Advertisement
SQL Injection for Beginner's: It's Hammertime
Report
Brigitte Lewis, PhDFollow
Feb. 20, 2020•0 likes•139 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Check these out next
SQL Injection for Beginner's: It's Hammertime
Feb. 20, 2020•0 likes•139 views
0 likes
Be the first to like this
Show More
views
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download to read offline
Report
Technology
Turn on breakfast news and chances are you'll hear about the latest data breach. Another database has been dumped and another million people have had their credit card details stolen. How'd they do it? SQL Injection. SQL Injection is a common vulnerability found in websites and mobile applications. I'll introduce you to it, how it works, how to do it yourself and how to fix it. There will be classic hits, select memes and enough info so that when you get home you can take down your own website and make it rain data. Check out the full version with hilarious giph's and some sweet tunes here: https://youtu.be/TTkOo9-0wMk
Brigitte Lewis, PhDFollow
Advertisement
Advertisement
Advertisement
Recommended
The Student's Guide to LinkedInLinkedIn
Different Roles in Machine Learning CareerIntellipaat
Defining a Tech Project Vision in Eight Quick Steps pdfTechSoup
The Hero's Journey (For movie fans, Lego fans, and presenters!)Dan Roam
10 Inspirational Quotes for GraduationGuy Kawasaki
The Health Benefits of DogsThe Presentation Designer
SQL Injection for Beginner's: It's Hammertime
- Dr. Brigitte Lewis It’s Hammertime: SQL Injection For Beginners @briglewis #CyberCon #W0m3nWh0HackM3lb0urn3 @deloitte #projectfreidman
- 1
- Candid footage of me on a Sunday morning
- 3
- 4
- 5
- SELECT
- blind
- SQL Injection
- 9 Dewey Decimal System Hashtags FML ?
- What You’re Going to Learn • Checking for SQL Injection Vulnerabilities is quick and you can do it too! • How to execute a SQL Injection • How to fix SQL vulnerabilities
- Why SQL Injection (SQLi?)
- 15 What is Truth?
- 19
- 20
- 21
- 27 • SQL Injection is the act of querying or sending requests, otherwise known as questions, to a database. • Know Thy Database. Creating a Conversation with the Database
- From the table called users, check that the username Jo@influencer4lyfe.com.au is there and that Jo's password which is Influencerlyfe2019! also matches the password Jo supplied. Speaking in Database Tongue
- 30 SELECT * FROM Users WHERE user = Jo@influencer4lyfe.com.au and password = influencerlyfe2019! SQL Query 101
- 31 7 Steps to SQLi Heaven
- 32 1. Get the Database Language
- 33 1.1 Identify the Database Language Error Based SQL Injection
- SQLi Hunting in the Wilds of the Internet Google Dorks Query Format for advanced search in Google where-you-want-to search:keyword inurl: php?id= inurl – Get URL’s or website addresses
- Google Dorks Results
- SQLi Hunting in the Wilds of the Internet
- 37 Statement / Equation True or False 1 + 1= 2 True 2 +2 = 4 True 1=1 a=a True True Speaking in Truths
- 38 ' OR ‘1’ = ‘1 The Classic SQL Injection (SQLi)
- 39 1.2 Login without a username or password
- 40 2. Get the Contents of the Database You’re Currently Talking To
- 42 Database 101 ID Username Password Signature 1 admin adminpass g0t r00t? 2 adrian somepassword Zombie Films Rock! 3 john monkey ###### 4 jeremy password ###### 5 bryce password ###### 6 samurai samurai ###### 7 jim password ###### 8 bobby password ###### 9 simba password ###### ID Credit Card 1 543556770082 2 543599755432 3 543554332153 4 543555588882 5 543525252183 6 543576464648 7 5435111172934 8 543523232902 9 5435116373849
- 3. Count the columns to speak to other tables in the database (using ORDER BY) %3d is the = sign in URL language
- 3.1 Count the columns to speak to other tables in the database ‘ ORDER by 1# ‘ ORDER by 2# ‘ ORDER by 3# 3 Columns in the table
- 45 4. Checking for the vulnerable column
- 46 4. Checking for the vulnerable columns
- 47 4.2 Checking for the vulnerable column
- 48 5. Get the Database Version +union select 1,version(),3
- 49 6. Get the Database Name +union select database(),2,3
- 50 'UNION SELECT 1, group_concat(table_name) from information_schema.tables where table_schema=database()%23 7. Get all the other database names to talk to them too
- 51 3. Count the columns to speak to other tables in the database 4. Check for the vulnerable column 5. Get the database version 6. Get the database name 7. Get all the other database names to talk to them too. 1. Get the database to tell you the language it speaks 7 Steps to SQLi Heaven 2. Get the contents of the database you’re currently talking to
- Enter SQLi Heaven
- 54 Fixing SQL Vulnerabilities 1. Never Trust the User - Validate all input on the user and server side
- 2. Input sanitisation - Clean it up before it is sent to the database
- 3. Parameterisation or pre-prepared statements.
- Thank-you for listening! That was: It’s Hammertime: SQL Injection For Beginners #CyberCon #W0m3nWh0HackM3lb0urn3 @Deloitte Dr. Brigitte Lewis | @briglewis I am
Editor's Notes
- https://www.youtube.com/watch?v=8gbqued-9VQ
- Table name and database name
- Source: https://jqueryform.github.io/posts/html5-form-features-6.html
- https://www.youtube.com/watch?v=q8WSdypJ4WA
Advertisement