Submit Search
Upload
Relational Databases - Lecture 5 - SQL injection
•
0 likes
•
147 views
Karina Sokolova
Follow
SQL injection attack example
Read less
Read more
Technology
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 10
Recommended
Relational Databases - Lecture 4 - SQL language
Relational Databases - Lecture 4 - SQL language
Karina Sokolova
Relational Databases - Lecture 2 - Entity-relationship diagram
Relational Databases - Lecture 2 - Entity-relationship diagram
Karina Sokolova
Relational Databases - Lecture 1 - Introduction
Relational Databases - Lecture 1 - Introduction
Karina Sokolova
Facebook Advertising
Facebook Advertising
Xerox
Twitter Advertisement
Twitter Advertisement
Xerox
Online Advertising Landscape
Online Advertising Landscape
Xerox
Importance Of Good Friend
Importance Of Good Friend
NextFlights
Mockup background
Mockup background
Saravanakumar Devaraj
Recommended
Relational Databases - Lecture 4 - SQL language
Relational Databases - Lecture 4 - SQL language
Karina Sokolova
Relational Databases - Lecture 2 - Entity-relationship diagram
Relational Databases - Lecture 2 - Entity-relationship diagram
Karina Sokolova
Relational Databases - Lecture 1 - Introduction
Relational Databases - Lecture 1 - Introduction
Karina Sokolova
Facebook Advertising
Facebook Advertising
Xerox
Twitter Advertisement
Twitter Advertisement
Xerox
Online Advertising Landscape
Online Advertising Landscape
Xerox
Importance Of Good Friend
Importance Of Good Friend
NextFlights
Mockup background
Mockup background
Saravanakumar Devaraj
Allah The Most Merciful
Allah The Most Merciful
SaudiToursUK
Glenn Flekke Digital Portfolio
Glenn Flekke Digital Portfolio
gflekke
1
1
AnjaniKumar203
Business Card
Business Card
WebForYou Creative Agency
University of manchester degree UoM diploma
University of manchester degree UoM diploma
DiplomaTranscript
Universityof wiscons inlacrosse diploma
Universityof wiscons inlacrosse diploma
DiplomaTranscript
Color Clash
Color Clash
Lindsay Walsh
Newnew
Newnew
admin15kkr
Big Data
Big Data
Xerox
Tamil double letter words
Tamil double letter words
Peahen Sharmi
X1
X1
Maxim Petrov
CL - Fortaleza digital, Dan Brown
CL - Fortaleza digital, Dan Brown
Luís
Design is as good (or flawed) as the people who make it
Design is as good (or flawed) as the people who make it
Kayla J Heffernan
Aku
Aku
Juli September
TARJETA MADRE
TARJETA MADRE
MiguelngelGozaineArr
Let´s Fight for Human Unintelligence
Let´s Fight for Human Unintelligence
Robin-Boris Kasper
Intro to Biodesign: Working with Living Things
Intro to Biodesign: Working with Living Things
Leticia Oxley
How to build a great coding culture
How to build a great coding culture
Mark Halvorson
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
Kamel Mansouri
Ke hoach thi cong thang 9
Ke hoach thi cong thang 9
Bước Bên Aj
Salesforce Training Institute In Pune Syllabus
Salesforce Training Institute In Pune Syllabus
victoriousdigital
Image pacman
Image pacman
Francois Durant
More Related Content
What's hot
Allah The Most Merciful
Allah The Most Merciful
SaudiToursUK
Glenn Flekke Digital Portfolio
Glenn Flekke Digital Portfolio
gflekke
1
1
AnjaniKumar203
Business Card
Business Card
WebForYou Creative Agency
University of manchester degree UoM diploma
University of manchester degree UoM diploma
DiplomaTranscript
Universityof wiscons inlacrosse diploma
Universityof wiscons inlacrosse diploma
DiplomaTranscript
Color Clash
Color Clash
Lindsay Walsh
Newnew
Newnew
admin15kkr
Big Data
Big Data
Xerox
Tamil double letter words
Tamil double letter words
Peahen Sharmi
What's hot
(10)
Allah The Most Merciful
Allah The Most Merciful
Glenn Flekke Digital Portfolio
Glenn Flekke Digital Portfolio
1
1
Business Card
Business Card
University of manchester degree UoM diploma
University of manchester degree UoM diploma
Universityof wiscons inlacrosse diploma
Universityof wiscons inlacrosse diploma
Color Clash
Color Clash
Newnew
Newnew
Big Data
Big Data
Tamil double letter words
Tamil double letter words
Similar to Relational Databases - Lecture 5 - SQL injection
X1
X1
Maxim Petrov
CL - Fortaleza digital, Dan Brown
CL - Fortaleza digital, Dan Brown
Luís
Design is as good (or flawed) as the people who make it
Design is as good (or flawed) as the people who make it
Kayla J Heffernan
Aku
Aku
Juli September
TARJETA MADRE
TARJETA MADRE
MiguelngelGozaineArr
Let´s Fight for Human Unintelligence
Let´s Fight for Human Unintelligence
Robin-Boris Kasper
Intro to Biodesign: Working with Living Things
Intro to Biodesign: Working with Living Things
Leticia Oxley
How to build a great coding culture
How to build a great coding culture
Mark Halvorson
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
Kamel Mansouri
Ke hoach thi cong thang 9
Ke hoach thi cong thang 9
Bước Bên Aj
Salesforce Training Institute In Pune Syllabus
Salesforce Training Institute In Pune Syllabus
victoriousdigital
Image pacman
Image pacman
Francois Durant
annual-report-2016
annual-report-2016
Paul Adler
el pensamiento de
el pensamiento de
Javi Maycol
Bega Cheese - A $1 billion company?
