Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

SQL Injection for Beginner's: It's Hammertime

147 views

Published on

Turn on breakfast news and chances are you'll hear about the latest data breach. Another database has been dumped and another million people have had their credit card details stolen. How'd they do it? SQL Injection. SQL Injection is a common vulnerability found in websites and mobile applications. I'll introduce you to it, how it works, how to do it yourself and how to fix it. There will be classic hits, select memes and enough info so that when you get home you can take down your own website and make it rain data.

Check out the full version with hilarious giph's and some sweet tunes here: https://youtu.be/TTkOo9-0wMk

Published in: Technology
  • Be the first to comment

  • Be the first to like this

SQL Injection for Beginner's: It's Hammertime

  1. 1. Dr. Brigitte Lewis It’s Hammertime: SQL Injection For Beginners @briglewis #CyberCon #W0m3nWh0HackM3lb0urn3 @deloitte #projectfreidman
  2. 2. 1
  3. 3. Candid footage of me on a Sunday morning
  4. 4. 3
  5. 5. 4
  6. 6. 5
  7. 7. SELECT
  8. 8. blind
  9. 9. SQL Injection
  10. 10. 9 Dewey Decimal System Hashtags FML ?
  11. 11. What You’re Going to Learn • Checking for SQL Injection Vulnerabilities is quick and you can do it too! • How to execute a SQL Injection • How to fix SQL vulnerabilities
  12. 12. Why SQL Injection (SQLi?)
  13. 13. 15 What is Truth?
  14. 14. 19
  15. 15. 20
  16. 16. 21
  17. 17. 27 • SQL Injection is the act of querying or sending requests, otherwise known as questions, to a database. • Know Thy Database. Creating a Conversation with the Database
  18. 18. From the table called users, check that the username Jo@influencer4lyfe.com.au is there and that Jo's password which is Influencerlyfe2019! also matches the password Jo supplied. Speaking in Database Tongue
  19. 19. 30 SELECT * FROM Users WHERE user = Jo@influencer4lyfe.com.au and password = influencerlyfe2019! SQL Query 101
  20. 20. 31 7 Steps to SQLi Heaven
  21. 21. 32 1. Get the Database Language
  22. 22. 33 1.1 Identify the Database Language Error Based SQL Injection
  23. 23. SQLi Hunting in the Wilds of the Internet Google Dorks Query Format for advanced search in Google where-you-want-to search:keyword inurl: php?id= inurl – Get URL’s or website addresses
  24. 24. Google Dorks Results
  25. 25. SQLi Hunting in the Wilds of the Internet
  26. 26. 37 Statement / Equation True or False 1 + 1= 2 True 2 +2 = 4 True 1=1 a=a True True Speaking in Truths
  27. 27. 38 ' OR ‘1’ = ‘1 The Classic SQL Injection (SQLi)
  28. 28. 39 1.2 Login without a username or password
  29. 29. 40 2. Get the Contents of the Database You’re Currently Talking To
  30. 30. 42 Database 101 ID Username Password Signature 1 admin adminpass g0t r00t? 2 adrian somepassword Zombie Films Rock! 3 john monkey ###### 4 jeremy password ###### 5 bryce password ###### 6 samurai samurai ###### 7 jim password ###### 8 bobby password ###### 9 simba password ###### ID Credit Card 1 543556770082 2 543599755432 3 543554332153 4 543555588882 5 543525252183 6 543576464648 7 5435111172934 8 543523232902 9 5435116373849
  31. 31. 3. Count the columns to speak to other tables in the database (using ORDER BY) %3d is the = sign in URL language
  32. 32. 3.1 Count the columns to speak to other tables in the database ‘ ORDER by 1# ‘ ORDER by 2# ‘ ORDER by 3# 3 Columns in the table
  33. 33. 45 4. Checking for the vulnerable column
  34. 34. 46 4. Checking for the vulnerable columns
  35. 35. 47 4.2 Checking for the vulnerable column
  36. 36. 48 5. Get the Database Version +union select 1,version(),3
  37. 37. 49 6. Get the Database Name +union select database(),2,3
  38. 38. 50 'UNION SELECT 1, group_concat(table_name) from information_schema.tables where table_schema=database()%23 7. Get all the other database names to talk to them too
  39. 39. 51 3. Count the columns to speak to other tables in the database 4. Check for the vulnerable column 5. Get the database version 6. Get the database name 7. Get all the other database names to talk to them too. 1. Get the database to tell you the language it speaks 7 Steps to SQLi Heaven 2. Get the contents of the database you’re currently talking to
  40. 40. Enter SQLi Heaven
  41. 41. 54 Fixing SQL Vulnerabilities 1. Never Trust the User - Validate all input on the user and server side
  42. 42. 2. Input sanitisation - Clean it up before it is sent to the database
  43. 43. 3. Parameterisation or pre-prepared statements.
  44. 44. Thank-you for listening! That was: It’s Hammertime: SQL Injection For Beginners #CyberCon #W0m3nWh0HackM3lb0urn3 @Deloitte Dr. Brigitte Lewis | @briglewis I am

×