Apache, the world’s widely used web server software, has been a victim of notorious vulnerabilities time and again. These vulnerabilities render the server prone to various form of malicious attacks and other internet frauds leading to information theft and loss. While Apache regularly releases updates for its vulnerable versions, following Apache vulnerabilities have gained infamy for their potential imperilment to users.
OpenMeetings SQL Injection Vulnerability
The Apache OpenMeetings version 1.0.0 was found vulnerable to an SQL Injection Vulnerability (CVE-2017-7681), rendering it potential to information disclosure. To exploit the vulnerability, the attacker will require being logged into the system such as at a command line or via a desktop session or web interface. Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.
OpenMeetings is one of the most popular virtual meetings software, widely used for online presentations, online training, web conferencing, and user desktop sharing. Its widespread usage imparts risk to the structure of the existing query and the risk of leaking the structure of other queries being made by the application in the back-end.
The immediate remediation is to upgrade to Apache OpenMeetings 3.3.0
If you are looking for a security solution for your website(custom coded or CMS), Astra Firewall will safeguard your website 24×7 from XSS, LFI, RFI, SQL injection, bad bots and 80+ other threats.
What is SQL? and What is SQL Injection?
SQL is a structured query language. Used to interact and to manipulate the database.
SQL Injection is a code injection technique used to attack data-driven applications by inserting malicious SQL statements into the execution field. The database is a vital part of any organization. This is handled by high-level security in an organization. Let us first learn what is SQL.
What SQL does exactly?
- Create a new database.
- Insert, update, delete records.
- Create new queries.
- Stored procedures.
- Create views.
- Execute queries.
- Set permissions.
The SQL injection is one of the top security threats. This comes under cyber crime.
In SQL we have a concept called SQL Injection. This technique is used to inject the code. SQLi (SQL injection is also known as a type of hacking i.e. injection attack.) It is also known as web hacking technique.
This injection injects malicious code into the database by giving input at a web page. These inputs are having some conditi0ons, which are always true. With these conditions, hackers easily pass security tests. They can easily get data from SQL database. With SQL Injection they can add, modify, and delete records in the database. That database may be anyone among MySQL, SQL Server, Oracle, SQL Server, etc. is illegal.
If a website or an application is poorly designed then these attacks may harm the entire system. At this point, cybersecurity comes into the picture.
The Behavior of SQL Injection
These attacks generally work on dynamic SQL statements. The SQL injection is a database engine dependent.
This differs from engine to engine. When we ask for input to the user on the webpage like username and password. Unintentionally we are giving the user access to give that input directly into the database.
Types of SQL Injection
- In-band SQL injection (Classic SQL injection): In this technique, the hacker uses the same way to hack the database and get the data i.e. result from the database.
- Error-based SQL injection: In this type, the hacker gets the error pattern of the database and access it. We can say this is the one type of in-band SQL injection.
- Union-based SQL injection: This technique is also a part of in-band SQL injection. In this technique, the user combines the query and get the result back as some part HTTP response.
- Inferential SQL injection (Blind SQL injection): As the name suggests, here hacker does not use the band to get data from the database. Hacker has the capability to change the structure of the database by observing patterns of the database. This is a very dangerous type of SQL injection. This attack takes longer time to execute. Hacker is not able to see the output of attack by this technique.
- Boolean-based (content-based) Blind SQL injection: This is a part of Inferential SQL injection. In this technique hacker forces to the database to fetch result based on true or false condition. Depending upon this condition result of HTTP response gets changed. This kind of attack to infer if the payload used returned true or false, even though no data from the database is returned back. These especially slow attacks.
- Time-based Blind SQL injection: This technique is also the part of Inferential SQL injection. This technique is used by hackers to put the payloads. In these technique hackers giving time to the database to execute the query. Meantime hacker gets an idea about the result whether it is true or false. This process of attack is also slow in nature.
- Out-of-band SQL injection: This is a feature based attack. This is not very common. This attack is used by a hacker when hacker needs to use different channels to attack and others to get the result. Out-of-band SQL injection techniques are dependent on the database server’s ability to make DNS or HTTP requests to deliver data to the hacker.
How does it Work?
There are mainly two ways, where the attacker focuses to get data:
- Direct Attack: Directly using the combination of different values. Here hacker put the confirmed input which gives the exact result.
- Research: Analyzing the database by giving different input. Here, the attacker observes the database server responses and decides which attack has to be done.
As we already discussed SQL injection hackers put the condition in the input element which is always true. Please check the following example.
Suppose we have the below query to get employee data from the database:
Select * from employees Where Userid = ‘500’
If we do not have any restriction on the user’s input. Then hackers may use this field to access data from the database easily.
And the query may look like below
Select * from employees where User-id = 500 OR 1=1;
This query will return data from the database because 1=1 will always return true. By this way condition becomes true. This seems vulnerable. This is very dangerous to the organization. For instance, think about the banking sector. Where users are having their net banking details passwords, balance information, etc.
This technique is very easy for the hacker to get information. By simply giving some input to the database.
Hackers get data by simply inserting OR, and = by inserting it into the database.
” or “”=”
” or “”=”
At the server, end query gets executed correctly no error occurs. Also, you may use ‘ OR ‘1’=’1 to get data from the database server.
Now, the question arises, how would we maintain our database security?
And the answer is by using SQL parameters.
By, adding extra parameters at the query when it executes. These attacks are easily preventable by some below techniques.
Stored procedures, prepared statements, Regular expressions, Database connection user access rights, Error messages, etc are the prevention techniques.
One more thing that, we should think, it is also sensible to have different databases for different purposes in the application.
One more thing comes across is testing. Testing the database for the different condition is also the best way.
Creating a database is a crucial part. Having the risk of getting information in hackers hand is not good for any application. So, while creating the database we must follow some easy steps to prevent this loss, a phrase suitable for this is ”Prevention is better than cure”.
Apache Ranger Security Bypass Vulnerability
Apache Ranger has been rendered prone to a security-bypass vulnerability (CVE-2017-7676). Consequently, attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions, which may aid in further attacks. This allows the Policy resource matcher to ignore characters after ‘*’ wildcard character, resulting in the application of affected policies to resources where they should not be applied.
Apache Ranger is a widely employed framework used to enable, monitor and manage comprehensive data security across the Hadoop platform. Although deemed as low severity, effectively. The Security Bypass Vulnerability affects Ranger versions 0.5.1 to 0.7. The immediate remediation is to upgrade to Apache Ranger version 0.7.1 which fixes this issue.
Apache HTTP Server Authentication Bypass Vulnerability
The Apache HTTP Server CVE-2017-3167 Authentication Bypass Vulnerability allows an attacker to bypass authentication mechanism and perform unauthorized actions, leading to further attacks. The versions affected by this vulnerability are Apache HTTP Server 2.2.0 to 2.2.32 and Apache HTTP Server 2.4.0 to 2.4.25
The vulnerability stems from the improper use of the ap_get_basic_auth_pw() function of Apache HTTP server by third-party modules outside the authentication phase of the affected software. Instead, the third-party modules should employ ap_get_basic_auth_components() function.
Safeguards include updating to the fixed version, network access to only trusted users, and employing IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.