If you are making use of OpenX, the following update fixes a number of security flaws that were identified when we made use of Acunetix WVS with the Acusensor technology enabled. Released an advisory detailing these vulnerabilities here. The SQL injection vulnerabilities abuse an INSERT statement and therefore an attacker, or normal web application scanner will not find such a vulnerability so easily.

Why not?

Unlike SQL injection of SELECT statements, when exploiting INSERT statements an attacker is not given any sort of feedback. With a SELECT statement an attacker might receive back errors from the SQL server or, in the case of a blind SQL injection, might change the logic of the result. The Wikipedia page about SQLi conditional responses explains this idea – an attacker knows that 1=1 will return a match, while 1=2 will not. This allows attackers and automated tools to confirm a blind SQL injection when the response page is as expected.

However these methods do not work with SQL injection in INSERT statements, since they do not usually change the way that the page is handled. Acusensor bypasses these limitations by hooking the vulnerable PHP script and identifying SQL injection when it occurs. Information from Acusensor is sent back to the Acunetix WVS, thus providing a full trace of where the vulnerability is, at which line and what the SQL statement looks like.

Watch the demonstration to see for yourself how Acunetix WVS made finding these flaws easy.

Click here for high quality version

Be Sociable, Share!

•