• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Introduction to SQL Injection
 

Introduction to SQL Injection

on

  • 2,201 views

 

Statistics

Views

Total Views
2,201
Views on SlideShare
1,980
Embed Views
221

Actions

Likes
1
Downloads
0
Comments
0

4 Embeds 221

http://intellavis.com 208
http://www.linkedin.com 6
https://twitter.com 5
https://si0.twimg.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Introduction to SQL Injection Introduction to SQL Injection Presentation Transcript

    • SQL Injection 101 SQLi
    • SQLi Jason Pubal Contact InformationWebsitewww.intellavis.com/blog Social www.linkedin.com/in/pubalE-Mail Twitter: @pubaljpubal@gmail.com
    • SQLiSQL Injection Outline OWASP Top 10 Web Architecture What is SQLi? Detecting SQLi Exploiting SQLi Preventing SQLi
    • SQLi
    • SQLi
    • SQLi Web Application Basics SELECT *FROM productsWHERE category=‘balls’Get www.MyAwesomeStore.com/buystuff.php?category=balls baseballs soccer balls basketballs blue balls tennis balls
    • SQLi//connect to database$conn = mysql_connect(“localhost”, “username”, “password”);//build sql statement$query = “SELECT userid FROM AppUsers WHERE user=‘$_POST[“username”]’ “ .“AND password = ‘$_POST[“password”]’ “ ;//run query$result = mysql_query($query);//ensure a user was returned$numrows = mysql_num_rows($result);if ($numrows != 0){header(“Location: admin.php”);}else{die(‘Incorrect username or password.’)}
    • SQLiSELECT useridFROM AppUsersWHERE user = ‘jsmith’ AND password = ‘kitteh’ ;
    • SQLiSELECT useridFROM AppUsersWHERE user = ‘jsmith’ AND password = ‘anything’ OR ‘1’ = ‘1’ ;
    • SQLi//connect to database$conn = mysql_connect(“localhost”,“username”, “password”);//build sql statement$query = “SELECT userid FROM AppUsersWHERE user= ‘$_POST[“username”]’ “ .“AND password =‘$_POST[“password”]’ “ ;//run query$result = mysql_query($query);//ensure a user was returned$numrows = mysql_num_rows($result);if ($numrows != 0){header(“Location: admin.php”);}else{die(‘Incorrectusername or password.’)}
    • SQLi Impact•Authentication Bypass: This attack allows an attacker to log on to an application withoutsupplying a valid username and password.•Information Disclosure: This attack allows an attacker to obtain sensitive information thatis contained in a database.•Alter Data: This attack involves the alteration of the contents of a database. This can beused to deface a web page. It can also be used to insert malicious content, like JavaScriptmalware.•Delete Data: This attack allows an attacker to delete information with the intent to causeharm or delete log or audit information that is contained in a database.•Remote Command Execution: Performing command execution through a database canallow an attacker to compromise the host operating system. These attacks often leverage anexisting, predefined stored procedure for host operating system command execution.
    • SQLiVulnerable Sites WhiteHat Security Statistics Report
    • SQLiWeb Application Attacks Web Hacking Incident DB Body Text
    • SQLi Detecting SQLiTesting by Inference Special Characters•If I see this, then this is probably -- Comment everything afterhappening at the back end. /* Begin comment */ End Comment ‘ Mark beginning/end of stringTry to break the application. ; End of SQL statement “ Delimit identifiers•Find the Inputs likely to be generatingdynamic SQL.•Use Input that will create invalid SQL. Type Issues•See if you get errors! use strings instead of numbers add unexpected spaces
    • SQLiSQLi Errors
    • SQLiDetecting SQLi Other Signs HTTP 500 Status Custom Application Errors Timing Differences in Web Page
    • SQLiManual Testing
    • SQLiManual Testing
    • SQLiAutomated Testing Browser Plugins
    • SQLiAutomated Testing Web Application Vulnerability Scanner
    • SQLiAutomated Testing Web Application Vulnerability Scanner
    • SQLiExploitation SQLMAP
    • SQLiPreventing SQLi
    • SQLi Sources / Tools UsedMore about SQLiOWASP - https://www.owasp.org/index.php/SQL_InjectionSQL Injection Attacks and Defense (Amazon) - http://goo.gl/KSUAlWeb Application Vulnerability ScannersZAP – http://code.google.com/p/zaproxy/w3af – http://w3af.sourceforge.net/Browser PluginsTamper Data – https://addons.mozilla.org/en-US/firefox/addon/tamper-data/SQL Inject Me – https://addons.mozilla.org/en-US/firefox/addon/sql-inject-me/Vulnerable Web ApplicationsOWASP Broken Web Apps – http://code.google.com/p/owaspbwa/The BodgeIt Store – http://code.google.com/p/bodgeit/Damn Vulnerable Web Application – http://www.dvwa.co.uk/SQL ExploitationSQLMAP - http://sqlmap.org/Collections of ToolsBacktrack – http://www.backtrack-linux.org/Mantra – http://getmantra.com/
    • THANK YOU FOR COMING Contact Info: jpubal@gmail.com www.intellavis.com/blog Twitter: @pubal