Wednesday, September 15, 2010

Does My Website Have a Database?

 
One way a website can be compromised
is by way of SQL Injection.
SQL injection is malware code that
is injected into your website database.

However, it makes no sense to even
consider the possibility of SQL
Injection if your website has no database.

Here's some simple steps to help you
decide whether or not your website
has a database.

The steps are based on a simple idea.
If there is no select statement
in any of the files, it seems unlikely
(impossible?) that the website could have
a database.

The select statement is how databases
are read. Would anyone ever build a website
that has no select statement? Probably not.
It makes no sense to have a database that you
never read. The reading of files (or database
tables in this case) is the most basic file
operation there is. Data is read far more often
than it is written.

Here's are the steps for discovering select
statements under Linux. Translate these steps
to your favorite operating system as best you
can.

  1. Mirror the entire website to your hard
    drive.
  2. Go to the topmost directory of the
    mirror.
  3. Prepare to use the grep command
    to find select statements.
  4. Use the grep command to search
    for select statements in every directory
    and sub-directory until you run out of
    directories (folders).
  5. If you find no select statements,
    assume the website has no database.

Here's a possible sequence of grep commands
you may wish to try:

grep -ic select * | grep -v "0$"
grep -ic select */* | grep -v "0$"
grep -ic select */*/* | grep -v "0$"
grep -ic select */*/*/* | grep -v "0$"

Do you see a pattern? Starting with the
topmost directory, we go through each
subdirectory level until the shell comes
back with an error message saying that
file pattern matching is no longer finding
files. The error message tells us we are
done.

What about the zero followed by a dollar
sign at the end of the second grep? This
is a regular expression that, in this
case, says don't give me any noise.
In this case, noise is files that contain
no select statements. More precisely,
this regular expression filters out files
that match zero occurrences of select.

What about the -i option?. This means
ignore case since select statements are
case insensitive. Select can be all caps or
all lowercase or any mixture of the two.

What about the -c option?. This is
there to provide a count of the number of
lines that select appears in. The -ic
is the -i in combination with the
-c.

It's by using simple techniques that you
find answers quick.

Ed Abbott
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)