This section covers techniques for attacking Sybase servers. These techniques are applicable in a number of situations; for example several of the techniques listed under “SQL Injection” are relevant to any situation in which the attacker can issue arbitrary SQL queries.
Sybase has a particular problem when it comes to SQL Injection, which is partly because of its shared “ancestral” code base with Microsoft SQL Server. Because SQL injection on the Microsoft platform has been so intensely studied, and because Sybase shares many of the same properties that make Microsoft SQL Server particularly vulnerable to SQL injection (batched queries, full sub-select support, exceptionally helpful error messages), it is quite likely that an attacker will be able to “find his way around” even if he doesn't know Sybase that well. Additionally, Sybase provides a whole new set of functionality that could be used by an attacker in the context of a SQL injection attack, the Java integration being one highly significant example.
This section offers a brief SQL Injection refresher, evaluates the effectiveness of well-publicized Microsoft SQL Server attack techniques in a Sybase environment, and then explores some Sybase-specific techniques such as Java-In-SQL and filesystem interaction via proxy tables.
Before we get too deeply involved in the mechanics of SQL injection, we should briefly discuss severity and workarounds. If your Sybase server (and XP service) ...