Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Powerpoint presentation on SQL injection in brief (Simple)

2,111 views

Published on

Powerpoint presentation on SQL injection in brief(Simple) please also give a live demo for easy presentation..all the best good luck

Published in: Engineering
  • Be the first to comment

Powerpoint presentation on SQL injection in brief (Simple)

  1. 1. A SEMINAR POWERPOINT PRESENTATION ON sql injection (Structured Query Language Injection) Session: 2017-18 Submitted To: Submitted By: Dr. Deepak Dembla Shivam Sahu Professor & HOD IT 16BCAN035 &Computer Applications Department IInd Sem BCA JECRC University, Jaipur
  2. 2. Structure of presentation • What are Injection attacks? • What is SQL? • What is SQL Injection? • Classes of SQL Injection? • Is it can be a very serious problem? • Important SQL Syntax! • Find SQL Injection Bugs ? • Impact of SQL Injection • SQLAttack steps! • News!!?? • Any Websites provide Bugs Bounty for SQL Injection? • SQL Injection(code and dork) • How to hack Website using SQL Injection with easy Steps!(Live Demonstartion!) • SQL injection exploit? • How Can You Prevent This? • Other Injection Types • SQL injection Conclusion • Bibliography
  3. 3. What are Injection attacks? • Injection attacks trick an application into including unintended commands in the data send to an interpreter. • Interpreters • Interpret strings as commands. • Ex: SQL, shell (cmd.exe, bash), LDAP, XPath • Key Idea • Input data from the application is executed as code by the interpreter.
  4. 4. What is SQL? • SQL: Structured Query Language • Used to store, edit, and retrieve database data • Applications issue SQL commands that manage data Web Application Database SQL Changes Retrieval
  5. 5. What is SQL Injection? • App sends form to user. • Attacker submits form with SQL exploit data. • Application builds string with exploit data. • Application sends SQL query to DB. • DB executes query, including exploit, sends data back to application. • Application returns data to user. • Many web applications take user input from a form • Often this user input is used literally in the construction of a SQL query submitted to a database DB Server Firewall User Pass ‘ or 1=1--
  6. 6. Video Source : https://www.youtube.com/watch?v=FwIUkAwKzG8
  7. 7. Classes of SQL Injection • SQL Injection can be broken up into 3 classes: • 1.Inband - data is extracted using the same channel that is used to inject the SQL code. • This is the most straightforward kind of attack, in which the retrieved data is presented • directly in the application web page • 2.Out-of-Band - data is retrieved using a different channel (e.g.: an email with the results of • the query is generated and sent to the tester) • 3.Inferential - there is no actual transfer of data, but the tester is able to reconstruct the • information by sending particular requests and observing the resulting behaviour of the • website/DB Server.
  8. 8. Is it can be a very serious problem? • The attacker can delete, modify or even worse, steal your data • Compromises the safety, security & trust of user data • Compromises a company’s competitiveness or even the ability to stay in business
  9. 9. Important Syntax COMMENTS: -- Example: SELECT * FROM `table` --selects everything LOGIC: ‘a’=‘a’ Example: SELECT * FROM `table` WHERE ‘a’=‘a’ MULTI STATEMENTS: S1; S2 Example: SELECT * FROM `table`; DROP TABLE `table`;
  10. 10. Impact of SQL Injection 1. Leakage of sensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
  11. 11. SQL Attack steps • Searching for a vulnerable point • Fingerprinting the backend DB • Enumerating or retrieving data of interest – table dumps, usernames/passwords etc. • Eventual exploiting the system once the information is handy – OS take over, data change, web server take over etc.
  12. 12. SQL Injection Attacks on the rise • Many, many sites have lost customer data in this way,” said Chris Hinkley, Senior Security Engineer at FireHost. “SQL Injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk. These attacks can be detected and businesses should be taking basic and blanket steps to block attempted SQL Injection, as well as the other types of attacks we frequently see. • 16/11/2016 :Websites of Indian Embassy in 7 Countries Hacked; Database Leaked Online
  13. 13. SQL injection exploit? • Access sensitive data in the database, • Modify database data, • Execute administrative operations within the database (e.g. shutdown the DBMS), • Recover the content of a given file present on the DBMS file system • And in some cases issue commands to the operating system.
