pREST SQL Injection (SQLi) Scanner

pREST is an open-source tool designed to simplify the development of REST APIs built on top of PostgreSQL databases. It is employed by developers who seek to accelerate their API development without writing boilerplate code. By utilizing PostgreSQL's robust features, pREST allows for the creation of secure and efficient web services. It is commonly used in projects that require seamless integration with existing PostgreSQL databases. It aids developers by automatically generating RESTful endpoints based on database schema. This tool is ideal for team-based projects where rapid and accurate API generation is required.

The SQL Injection vulnerability in pREST allows attackers to bypass authentication mechanisms by manipulating SQL queries. When exploited, it permits unauthorized access to sensitive data by injecting malicious SQL statements. This vulnerability is critical because it undermines the security model of applications using pREST, potentially leading to data breaches. Attackers can exploit this flaw by targeting endpoints that utilize the vulnerable authentication configuration. The vulnerability arises from improper handling of user input within SQL queries. Properly sanitizing inputs can mitigate the risk associated with this vulnerability.

The technical details of this vulnerability include the misuse of regular expressions in JWT whitelisting configuration, which becomes exploitable when combined with a specific path containing '/auth'. Attackers can craft malicious payloads that exploit these regex patterns in SQL statements to bypass authentication and access restricted areas. The endpoint '/auth' is notably susceptible, as it constructs SQL queries without adequately sanitizing input data. Moreover, the vulnerability allows attackers to execute arbitrary SQL commands under the guise of valid authentication. The typical outcome is unauthorized data access or manipulation within the PostgreSQL database.

If a malicious actor exploits this SQL Injection vulnerability, the potential impacts include unauthorized access to the database, data theft, and alteration. Sensitive user data could be exposed, compromising privacy and compliance. Additionally, the integrity of the database might be compromised, as attackers could alter or delete crucial information. This could lead to a loss of trust from users and regulatory penalties. Moreover, attackers might gain a foothold in the system, pivoting to other parts of the infrastructure. Financial losses and reputational damage are probable if the vulnerability remains unaddressed.

REFERENCES

• https://github.com/advisories/GHSA-wm25-j4gw-6vr3