Bega Cheese - A $1 billion company?
VCE Accounting - Michael Allison
SI-ESF-M-BIPV-CT-ROOFS
SI-ESF-M-BIPV-CT-ROOFS
Solar Innova
SI-ESF-M-BIPV-CT-SKYLIGHTS
SI-ESF-M-BIPV-CT-SKYLIGHTS
Solar Innova
SI-ESF-M-BIPV-CT-CURTAIN WALLS
SI-ESF-M-BIPV-CT-CURTAIN WALLS
Solar Innova
SI-ESF-S-PVNB-NOISE BARRIERS
SI-ESF-S-PVNB-NOISE BARRIERS
Solar Innova
SI-ESF-M-BIPV-PL
SI-ESF-M-BIPV-PL
Solar Innova
Similar to Relational Databases - Lecture 5 - SQL injection
(20)
X1
X1
CL - Fortaleza digital, Dan Brown
CL - Fortaleza digital, Dan Brown
Design is as good (or flawed) as the people who make it
Design is as good (or flawed) as the people who make it
Aku
Aku
TARJETA MADRE
TARJETA MADRE
Let´s Fight for Human Unintelligence
Let´s Fight for Human Unintelligence
Intro to Biodesign: Working with Living Things
Intro to Biodesign: Working with Living Things
How to build a great coding culture
How to build a great coding culture
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
In-silico study of ToxCast GPCR assays by quantitative structure-activity rel...
Ke hoach thi cong thang 9
Ke hoach thi cong thang 9
Salesforce Training Institute In Pune Syllabus
Salesforce Training Institute In Pune Syllabus
Image pacman
Image pacman
annual-report-2016
annual-report-2016
el pensamiento de
el pensamiento de
Bega Cheese - A $1 billion company?
Bega Cheese - A $1 billion company?
SI-ESF-M-BIPV-CT-ROOFS
SI-ESF-M-BIPV-CT-ROOFS
SI-ESF-M-BIPV-CT-SKYLIGHTS
SI-ESF-M-BIPV-CT-SKYLIGHTS
SI-ESF-M-BIPV-CT-CURTAIN WALLS
SI-ESF-M-BIPV-CT-CURTAIN WALLS
SI-ESF-S-PVNB-NOISE BARRIERS
SI-ESF-S-PVNB-NOISE BARRIERS
SI-ESF-M-BIPV-PL
SI-ESF-M-BIPV-PL
Recently uploaded
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
charlottematthew16
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
RankYa
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Zilliz
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
Alfredo García Lavilla
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
NavinnSomaal
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
carlostorres15106
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Fwdays
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
Rizwan Syed
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Padma Pradeep
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Patryk Bandurski
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
Miki Katsuragi
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Zilliz
Recently uploaded
(20)
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Relational Databases - Lecture 5 - SQL injection
1.
1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 1 0 1 1 0 1 1 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 1 1 0 1 ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 0 1 0 0 1 ✑ 1 0 0 1 0 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 0 1 1 1 0 1 1 0 0 1 0 1 0 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 1 1 1 1 1 0 0 0 1 0 1 0 0 1 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 0 0 1 0 1 1 1 1 1 ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✑ SQL injection
2.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 SQL injection • Injection
of an SQL query via an input from the client application • Vulnerability comes from the dynamic SQL request construction
3.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Cyber Attacks Statistics
4.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Typical example String loginQuery
= “SELECT * FROM useraccounts WHERE userID = ‘“ + request.getParameter(“userID”) + “‘ AND password = ‘“ + request.getParameter(“password") + “‘“; userID = ' or 1=1 -- password = doesNotMatter SELECT * FROM useraccounts WHERE userID = '' or 1=1 -- AND password='doesNotMatter'
5.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat • Execute SQL
queries • Select, Insert, Delete • Explore error messages • Column 'users.username' is invalid • Identity theft • Data leakage
6.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat
7.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat: camera
8.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Threat: Swedish elections
9.
1 0 1 0 0 1 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 1 1 1 0 0 1 0 1 0 0 1 1 0 0 1 1 1 0 0 0 1 0 1 1 ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 1 1 0 0 1 ✑ ✑ 1 ✑ ✑ 1 0 1 Android example Curson curson
= db.rawQuery(“select * from login where USERNAME = ‘“ + param1 + “‘ and PASSWORD = ‘“ +param2 + “‘;”, null); Curson curson = db.rawQuery(“select * from login where USERNAME = ? and PASSWORD = ?;”, new String[]{param1, param2}); • Bad • Good
10.
1 0 0 1 0 1 0 0 1 0 1 0 1 0 0 1 0 0 1 1 0 0 1 0 1 0 1 1 0 1 1 0 0 1 0 0 1 0 1 0 0 1 0 1 0 0 1 0 0 1 0 1 0 0 1 0 1 ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ ✑ ✐ ✐ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✑ ✑ ✐ ✑ ✐ ✑ ✐ ✐ ✑ ✐ ✐ ✑ ✐ ✑ ✑ 0 1 0 0 1 ✑ 0 0 1 0 0 1 0 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 1 0 0 1 1 1 0 1 1 0 0 1 0 1 0 0 1 0 1 1 1 1 0 1 1 0 0 1 0 1 1 1 1 1 1 0 0 0 1 0 1 0 0 1 1 1 1 0 0 1 0 1 0 0 1 0 1 0 0 1 1 0 1 0 1 0 0 1 0 1 1 1 1 1 ✑ ✐ ✐ ✑ ✑ Practical attack