SQL Injection#
Unguard has an SQL injection vulnerability in the profile-service
. You can exploit this via the User profile
setting.
Let's attempt that now.
Exploitation#
To inject an SQL command, you simply need to log into Unguard, go to your profile page and insert a bio using the following text. This will set the text of all users (where their bio is currently unset) to injected
:
If the button says Add Bio
'); UPDATE bio SET bio_text = 'injected' WHERE 1 = 1; --
If the button says Update Bio
' WHERE 0 = 1; UPDATE bio SET bio_text = 'injected' WHERE 1 = 1; --
INSERT INTO
statement.
Result: SQL Injection Blocked#
Success
Dynatrace OneAgent has successfully blocked the SQL injection attack!
To verify that it really has been blocked:
- Click
Home
- Go back to your profile
- You should still see the empty box and
Add bio
text
Validate in Dynatrace#
Let's see how Dynatrace visualises these attack attempts.
In Dynatrace:
- Press
ctrl + k
. Search forattacks
Enlarge Images
Remember, right click and "open in a new tab" to enlarge images
You should see 1/1 Attacks blocked
and 0/1 Attacks exploited
.
View Attack Attempt Details#
Scroll down to the section titled 1 attack detected
and follow the link to see the details of this attack.
Dynatrace provides all the relevant information such as:
- A unique ID for this attack attempt so tracking is easier
- The entrypoint (a user bio page)
- The SQL statement (actual injection attempt)
- The vulnerable line of code and function
SQL Injection Prevented
🎉 Dynatrace OneAgent has prevented an SQL injection attack on your infrastructure.
What's Next?
Feel free to follow some of the other exploit tutorials or if you're finished, head to the cleanup page to cleanup your demo environment.