Chapter 5 - SQL-Injection-NK.pdf

•

0 gefällt mir•21 views

Waad Waad

SQL-Injection

Technologie

Introduction
 What is SQL Injection?
 Real World Examples
 Important SQL Syntax
 Example Website
 Prevention
2

What is SQL Injection?
 Code Injection Technique
 Exploits Security Vulnerability
 Targets User Input Handlers
3

Real World Examples
 On August 17, 2009, the United States Justice
Department charged an American citizen Albert
Gonzalez and two unnamed Russians with the theft
of 130 million credit card numbers using an SQL
injection attack.
 In 2008 a sweep of attacks began exploiting the
SQL injection vulnerabilities of Microsoft's IIS web
server and SQL database server. Over 500,000 sites
were exploited.
4

SQL injection examples
There are a wide variety of SQL injection vulnerabilities, attacks, and
techniques, which arise in different situations. Some common SQL
injection examples include:
 Retrieving hidden data, where you can modify an SQL query to return
additional results.
 Subverting application logic, where you can change a query to
interfere with the application's logic.
 UNION attacks, where you can retrieve data from different database
tables.
 Examining the database, where you can extract information about
the version and structure of the database.
 Blind SQL injection, where the results of a query you control are not
returned in the application's responses.
https://portswigger.net/web-security/sql-injection
13

Important Syntax
COMMENTS: --
Example: SELECT * FROM `table` --selects everything
LOGIC: ‘a’=‘a’
Example: SELECT * FROM `table` WHERE ‘a’=‘a’
MULTI STATEMENTS: S1; S2
Example: SELECT * FROM `table`; DROP TABLE `table`;
14

Example Website
timbo317
cse7330
SELECT * FROM `login` WHERE `user`=‘timbo317’ AND `pass`=‘cse7330’
17

Login Database Table
user pass
timbo317 cse7330
What Could Go Wrong??
18

Example Hack
’ OR ‘a’=‘a
’ OR ‘a’=‘a
SELECT * FROM `login` WHERE `user`=‘’ OR ‘a’=‘a’ AND `pass`=‘’ OR ‘a’=‘a’
19

It Gets Worse!
’; DROP TABLE `login`; --
SELECT * FROM `login` WHERE `user`=‘’; DROP TABLE `login`; --’ AND `pass`=‘’
20

All Queries are Possible
SELECT * FROM `login` WHERE `user`=‘’; INSERT INTO
`login` ('user','pass') VALUES ('haxor','whatever');--’ AND
`pass`=‘’
SELECT * FROM `login` WHERE `user`=‘’; UPDATE `login`
SET `pass`=‘pass123’ WHERE `user`=‘timbo317’;--’ AND
`pass`=‘’
21

Live Demonstration
How Can You Prevent This??
35

Prevention
 Logic to allow only numbers / letters in username and password.
 How should you enforce the constraint?
SERVER SIDE.
 ‘ESCAPE’ bad characters.
’ becomes ’
 READ ONLY database access.
 Remember this is NOT just for login areas!
NOT just for websites!!
36

Works Cited
 (SQL Injection Walkthrough)(SQL Injection)(SQL Injection)
 Friedl, S. (2009, 10 26). SQL Injection Attacks by Example.
Retrieved from Steve Friedl's Unixwiz.net Tech Tips:
http://unixwiz.net/techtips/sql-injection.html
 IBM Informix Guide to SQL: Syntax. (n.d.). Retrieved 10 26, 2009,
from IBM.COM:
http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?t
opic=/com.ibm.sqls.doc/sqls36.htm
 SQL Injection. (n.d.). Retrieved 10 26, 2009, from SQL Server 2008
Books Online: http://msdn.microsoft.com/en-
us/library/ms161953.aspx
 SQL Injection. (n.d.). Retrieved 10 26, 2009, from php.net:
http://php.net/manual/en/security.database.sql-injection.php
 SQL Injection Walkthrough. (n.d.). Retrieved 10 26, 2009, from
Securiteam:
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
37

Weitere ähnliche Inhalte

Ähnlich wie Chapter 5 - SQL-Injection-NK.pdf

Sql injection

Ashok Kumar

Sql injection - security testing

Napendra Singh

This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and more. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.

