TopAttack - Úvod  Hacking  Top Attack  Infiltration  Communication  Webové útoky (67)  Síťové útoky (32)  Databázové útoky (7)

Úvod  Web  Database  Síťové 






Excessive privileges




When users (or applications) are granted database privileges that exceed the requirements of their job function, these privileges may be used to gain access to confidential information. For example, a university administrator whose job requires read-only access to student records may take advantage of excessive update privileges to change grades.


Privilege abuse




Users may abuse legitimate data access privileges for unauthorized purposes. For example, a user with privileges to view individual patient records via a custom healthcare application client may abuse that privilege to retrieve all patient records via a MS-Excel client.


Unauthorized privilege elevation




Attackers may take advantage of vulnerabilities in database management software to convert low-level access privileges to high-level access privileges. For example, an attacker might take advantage of a database buffer overflow vulnerability to gain administrative privileges


Platform vulnerabilities




Vulnerabilities in underlying operating systems may lead to unauthorized data access and corruption. For example, the Blaster worm took advantage of a Windows 2000 vulnerability to take down target servers.


SQL injection




SQL injection attacks involve a user who takes advantage of vulnerabilities in front-end web applications and stored procedures to send unauthorized database queries, often with elevated privileges. Using SQL injection, attackers could even gain unrestricted access to an entire database.


Weak audit




Weak audit policy and technology represent risks in terms of compliance, deterrence, detection, forensics and recovery.


Denial of service




Denial of service (DoS) may be invoked through many techniques. Common DoS techniques include buffer overflows, data corruption, network flooding and resource consumption. The latter is unique to the database environment and frequently overlooked


Database protocol vulnerabilities




Vulnerabilities in database protocols may allow unauthorized data access, corruption or availability. For example, the SQL Slammer worm took advantage of a Microsoft SQL Server protocol vulnerability to execute attack code on target database servers.


Weak authentication




Weak authentication schemes allow attackers to assume the identity of legitimate database users. Specific attack strategies include brute force attacks, social engineering, and so on


Exposure of backup data




Some recent high profile attacks have involved theft of database backup tapes and hard disks.