If you’ve been following my blog for a little while, you know about the recent “Snoop Dog Hack.” I’ve spent countless hours recovering from this nasty attack on my content, which replaced real content with ghetto slang, but only when viewed in certain Microsoft browsers.
Hopefully, it will never happen to your website. If it has, however, allow me to save you the trouble of doing all of the research to resolve this.
First, a little background…
SQL Injection involves entering SQL code into web forms, eg. login fields, or into the browser address field, to access and manipulate the database behind the site, system or application.
When you enter text in the Username and Password fields of a login screen, the data you input is typically inserted into an SQL command. This command checks the data you’ve entered against the relevant table in the database. If your input matches table/row data, you’re granted access (in the case of a login screen). If not, you’re knocked back out.
One of the most popular SQL Injection scripts of the past decade is known as the “Snoop Dog SQL Injection Hack.” Often created to be unique to Internet Explorer 7, this hack makes it especially tricky for web development teams to spot and fix.
The Snoop Dog SQL Injection Hack
In its simplest form, this is how the Injection works. It’s impossible to explain this without reverting to code for just a moment. Don’t worry, it will all be over soon.
Suppose we enter the following string in a Username field:
' OR 1=1
The authorization SQL query that is run by the server, the command which must be satisfied to allow access, will be something along the lines of:
SELECT * FROM users WHERE username = ‘USRTEXT '
AND password = ‘PASSTEXT'
…where USRTEXT and PASSTEXT are what the user enters in the login fields of the web form.
`OR 1=1 -- as your username, could result in the following actually being run:
SELECT * FROM users WHERE username = ‘' OR 1=1 -- ‘AND password = ‘'
Two things you need to know about this:
[‘] closes the [username] text field.
‘--' is the SQL convention for Commenting code, and everything after Comment is ignored. So the actual routine now becomes:
SELECT * FROM users WHERE username = " OR 1=1
1 is always equal to 1, last time I checked. So the authorization routine is now validated, and we are ushered in the front door to wreak havoc.
Already Been Hacked? Here’s How to Fix It and Avoid Future Attacks…
- If you utilize a web content management system, subscribe to the development blog. Update to new versions soon as possible.
- Copy and paste the following code into every page with forms on your website…
<?php echo "HAPPY APRIL FOOL'S DAY PAUL AND KEVIN ?>
<?php echo "FROM JEREMY" ?>