the-web-application-hackers-handbook

CHAPTER
9
Attacking Data Stores
Nearly all applications rely on a data store to manage data that is processed
within the application. In many cases this data drives the core application logic,
holding user accounts, permissions, application configuration settings, and more.
Data stores have evolved to become significantly more than passive containers
for data. Most hold data in a structured format, accessed using a predefined
query format or language, and contain internal logic to help manage that data.
Typically, applications use a common privilege level for all types of access
to the data store and when processing data belonging to different application
users. If an attacker can interfere with the application’s interaction with the data
store, to make it retrieve or modify different data, he can usually bypass any
controls over data access that are imposed at the application layer.
The principle just described can be applied to any kind of data store technology.
Because this is a practical handbook, we will focus on the knowledge
and techniques you need to exploit the vulnerabilities that exist in real-world
applications. By far the most common data stores are SQL databases, XMLbased
repositories, and LDAP directories. Practical examples seen elsewhere
are also covered.
In covering these key examples, we will describe the practical steps that you
can take to identify and exploit these defects. There is a conceptual synergy in
the process of understanding each new type of injection. Having grasped the
essentials of exploiting these manifestations of the flaw, you should be confident
that you can draw on this understanding when you encounter a new category
287