Hacking Your Way to Better Security - PHP South Africa 2016

Colin O'Dell

The goal of this talk is to educate developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, session hijacking, and insecure direct object references. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. Once we've established an understanding of how these attacks work, we'll look at concrete steps you can take to secure web applications against such vulnerabilities. The knowledge gained from this talk can also be used for participating in "Capture the Flag" security competitions.

Hacking Your Way To Better Security - Dutch PHP Conference 2016

Colin O'Dell

DEF CON 27 -OMER GULL - select code execution from using sq lite

Felipe Prado

Hacking Your Way To Better Security

Colin O'Dell

How to identify and prevent SQL injection

Eguardian Global Services

SQL injection Colombo Cybersecurity Meetup

Janith Malinga

Advanced Topics On Sql Injection Protection

amiable_indian

SQL injection is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.

Module 14 (sql injection)

Wail Hassan

Ppt on sql injection

ashish20012

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto

Pichaya Morimoto

DEFCON 23 - Lance buttars Nemus - sql injection on lamp

Felipe Prado

This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We will explore several of the OWASP top 10 attack vectors, such as SQL injection, XSS, CSRF, and session hijacking. Each topic will be approached from the perspective of an attacker to learn how these vulnerabilities are detected and exploited using several realistic examples. We will then apply this knowledge to learn how web applications can be secured against such vulnerabilities.

Hacking Your Way To Better Security - php[tek] 2016

Colin O'Dell

$D:\Technical\Ppt\Sql Injection$ $D:\Technical\Ppt\Sql Injection$

D:\Technical\Ppt\Sql Injection

avishkarm

Share Favorite Favorited X Download More... Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel Edit your favorites Cancel Send to your Group / Event Select Group / Event Add your message Cancel Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com Without related presentations 0 commentsPost a comment Post a comment .. Embed Video Subscribe to follow-up comments Unsubscribe from followup comments . Edit your comment Cancel .Notes on slide 1 no notes for slide #1 no notes for slide #1 ..Favorites, Groups & Events more How "·$% developers defeat the web vulnerability scanners - Presentation Transcript 1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica 2.Agenda 1.- Introduction 2.- Inverted Queries 3.- Arithmetic Blind SQL Injection 4.- Time-Based Blind SQL Injection using Heavey Queries 5.- Conclusions 3.1.-Introduction 4.SQL Injection is still here among us 5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs 6.Need to Improve Automatic Scanning Not always a manual scanning is possible Time Confidentiality Money, money, money… Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools. 7.2.-Inverted Queries 8. 9.Homers, how are they? Lazy Bad trainined Poor Experience in security stuff Don´t like working Don´t like computing Don´t like coding Don´t like you! 10.Flanders are Left-handed 11.Right SELECT UID FROM USERS WHERE NAME=‘V_NAME’ AND PASSWORD=‘V_PASSW’; 12.Wrong? SELECT UID FROM USERS WHERE ‘V_NAME’=NAME AND ‘ V_PASSW’=PASSWORD 13.Login Inverted Query Select uid From users where ‘v_name’=name and ‘v_pass’=password http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1 Select uid From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password  FAIL 14.Login Inverted SQL Injection an example Select uid From users where ‘v_name’=name and ‘v_pass’=password http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica Select uid From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password  Success 15.Blind Attacks Attacker injects code but can´t access directly to the data. However this injection changes the behavior of the web application. Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data. Blind SQL Injection Biind Xpath Injection Blind LDAP Injection 16.Blind SQL Injection Attacks Attacker injects: “ True where clauses” “ False where clauses“ Ex: Program.php?id=1 and 1=1 Program.php?id=1 and 1=2 Program doesn’t return any visible data from database or data in error messages. The attacker can´t see any data extracted from the database. 17.Blind SQL Injection Attacks Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”: Different hashes Different html structure Different patterns (keywords) Different linear ASCII sums “ Different behavior” By example: Response Time 18.Blind SQL Injection Attacks If any difference exists, then: Attacker can extract all information from database How? Using “booleanization” MySQL: Program.php?id=1 and 100>(ASCII(Substring(user(),1,1))) “ True-Answer Page” or “False-Answer Page”? MSSQL: Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers) Oracle: Program.php?id=1 and 100>(Select ASCII(Sub

