Description

An error-based attack is based on errors emitted by the database server, which allows understanding the database structure and exfiltrating database content.

Impact

- Allow an attacker to interfere with the queries that an application makes to its database. - Retrieve information from the database an even extract data. - Affect the authentication and authorization aspects of the application. - Steal sensitive information stored in databases.

Recommendation

- Use of prepared statements (with parameterized queries). - Use of stored procedures. - Enforcing the least privilege.

Threat

Anonymous attacker from an intranet.

Expected Remediation Time

⏱️ 60 minutes.

Requirements

Fixes