Mysql-Proxy Heuristic SQL Injection Detection

August 5th, 2008 | by Stefan Esser |

MySQL Proxy is a simple program that sits between your client and MySQL server(s) that can monitor, analyze or transform their communication. Its flexibility allows for unlimited uses; common ones include: load balancing; failover; query analysis; query filtering and modification; and many more.”

The flexibility of MySQL Proxy is based on the fact that every aspect is scriptable with Lua. Because I am new to MySQL Proxy and the Lua language I tried to implement a very simple script that waits for incoming SQL queries, tokenizes them and tries to detect SQL Injection heuristically by searching for certain disallowed SQL functions, databases, tables, statements or comments. When an SQL query is believed to contain an SQL injection is it not executed and a “Possible SQL injection” error is returned.

You can grab the detect_sql_injection.lua script at

http://www.suspekt.org/downloads/detect_sql_injection.lua.gz

If you are interested in this and german speaking you might also be interested in next week’s MySQL webinar “Bau sicherer LAMP Anwendungen” where I will not only discuss this little Lua script but also another one that implements SQL injection detection by query structure learning.

  1. 8 Responses to “Mysql-Proxy Heuristic SQL Injection Detection”

  2. By Johny on Aug 5, 2008 | Reply

    Sounds like an Interesting opportunity in SQL Protection specially if you are not able to review all the code running from the database and prevent injection by code maybe just somebody else did.
    Will there be a summary or record of your webinar available, cause i will not be able to visit. Deutsch ist auch okay :-)

  3. By Christopher on Aug 5, 2008 | Reply

    Lua is not an acronym, it’s a portuguese word meaning moon.

  4. By Stefan Esser on Aug 15, 2008 | Reply

    The webinar will be downloadable on the MySQL website. I will post a link to my blog when it is online.

  5. By sibirya on Sep 10, 2008 | Reply

    thank you

  1. 4 Trackback(s)

  2. Aug 15, 2008: Suspekt… » Blog Archive » MySQL-Proxy learning to block SQL-Injection
  3. Aug 21, 2008: Wagner Elias - Database Proxy como ferramenta para segurança de aplicações
  4. Jan 6, 2009: Bookmarks about Proxy
  5. May 11, 2009: SQL-Injektion und Problem mit Anf

Post a Comment