SQL injection for Apach HTTP server

ang3lus used Ask the Experts™
as i read in security sites, there is a dramatic increase in security issues like vulnerabilities that allow attacker to use them in bad ways. one of the newest threat that i read is vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 for Apache server which allow hackers to perform sql injection.

can any one explain how this threat happened and how attacker or hacker use it to start attack ?
Much prefer comments than links. most websites that i found in Google  don't mention enough information.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

This is a "HOW TO HACK" question.

If you wanna know more about these things, you may attend SAN's GPEN course or CEH course , so that you can get more information about these tricks, so that you can do your own Vulnerability analysis/Pentests to protect your Server.

By the way, You should think of deploying a Web Application Firewall which can protect you to an extend from these kind of threats.



i am not ask about hacking. i am just need help to find good source to analysis this vulnerability. and suggested solution to mitigate risk.


1. Make sure that you always have the latest Patches installed.
2. Conduct periodic External Penetration Testing on your site/systems/db
3. Input Validation and Output sanitation is a must while developing interfaces.

4. Also, As I mentioned earlier, Web Application Firewalls can protect you to an extend.

Eg. Barracuda WAF - http://www.barracudanetworks.com/ns/products/web-site-firewall-overview.php

You may also visit the following site to know more about known and resolved security vulnerabilities of mysql.


Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial