APPLICATION PENETRATION TEST SUPER VEDA

Application Penetration Test for Super Veda- Sample Report -5 DETAILED RESULTSFollowing is detailed explanation of the above results.5.1 READING THE ENTIRE DATABASE CONTENTSSeverity: CriticalAn attacker can alter the address of some of the application Web pages insuch a way that will enable him to query the internal database for all itsinformation. As a result the attacker can steal the entire collection ofinformation within the database, including all the registered usernames,passwords, and credit card numbers. The attacker can generally begranted access to all the information in the database using a manipulationon the input of an SQL query.This attack can be performed on several of the site's pages:5.1.1 showproducts.aspIn the showproducts.asp page the CatID parameter's value is taken andused in a SQL query for the list of products that match this category. ForCatID=1 for example a list of all the Books in the database will beformatted and shown to the client. Since the value of the CatID is notchecked during the SQL query formatting, an attacker can inject his querystring into the CatID value causing the SQL query to return from thedatabase any list that matches the required format.The attacker uses the UNION SELECT directive in order to add anotherSELECT statement to the existing one. This second query can be done onany of the entire list of tables within the database.The first step in the attack is a trial done by the attacker to see if theapplication checks for SQL injection. This is done by adding the stringUNION SELECT * FROM users WHERE 1=1 to the CatID value, giving this URL:http://veda2.imperva.com/showproducts.asp?CatID=1 UNION SELECT * FROM usersWHERE 1=1ImpervaPage14 of73