Hello everyone, I was reading SQL WILDCARD DOS http://www.portcullis-security.com/uplds/wildcard_attacks.pdf and I was wondering if Nessus can detect if SQL is vulnerabile to the Wildcard DOS that is outlined in the above pdf.
Majority of the Microsoft SQL Server based web applications are vulnerable to this attack. Other databases could be vulnerable depending on how the applications implement search functionalities although common implementation of the search functionality in SQL Server back-end applications is vulnerable. TESTING FOR SQL WILDCARD DOS http://www.portcullis-security.com/uplds/wildcard_attacks.pdf Testing is quite simple; just craft a query which will not return a result4 and includes several wildcards. Send this data through the search feature of the application. If the application takes more time than a usual search, it is vulnerable. More details about crafting a wildcard attack can be found under Crafting Search Keywords below. During testing I used the Web Application Stress Tool5 to carry out attacks. Any similar tool can be employed for this purpose. REAL WORLD IMPACT It has been said that this issue affects almost all SQL Server backend systems with a search feature. PROTECTION It is important to realise that wildcard attacks are not the result of a flaw at the database level, it is the application that is at fault. The application should be responsible for filtering wildcards. The subsections below detail some mitigation strategies which can be implemented at the application level to protect against wildcard attacks. Take Care and Have Fun --John
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
