Volume 1, Issue 1, 2021
Articles

MD5( ) Bypassing Through SQL Injection

PDF
  • Rakesh P. V.,
  • Selwyn Paul J.
Rakesh P. V.
Department of Computer Science, St.Josephs Arts and Science (Autonomous), Bangalore
Selwyn Paul J.
Assistant Professor, Department of Computer Science, St.Josephs Arts and Science (Autonomous), Bangalore
DOI: https://doi.org/10.59176/kjcs.v1i1.2185

Published 2021-01-28

Keywords

  • SQLI, OWASP,, MD5, Hash-Basher, SHA1, SHA2, CRC, SQl Fiddle.

How to Cite

P. V., R., & J., S. P. (2021). MD5( ) Bypassing Through SQL Injection. Kristu Jayanti Journal of Computational Sciences (KJCS), 1(1), 83–88. https://doi.org/10.59176/kjcs.v1i1.2185
Crossref
Scopus
Google Scholar
Europe PMC

Abstract

Web-based application attacks are growing dramatically in number and severity. They found that web applications that are poorly validated and verified are susceptible to attacks by the attacker. network related SQL attacks. The MD5 (message digest algorithm) hashing method is a one-way cryptographic function that accepts any text field as input and produces a fixed-length digest value that may be used to identify the original message as output. Most security experts advise replacing the MD hash algorithm with a much more secure message digest. ”Because of these collisions, a hacker or malicious user may construct files with almost the same exact hash as another, making it difficult to be certain that the file has not been interfered with. As a result, it should not be utilised for anything. Developers should instead use a Solid Cryptographic Hash function or a Symmetric Cryptographic Algorithm. this research paper demonstrates how md5 function in php can be bypassed when its parameter is set to ”TRUE” ie.,[ md5( ’x’, TRUE)], this makes the hashing value(x) to be raw bytes than hexa-coded value which is much more easier to inject a SQL Statement and retrieve the original String. The above is demonstrated using SQL Fiddle in which a sample php code value fields are hashed and when its md5() is set to TRUE ,how SQLI bypasses md5().The best approach for solving above problem is to use symmetric hash function like Sha1() , sha2(),CRC which does multiple layer of hashing and when using md5() not to set its parameter to” TRUE”.

PDF

Downloads

Download data is not yet available.

References

[1] A STUDY ON SQL INJECTION TECHNIQUES 1Rubidha Devi.D* , 2R.Venkatesan, 3Raghuraman.K Rubidha Devi.D* et al. /International Journal of Pharmacy Technology IJPT— Dec-2016 — Vol. 8 — Issue No.4 — 22405-22415 Page 22405 ISSN: 0975-766X CODEN: IJPTFI.

[2] Tadeusz Pietraszek and Dhris Vanden Berghe., “Defending against Injection Attacks through Context-Sensitive String Evaluation”, Proceedings of Recent Advances in Intrusion Detection (RAID2005).

[3] Mei Junjin, “An Approach for SQL Injection Vulnerability Detection,” Proc. of the 6th Int. Conf. on Information Technology: New Generations, Las Vegas, Nevada, pp. 1411-1414, Apr. 2009.

[4] Z. Yong-Xia and Z. Ge, ”MD5 Research,” 2010 Second International Conference on Multimedia and Information Technology, 2010, pp. 271-273, doi: 10.1109/MMIT.2010.186.

[5] SQLiDDS: SQL injection detection using document similarity measure August 2016, Journal of Computer Security.

[6] Shrivastava, Gaurav, and Kshitij Pathak. ”SQL injection attacks: Technique and prevention mechanism.” International Journal of Computer Applications 69.7 (2013).

[7] Andodariya, Vishal, and Shaktisinh Parmar. ”A Tokenization and Encryption based Multi-Layer Architecture to Detect and Prevent SQL Injection Attack.” American International Journal of Contemporary Scientific Research 2.5 (2015): 01-06.