TopAttack - Úvod  Hacking  Top Attack  Infiltration  Communication  Webové útoky (67)  Síťové útoky (32)  Databázové útoky (7)

Úvod  Web  Database  Síťové 

Database

Název

 

Popis

Port

Excessive privileges

 

 

 

When users (or applications) are granted database privileges that exceed the requirements of their job function, these privileges may be used to gain access to confidential information. For example, a university administrator whose job requires read-only access to student records may take advantage of excessive update privileges to change grades.

 

Privilege abuse

 

 

 

Users may abuse legitimate data access privileges for unauthorized purposes. For example, a user with privileges to view individual patient records via a custom healthcare application client may abuse that privilege to retrieve all patient records via a MS-Excel client.

 

Unauthorized privilege elevation

 

 

 

Attackers may take advantage of vulnerabilities in database management software to convert low-level access privileges to high-level access privileges. For example, an attacker might take advantage of a database buffer overflow vulnerability to gain administrative privileges

 

Platform vulnerabilities

 

 

 

Vulnerabilities in underlying operating systems may lead to unauthorized data access and corruption. For example, the Blaster worm took advantage of a Windows 2000 vulnerability to take down target servers.

 

SQL injection

 

 

 

SQL injection attacks involve a user who takes advantage of vulnerabilities in front-end web applications and stored procedures to send unauthorized database queries, often with elevated privileges. Using SQL injection, attackers could even gain unrestricted access to an entire database.

 

Weak audit

 

 

 

Weak audit policy and technology represent risks in terms of compliance, deterrence, detection, forensics and recovery.

 

Denial of service

 

 

 

Denial of service (DoS) may be invoked through many techniques. Common DoS techniques include buffer overflows, data corruption, network flooding and resource consumption. The latter is unique to the database environment and frequently overlooked

 

Database protocol vulnerabilities

 

 

 

Vulnerabilities in database protocols may allow unauthorized data access, corruption or availability. For example, the SQL Slammer worm took advantage of a Microsoft SQL Server protocol vulnerability to execute attack code on target database servers.

 

Weak authentication

 

 

 

Weak authentication schemes allow attackers to assume the identity of legitimate database users. Specific attack strategies include brute force attacks, social engineering, and so on

 

Exposure of backup data

 

 

 

Some recent high profile attacks have involved theft of database backup tapes and hard disks.