How to detect tautologies injection attacks

Question

I'm working on a new method to preventing sql injection attacks which its type is "tautology attack".

How can I detect a tautology bug in a web application? I mean, I want a way to test my method and at last obtain a statistic that shows my method capability like Acunetix that shows the Blind Attacks.

How can I do it and compare my method?

best respects

Answer 1

Tautology: In the tautology attack the attacker tries to use a conditional query statement to be evaluated always true. Attacker uses WHERE clause to inject and turn the condition into a tautology which is always true. The simplest form of tautology

Example

       SELECT *FROM Accounts WHERE user=’’or1=1—
      ‘AND pass=’’AND eid=

The result would be all the data in accounts table because the condition of the WHERE clause is always true.

To Detect: As far I think their is no specific method to check, but you can give input in a such way to test it.(like shown above)

To Protect:

1. Always use Parametrized query
2. Also restrict user to input special character like " ' "(single quote) and other which are used to build query.

Hope it Helps..!!

Answer 2

You can avoid the whole problem by not using raw SQL in your code. You should at a minimum be using a parameterised query builder or stored procedures. Better yet, use an Object-Relational Mapper like Entity Framework, PetaPOCO or CakePHP.

Further to that, if you're expecting to return only one result, use

SELECT TOP 1

or

LIMIT 1,0

Depending on your DB.