Setting up a SQL injection honeypot
I just stumbled on a website vulnerable to an SQL injection attack by mistake ( Is this site vulnerable to an SQL injection attack? ).
That made me curious about what is tried and how often an attack attempt comes by on some website.
So I'm thinking it would be coo开发者_开发技巧l to setup a honeypot on my server to see if / how often / using what techniques 'crackers' try to get access to my SQL data.
There are some basic things I can think of to lure them, like:
/login.php / asp url
/adminlogin.php / asp url
A searchform
?id=111 url
with some fake SQL errors when trying to inject some SQL.
Anybody has some more / better suggestion / ideas / whatever to set up a honeypot for SQL injection?
See this article if you want to setup a honey pot, it's got sample data that's injectable.
http://www.webappsec.org/projects/articles/091007.shtml
You can download the installation files here: http://www.webappsec.org/projects/articles/091007.zip
Use an example page that has known vulnerabilities to build your mock up. Most of the drive by injectors and their tools are going to have strings to test for that they know will work on subsets of the vulnerable application space.
For instance: CVE-2011-1546 details one such vuln on something an attacker is likely to find on google. The CVE repos is full of reports such as that, so you've got plenty of pages to build from as examples.
Once you're done getting your honeypot setup, index it on google. Keep it isolated from anything else, and you've got a rudimentary sql injection honeypot.
精彩评论