How "·$% developers defeat the web vulnerability scanners

Chema Alonso

Out-of-band SQL Injection Attacks (#cypsec'17)

Ömer Çıtak

03. sql and other injection module v17

Eoin Keary

PHP Secure Programming

Balavignesh Kasinathan

Prevention of SQL Injection Attack in Web Application with Host Language

IRJET Journal

Ähnlich wie Chapter 5 - SQL-Injection-NK.pdf (20)

Sql injection

Sql injection - security testing

Hacking Your Way to Better Security - PHP South Africa 2016

Hacking Your Way To Better Security - Dutch PHP Conference 2016

DEF CON 27 -OMER GULL - select code execution from using sq lite

Hacking Your Way To Better Security

How to identify and prevent SQL injection

SQL injection Colombo Cybersecurity Meetup

Advanced Topics On Sql Injection Protection

Module 14 (sql injection)

Ppt on sql injection

SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto

DEFCON 23 - Lance buttars Nemus - sql injection on lamp

Hacking Your Way To Better Security - php[tek] 2016

$D:\Technical\Ppt\Sql Injection$ $D:\Technical\Ppt\Sql Injection$

D:\Technical\Ppt\Sql Injection

How "·$% developers defeat the web vulnerability scanners

Out-of-band SQL Injection Attacks (#cypsec'17)

03. sql and other injection module v17

PHP Secure Programming

Prevention of SQL Injection Attack in Web Application with Host Language

Kürzlich hochgeladen

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Manulife - Insurer Innovation Award 2024

The Digital Insurer

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

GenAI Risks & Security Meetup 01052024.pdf

lior mazor

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

Following the popularity of "Cloud Revolution: Exploring the New Wave of Serverless Spatial Data," we're thrilled to announce this much-anticipated encore webinar. In this sequel, we'll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you're building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Safe Software

Tata AIG General Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

A Principled Technologies deployment guide Conclusion Deploying VMware Cloud Foundation 5.1 on next gen Dell PowerEdge servers brings together critical virtualization capabilities and high-performing hardware infrastructure. Relying on our hands-on experience, this deployment guide offers a comprehensive roadmap that can guide your organization through the seamless integration of advanced VMware cloud solutions with the performance and reliability of Dell PowerEdge servers. In addition to the deployment efficiency, the Cloud Foundation 5.1 and PowerEdge solution delivered strong performance while running a MySQL database workload. By leveraging VMware Cloud Foundation 5.1 and PowerEdge servers, you could help your organization embrace cloud computing with confidence, potentially unlocking a new level of agility, scalability, and efficiency in your data center operations.

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Principled Technologies

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

Kürzlich hochgeladen (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

AWS Community Day CPH - Three problems of Terraform

Manulife - Insurer Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

GenAI Risks & Security Meetup 01052024.pdf

🐬 The future of MySQL is Postgres 🐘

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Apidays New York 2024 - The value of a flexible API Management solution for O...

How to Troubleshoot Apps for the Modern Connected Worker

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Tata AIG General Insurance Company - Insurer Innovation Award 2024

Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...

