• Like

Sql Injection Working Example

  • 294 views
Uploaded on

Hi, There are lots of material that a beginner can learn from but to actual try his hands he needs permission to perform sql Injection. In this presentation I am not going to explain about SQL …

Hi, There are lots of material that a beginner can learn from but to actual try his hands he needs permission to perform sql Injection. In this presentation I am not going to explain about SQL Injection, I will let you try it on your own PC. You need to download this Presentation and there you will find everything including PHP files (sample Website to hack).

I would like to have any feedback or comment if there is any need for improvement.
You can contact me any time at the given ID in the last slide.



Thnx everyone.
plz enjoy.


#This is only for educational purpose.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
294
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
7
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SQL InjectionDEMO OF TAUTOLOGY SQL INJECTION
  • 2. INDEX• Definition• Pre-Requisite• Instructions• Create Database• SQL Injection• Prevention
  • 3. DEFINITION : WHAT IS SQL INJECTION• SQL injection is a technique used to take advantage of non validatedinput vulnerabilities to pass SQL commands through a Webapplication for execution by a backed Database
  • 4. PRE-REQUISITE TO PERFORM SQL INJECTION1. Local Machine2. Web Server – IIS (6.2)With Fast CGI3. Application Server – (PHP server)4. Database Server – (MySQL)5. Web Browser (chrome/Mozila)6. Operating System (windows 7 or 8)
  • 5. INSTRUCTIONS1. Install IIS web server from Add/Remove windows feature in control panel with Fast CGI2. Install MySQL Server http://dev.mysql.com/downloads3. Install PHP 5.4 or any http://windows.php.net/download/ (installer –NTS for IIS)4. Install and configure all5. After Installation open IIS and check whether the default web page is working or not: just typehttp://localhost/ and press enter6. Open MySQL Command line (mysql.exe)7. Create Database first (Given in Next Slide)8. Copy and Past all the files given here to your IIS root dir ( inetpubwwwroot )9. Open your Browser and open localhostAction.php10. Execute SQL Injection (Given in second next slide)
  • 6. 1. Open mysql.exe and type the following which is in Red2. Create database Bank; >> show databases;  here you can see the one created now3. Use Bank;  this will set your bank database now we need to create table in this DB4. Create table custbal (CustID SMALLINT, CustNameVARCHAR(40),AddressVARCHAR(40), BalanceDouble, MobNoVARCHAR(40), PassVARCHAR(40) );5. Insert into custbal (CustID, CustName,Address,Balance,MobNo,Pass)Value(’1’,’Bill’,’washington’, ’5000’,’011’, MD5(’one’) ); You must create at least 4 Database of differentID & Name6. Select * from custbal; To see the whole table7. Now you are ready with the database so lets open the url 127.0.0.1action.php8. Now login with following credentials (ID=1, password=one)9. If no error comes you can see the details of User BILL10. Now you are ready to go for SQL InjectionCREATE DATABASE
  • 7. SQL INJECTION1. Enter the Input 1 or 1=1))# as given in the image .2. If every thing goes right you will be able to see all the users in the database.3. You have successfully bypass the password and penetrated to the database of customer on your own machine .Explanation  If you see the SQL query in result.php which is :$result = mysqli_query($con,"SELECT * FROM CustBal where ((CustID=$ID) AND (Pass=$PASS))"); After your Input it will be$result = mysqli_query($con,"SELECT * FROM CustBal where ((CustID= 1 or 1=1))# ) AND (Pass=$PASS))"); Where CustId= ‘1’ or ‘1=1’ will return true and # makes rest of the statement as a comment thus your query will worksame as:Select * from Custbal;Which will return you all the data in database;
  • 8. PREVENTIONhttps://owasp.org/index.php/SQL_Injection_Prevention_Cheat_SheetPrimary defense:1. Use of Prepared Statements (Parameterized Queries) first define all the SQL code, and then pass in each parameter to the query later2. Use of Stored Procedures  Same as above but Uses Database itself3. Escaping all User Supplied Input  remove harmful user input e.g=‘ or # by redefining them e.g ‘ to ’’ or ”Additional Defense:1. Least Privilege2. White List InputValidationFor more detail go to :
  • 9. THANK YOU©Raghavendra ArolePune, INDIAReach me atraghavendra.arole@live.com