aka wow on ZATAZ.com
SQL injection against services fingerprinting and informations gathering
After the discovery of a new car license plate type, created to fight, with SQL injection method, the unpopular fixed radar system, mikkohypponen a security specialist has report a funny method to SQL inject services fingerprinting.
The concerned service is the HTTP service of www.reddit.com website. Normally the HTTP service should return things like “Apache” or “ISS”, but here you can find a dedicated fingerprint.
Most of time, fingerprinting method are done with nmap like tools, and the results could be stored into a database. ERIPP is also well know to create a database of 4 Billion routable IP addresses with the associated most common services fingerprints. SHODAN is also a similar database type than ERIPP, how is a computer search engine permitting to find computers running certain software (HTTP, FTP, etc). Imagine that the crawler code has some sql injection flaw… oups your database has gone cause the fingerprint contains some sql injection code 🙂
For Reddit, we have search the “CREATE TABLE servertypes” on Google, and find one services fingerprinting crawler using a database called “servertypes” and targeting Reddit 🙂
Is Reddit protecting him self against information gathering or just an sysadmin funny joke.