When Reversing meet SQL Injection

It’s been a while since i wrote my last thread, life goes fast and the time is always less than before. Anyway lately i found an interesting target that push me up to write few lines about this case.  Someone i knew in a forum has posted a thread regarding a software (an Epson  print cartridges resetter) that use a server validation to work, nothing special but i had some free time and i start working on it.

From a cracker point of view i begin to debug the program looking inside the registration routine to check how the validation works, and if was possible to bypass it.

When i patched the server-check the app seems run fine but i did not have an Epson’s Printer to test it so i thought to take another approach to the problem and collect more infos,  like connection type, protocolserver address and so on, in order to obtain the same result without patching the target. I sniffed few packets during the Server/Client communication and in fact was possible to emulate the server reply so i coded a simple tcp server to accomplish the work but during my testing i see some sql error from the server so i though to try some SQL Injection jutzu and in less then a minute a got it!

The coder of this prog has made 2 fatal errors forgetting to sanityze the input parameter in the SQL statement and also in the client application.

The next time you found a similar server check, rather than start from the reversing would be better to try some SQLi first!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s