Strategies for Landing an Oracle DBA Job as a Fresher

Artificial Intelligence Chap.5 : Uncertainty

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Chapter 5 - SQL-Injection-NK.pdf

1. Database Security Chapter 5 -2: SQL Injection Prof. Naoufel Kraiem 2022 1

2. Introduction  What is SQL Injection?  Real World Examples  Important SQL Syntax  Example Website  Prevention 2

3. What is SQL Injection?  Code Injection Technique  Exploits Security Vulnerability  Targets User Input Handlers 3

4. Real World Examples  On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack.  In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited. 4

5. 5

6. SQL injection 6

7. 7

8. 8

9. 9

10. 10

11. 11

12. 12 d d d d d

13. SQL injection examples There are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which arise in different situations. Some common SQL injection examples include:  Retrieving hidden data, where you can modify an SQL query to return additional results.  Subverting application logic, where you can change a query to interfere with the application's logic.  UNION attacks, where you can retrieve data from different database tables.  Examining the database, where you can extract information about the version and structure of the database.  Blind SQL injection, where the results of a query you control are not returned in the application's responses. https://portswigger.net/web-security/sql-injection 13

14. Important Syntax COMMENTS: -- Example: SELECT * FROM `table` --selects everything LOGIC: ‘a’=‘a’ Example: SELECT * FROM `table` WHERE ‘a’=‘a’ MULTI STATEMENTS: S1; S2 Example: SELECT * FROM `table`; DROP TABLE `table`; 14

15. Example Website 15

16. 16

17. Example Website timbo317 cse7330 SELECT * FROM `login` WHERE `user`=‘timbo317’ AND `pass`=‘cse7330’ 17

18. Login Database Table user pass timbo317 cse7330 What Could Go Wrong?? 18

19. Example Hack ’ OR ‘a’=‘a ’ OR ‘a’=‘a SELECT * FROM `login` WHERE `user`=‘’ OR ‘a’=‘a’ AND `pass`=‘’ OR ‘a’=‘a’ 19

20. It Gets Worse! ’; DROP TABLE `login`; -- SELECT * FROM `login` WHERE `user`=‘’; DROP TABLE `login`; --’ AND `pass`=‘’ 20

21. All Queries are Possible SELECT * FROM `login` WHERE ùser`=‘’; INSERT INTO `login` ('user','pass') VALUES ('haxor','whatever');--’ AND `pass`=‘’ SELECT * FROM `login` WHERE ùser`=‘’; UPDATE `login` SET `pass`=‘pass123’ WHERE ùser`=‘timbo317’;--’ AND `pass`=‘’ 21

22. 22

23. 23

24. 24

25. 25

26. 26

27. 27

28. 28

29. 29

30. 30

31. 31

32. 32

33. 33

34. 34

35. Live Demonstration How Can You Prevent This?? 35

36. Prevention  Logic to allow only numbers / letters in username and password.  How should you enforce the constraint? SERVER SIDE.  ‘ESCAPE’ bad characters. ’ becomes ’  READ ONLY database access.  Remember this is NOT just for login areas! NOT just for websites!! 36

37. Works Cited  (SQL Injection Walkthrough)(SQL Injection)(SQL Injection)  Friedl, S. (2009, 10 26). SQL Injection Attacks by Example. Retrieved from Steve Friedl's Unixwiz.net Tech Tips: http://unixwiz.net/techtips/sql-injection.html  IBM Informix Guide to SQL: Syntax. (n.d.). Retrieved 10 26, 2009, from IBM.COM: http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?t opic=/com.ibm.sqls.doc/sqls36.htm  SQL Injection. (n.d.). Retrieved 10 26, 2009, from SQL Server 2008 Books Online: http://msdn.microsoft.com/en- us/library/ms161953.aspx  SQL Injection. (n.d.). Retrieved 10 26, 2009, from php.net: http://php.net/manual/en/security.database.sql-injection.php  SQL Injection Walkthrough. (n.d.). Retrieved 10 26, 2009, from Securiteam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html 37

Chapter 5 - SQL-Injection-NK.pdf

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Chapter 5 - SQL-Injection-NK.pdf

Ähnlich wie Chapter 5 - SQL-Injection-NK.pdf (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Chapter 5 - SQL-Injection-NK.pdf