About this blog

I'm a developer with over 10 years experience who wants to transition to infosec. This blog is an informal record of my experiments with OWASP's Mutillidae II, a web application exhibiting a multitude of deliberate vulnerabilities. I will also take Offensive Security's PWK training course and get the OSCP certificate

Tuesday, 30 August 2016

DOS using sqli

With any sqli it's easy to completely clog up a service.  In the case of login.php, we can just add the following:

' or (select(sleep(60)));#

This will effect a 60 second sleep for every row present in the accounts table.  Like this it will be easy to totally exhaust the connection pool.  Doing that a lot or for a decent duration is bound to attract the attention of any company, and would be fixed ASAP.  Unless the DOS was for some specific high-value purpose (like preventing votes within a certain time period) then it would be a 'waste' of a sqli to do such a thing.  

However an attacker could be more subtle and merely degrade the service by clogging up some fraction of the connection pool or introducing smaller delays across the whole pool, leading to customer dissatisfaction which could also be damaging (e.g. in low latency situation, such as retrieving highly volatile time-sensitive data).  The target company would likely find this sort of thing harder to identify and track down, especially if the attacker did it intermittently.
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)