt to inject SQL code. For help and guidance in this task, you will probably find it useful to consult the amusing and revealing detailed instructions on just how to carry out an injection exploit, which can be found at http://www.issadvisor.com/columns/SqlInjection3/sql-injection-3-exploit-tables_files/frame.htm and http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html. Here we present a sample of such a test, in this case testing for protection against injection into a SELECT statement.
-
<?php
-
// protection function to be tested
-
function safe( $string ) {
-
}
-
// connect to the database
-
///////////////////////
-
// attempt an injection
-
///////////////////////
-
$exploit = "lemming’ AND 1=1;";
-
// sanitize it
-
$safe = safe( $exploit );
-
$query = "SELECT * FROM animals WHERE name = $safe";
-
// test whether the protection has been sufficient
-
exitt "Protection succeeded:\n
-
exploit $exploit was neutralized.";
-
}
-
else {
-
exploit $exploit was able to retrieve all rows." );
-
}
-
?>
If you were to create a suite of such tests, trying different kinds of injection with different SQL commands, you would quickly detect any holes in your sanitizing strategies. Once those were fixed, you could be sure that you have real protection against the threat of injection.
1 Comment
Comments RSS Feed TrackBack URL
Sorry, the comment form is closed at this time.
December 7th, 2007 at 8:53 pm
…And here’s the unit testing. How lovely! You’ve really gone to town with this SQL injection stuff.
Kudos!