SlideShare ist ein Scribd-Unternehmen logo

Advanced SQL Injection

A
amiable_indian

Victor Chapela

Technologie
1 von 93
Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
What is SQL? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL is a Standard - but... ,[object Object],[object Object],[object Object]
SQL Database Tables ,[object Object],[object Object],[object Object],dthompson dthompson Thompson Daniel 3 qwerty adamt Taylor Adam 2 hello jsmith Smith John 1 Password Login LastName Name userID
SQL Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Manipulation Language (DML) ,[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Definition Language (DDL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Metadata ,[object Object],[object Object],[object Object],[object Object],[object Object]
What is SQL Injection? ,[object Object]
How common is it? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vulnerable Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How does SQL Injection work? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting through Strings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The power of ' ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
If it were numeric? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting Numeric Fields ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection Characters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology
SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
Discovery of Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
2) Information Gathering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
a) Exploring Output Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting information through Error Messages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
b) Understanding the Query ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SELECT Statement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
UPDATE statement ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining a SELECT Query Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Is it a stored procedure? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Tricky Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
c) Determine Database Engine Type ,[object Object],[object Object],[object Object],[object Object],[object Object]
Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
d) Finding out user privilege level ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DB Administrators ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Discover DB structure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Enumerating table columns in different DBs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
All tables and columns in one query ,[object Object]
Database Enumeration ,[object Object],[object Object],[object Object],[object Object],[object Object]
System Tables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Password grabbing ,[object Object],[object Object],[object Object],[object Object]
Create DB Accounts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Grabbing MS SQL Server Hashes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What do we do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting SQL Hashes ,[object Object],[object Object]
Extract hashes through error messages ,[object Object],[object Object],[object Object],[object Object],[object Object]
Brute forcing Passwords ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transfer DB structure and data ,[object Object],[object Object],[object Object],[object Object],[object Object]
Create Identical DB Structure ,[object Object],[object Object],[object Object]
Transfer DB ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
Interacting with the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MS SQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Architecture ,[object Object],[object Object],[object Object],Web Server Web Page Access Database Server Injected SQL Execution! Application Server Input Validation Flaw
Assessing Network Connectivity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Gathering IP information through reverse lookups ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance Full Query ,[object Object],[object Object],[object Object],[object Object],[object Object]
6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Jumping to the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using ActiveX Automation Scripts ,[object Object],[object Object]
Retrieving VNC Password from Registry ,[object Object],[object Object]
7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Hopping into other DB Servers ,[object Object],[object Object],[object Object],[object Object]
Linked Servers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Executing through stored procedures remotely ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Uploading files through reverse connection ,[object Object],[object Object],[object Object],[object Object]
Uploading files through SQL Injection ,[object Object],[object Object],[object Object]
Example of SQL injection file uploading ,[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion Techniques
Evasion Techniques ,[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion and Circumvention ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL Input Validation Circumvention using Char() ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using white spaces ,[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using comments ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using string concatenation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS and Input Validation Evasion using variables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Defending Against SQL Injection
SQL Injection Defense ,[object Object],[object Object],[object Object],[object Object],[object Object]
Strong Design ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input Validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Harden the Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detection and Dissuasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Links ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Advanced SQL Injection Victor Chapela [email_address]

Empfohlen

Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 

Empfohlen

Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
amiable_indian
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
Raghav Bisht
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
Frans Rosén
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
Herman Duarte
 
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraPolyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPra
Mathias Karlsson
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
OWASP Nagpur
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
Teymur Kheirkhabarov
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
Will Schroeder
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
Bernardo Damele A. G.
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 

Was ist angesagt? (20)

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Time based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webserviceTime based CAPTCHA protected SQL injection through SOAP-webservice
Time based CAPTCHA protected SQL injection through SOAP-webservice
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
Polyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPraPolyglot payloads in practice by avlidienbrunn at HackPra
Polyglot payloads in practice by avlidienbrunn at HackPra
 
Sql injection
Sql injectionSql injection
Sql injection
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
Hunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows EnvironmentHunting for Credentials Dumping in Windows Environment
Hunting for Credentials Dumping in Windows Environment
 
Derbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active DirectoryDerbycon - The Unintended Risks of Trusting Active Directory
Derbycon - The Unintended Risks of Trusting Active Directory
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 

Andere mochten auch

Advanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variablesAdvanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variables
DefCamp
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
Imperva
 

Andere mochten auch (16)

SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL injection exploitation internals
SQL injection exploitation internalsSQL injection exploitation internals
SQL injection exploitation internals
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 
Advanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variablesAdvanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variables
 
MySQL For Oracle Developers
MySQL For Oracle DevelopersMySQL For Oracle Developers
MySQL For Oracle Developers
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
 
External XML Entities
External XML EntitiesExternal XML Entities
External XML Entities
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
 
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
 

Ähnlich wie Advanced SQL Injection

Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
ssuserde23af
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
badhanbd
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programming
Rushdi Shams
 

Ähnlich wie Advanced SQL Injection (20)

Advanced sql injection 2
Advanced sql injection 2Advanced sql injection 2
Advanced sql injection 2
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
 
PHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQLPHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQL
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
Advanced sql injection 1
Advanced sql injection 1Advanced sql injection 1
Advanced sql injection 1
 
Asp
AspAsp
Asp
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Oracle notes
Oracle notesOracle notes
Oracle notes
 
ORACLE PL SQL
ORACLE PL SQLORACLE PL SQL
ORACLE PL SQL
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programming
 
working with PHP & DB's
working with PHP & DB'sworking with PHP & DB's
working with PHP & DB's
 
References - sql injection
References - sql injection References - sql injection
References - sql injection
 
References
References References
References
 
Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql tutorial
Sql tutorialSql tutorial
Sql tutorial
 
Sql injection
Sql injectionSql injection
Sql injection
 

Mehr von amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
amiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
 

Mehr von amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 

Kürzlich hochgeladen

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 

Kürzlich hochgeladen (20)

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Advanced SQL Injection

  • 1. Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 19. SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
  • 20. 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 21.
  • 22. 2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
  • 35. More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
  • 36.
  • 37.
  • 38. 3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. 4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. 5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64. 6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 65.
  • 66.
  • 67.
  • 68. 7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93. Advanced SQL Injection Victor Chapela [email_address]