Entering Colin and test gives a SQL query similar to thefollowing: -$query = "SELECT * FROM accounts WHERE username=‘Colin ANDpassword=‘test’; PROBLEM: - Often there is no filtering of input meaning that ahacker can inject CODE.Typical Code$username = $_REQUEST["username"];$password = $_REQUEST["password"];$query = "SELECT * FROM accounts WHERE username=$username ANDpassword=$password;
Entering blah ‘OR 1=1# In MYSQL, “#” is a comment.$query = SELECT * FROM accounts WHERE username= $username ANDpassword= $password; Gives$query = SELECT * FROM accounts WHERE username= ‘blah OR 1=1#password= Effectively$query = SELECT * FROM accounts WHERE username= ‘blah OR 1=1
HacmeBank has an SQL injection flaw. Adam is currently trying to do as much as damageas he can by exploiting this flaw.... “SQLMAP” tool as used by hacking groups.
login_id password user_nameJV JV789 Joe VilellaJM jm789 John MathewJC jc789 Jane Chris
Gain a “shell” on the victims PC. Stop firewall Deface Web site Could also publish database on the Internet.
Reputation? Compensation? Could be devastating for the company.
Approximately 3 lines of code.. AWARENESS. Only one of many Web flaws. A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4- Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards . ..etc
We are allvulnerable.No such thing asa “dumb user”.
Relies on victim clicking on a link (e.g. E-Mail,Google search .....etc). Hackers success against a company can begreatly increased using targeting users. E.g. Might not be easy to get an accountant toclick on any old link....but...
Get user to visit a page... Issue commands from the menu.
This is manyusers view ofwhat a trojan is...This is manyusers view ofwhat a trojan is...
Install...◦ Visit the wrong web page/install the wrongsoftware/Someone gets on your PC. Anti-virus can be evaded relatively easily. The ultimate hack.
Unpatched /Downloaded..How dangerous?Unpatched /Downloaded..How dangerous?• This demo applies to “out of date”software or packages downloadedfrom the Internet.• If a flaw isn’t fixed then this is whatcan happen.
Technical controls can help greatly but Developers/Networking staff/IT Staff/Userawareness is a major mitigation. Most modern hacking attacks require user “help”.
Awareness training @ Abertay Uni...◦ Pen Testing & Vulnerability Assessment (2 days)◦ Security awareness for users (1/2 day)◦ Web Security testing (2 days)◦ Security Awareness for Managers (1/2 day)◦ Secure Coding (1 day)◦ Wireless security (1 day)◦ Intro to Digital Forensics (2 days)◦ Network Forensics (2 days). In our Ethical Hacking lab or in your company.