Daniel Cid, a developer of a cloud-based firewall/proxy system, was surprised to discover that his product was blocking requests from Google-owned IP addresses. This was unusual, because few websites want to block Web crawlers, as search engines are so important as a method of site discovery. Cid and his colleagues strive to make sure that their product’s default rules don’t block Google.
The Google IP address was determined to be legitimate: the traffic was from a Google Web crawler. It was being blocked because it appeared malicious, like it was an attempt at SQL injection. Further examination of the firewall logs showed other, similar requests from Google IP addresses also being blocked.
SQL injection is a technique for exploiting poorly-written Web applications. Applications routinely take parameters embedded in URLs and use them to query databases. Well-written applications do this in a way that ensures that the parameters can never be interpreted as actual SQL commands. Badly-written applications—which are, unfortunately, abundant—do not. This allows attackers to trick the application into executing SQL commands of their choosing. This can compromise both data and entire systems.
SOURCE: arstechnica.com
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.