Barcode Attacks
You know what a barcode is.
And at least I have thought about this a long time now.
Injections through barcodes.
So i came up with this scenario.
I believe the products of supermarkets, and loads of other stores, save their products in some kind of database.
If we then, could change that code to an inproper query, could we then be able to exploit the back-end database?
Actully, i got no clue. But in believe it would be possible, as long as they don’t sanitize their database input.
So, what to do?
The result would be that the overall query returned 0.
Yes, the price would be set to 0.
All possible attack scenarios might work by this somewhat obscure technique.
…All from XSS’es, CSRF’s, LFI’s, RFI’s…
Trippy huh?
For your enjoyment, I’ve set up a new sub-domain for you to play around with;
http://barcode.ackack.net/
It allows you to craft your own barcodes, like the one i made a few lines up.
Oh yeah, a little bird whispered something.
These attacks are possible in the wild, and several web-services are vulnerable through this invalid, yet valid media.
And at least I have thought about this a long time now.
Injections through barcodes.
So i came up with this scenario.
I believe the products of supermarkets, and loads of other stores, save their products in some kind of database.
If we then, could change that code to an inproper query, could we then be able to exploit the back-end database?
Actully, i got no clue. But in believe it would be possible, as long as they don’t sanitize their database input.
So, what to do?
- Go save this picture:
SQL Injected Barcode - Print it out.
- Get a scissor, and cut off the “-1 UNION ALL SELECT 0” field.
- Go grab some tape!
- Apply the barcode and the roll of tape in your pocket.
- Go to the closest grocery store.
- Take a bottle of Coke (or whatever fits you).
- Apply your (mine?) barcode over the coke’s, by using the tape.
- Try to buy it.
- ???
- Possible profit.
SELECT price FROM products WHERE id=decoded_barcode…our image would then nullify the first query, and execute the UNION SELECT one, and return it.
The result would be that the overall query returned 0.
Yes, the price would be set to 0.
All possible attack scenarios might work by this somewhat obscure technique.
…All from XSS’es, CSRF’s, LFI’s, RFI’s…
Trippy huh?
For your enjoyment, I’ve set up a new sub-domain for you to play around with;
http://barcode.ackack.net/
It allows you to craft your own barcodes, like the one i made a few lines up.
Oh yeah, a little bird whispered something.
These attacks are possible in the wild, and several web-services are vulnerable through this invalid, yet valid media.
0 comments:
Post a Comment