  14. 14. Video Source : https://www.youtube.com/watch?v=J6-zUVUzZA4
  15. 15. Websites that provide bug bounty for SQL Injection https://www.hackerone.com/
  16. 16. SQL Injection ' or 0=0 -- ' or 0=0 --' ' or 0=0 # " or 0=0 -- " or 0=0 --' '" or 0=0 -- or 0=0 -- ' or 0=0 " or 0=0 # ' or a=a-- ' or "a"="a ' or 'a'='a " or "a"="a ') or ('a'='a ") or ("a"="a hi" or "a"="a hi" or 1=1 -- or 0=0 # ' or 'x'='x " or "x"="x ') or ('x'='x " or 1=1-- or 1=1-- ' or a=a--' ' or a=a # hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a hi") or ("a"="a ' or 1=1-- " or 1=1-- or 1=1-- ' or 'a'='a " or "a"="a ') or ('a'='a
  17. 17. Finding SQL Injection Bugs 1. Submit a single quote as input. If an error results, app is vulnerable. If no error, check for any output changes. 2. Submit two single quotes. Databases use ’’ to represent literal ’ If error disappears, app is vulnerable. 3. Try string or numeric operators.
  18. 18. How to mitigate the risk? • Escape all user supplied input • Always validate input • Use prepared statements – For PHP+MySQL – use PDO with strongly typed parameterized queries (using bindParam()) • Code reviews • Don’t store password in plain text in the DB – Salt them and hash them
  19. 19. How does this prevent an attack? • The SQL statement you pass to prepare is parsed and compiled by the database server. • By specifying parameters (either a ? or a named parameter like :name) you tell the database engine what to filter on. • Then when you call execute the prepared statement is combined with the parameter values you specify. • It works because the parameter values are combined with the compiled statement, not a SQL string. • SQL injection works by tricking the script into including malicious strings when it creates SQL to send to the database. So by sending the actual SQL separately from the parameters you limit the risk of ending up with something you didn't intend.
  20. 20. Prevention • Logic to allow only numbers / letters in username and password. • How should you enforce the constraint? SERVER SIDE. • ‘ESCAPE’ bad characters. ’ becomes ’ • READ ONLY database access. • Remember this is NOT just for login areas! NOT just for websites!!
  21. 21. Video Source: https://www.youtube.com/watch?v=WNNLpObPQuo
  22. 22. SQL injection Conclusion • SQL injection is technique for exploiting applications that use relational databases as their back end. • Applications compose SQL statements and send to database. • SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries. • The technique is based on malformed user-supplied data • Transform the innocent SQL calls to a malicious call • Cause unauthorized access, deletion of data, or theft of information • All databases can be a target of SQL injection and all are vulnerable to this technique. • The vulnerability is in the application layer outside of the database, and the moment that the application has a connection into the database.
  23. 23. Other Injection Types • Shell injection. • Scripting language injection. • File inclusion. • XML injection. • XPath injection. • LDAP injection. • SMTP injection.
  24. 24. Some good sites to learn more • Prevention guide (with sample code in many languages): • http://bobby-tables.com/ • Tutorials: • (webinar) http://www.percona.com/webinars/2012-07-25-sql- injection-myths-and-fallacies • http://www.netrostar.com/SQL-Injection-Attack • http://www.unixwiz.net/techtips/sql-injection.html • Cool site that let’s you try out attacks on a sample DB and explains why they work • http://sqlzoo.net/hack/ • Research paper on how to retrofit existing websites to combat SQL injection attacks • http://lersse-dl.ece.ubc.ca/record/205/files/paper.pdf
  25. 25. BIBLIOGRAPHY • https://www.google.co.in/#q=sql+injection& • http://www.acunetix.com/websitesecurity/sql-injection/ • https://www.google.co.in/search?q=sql+injection&source=lnm s&tbm=isch&sa=X&sqi=2&ved=0ahUKEwir3_fijMfSAhUJq Y8KHaZrD50Q_AUICCgD&biw=1440&bih=794 • https://www.w3schools.com/sql/sql_injection.asp • https://en.wikipedia.org/wiki/SQL_injection • https://www.tutorialspoint.com/sql/sql-injection.htm • http://searchsoftwarequality.techtarget.com/definition/SQL- injection • https://www.netsparker.com/blog/web-security/sql-injection- vulnerability/
  26. 26. Queries Will Be Appreciated ?
  27. 27. Profound Thanks To: Dr. Deepak Dembla Professor & HOD IT & Computer Applications Department

×