SlideShare a Scribd company logo

SQL Injections and Behind...

Download as PPTX, PDF
A
arjunguptam

The very basics of SQLi, the cause of SQLi in web applications and testing approach

Technology
1 of 14
SQL Injection and behind... - Arjun M
Beating my own drums... Arjun Gupta M fb.com/arjungupta.m ▪ Working with Birlasoft, Security analyst at World Bank Group....just bkz I have to work ▪ I enjoy hacking ...de facto I knw ntng else ▪ Always a learner ▪ Long rides, Planting trees, Charities ▪ Indian...I take pride in this
Let’s start with DB and SQL ▪ Database is an organized collection of data. ▪ Easy to Access, Manage and Update the data. ▪ SQL / Structured Query language is the standard language to interact with the databases. ▪ DB’s andTrue/False are thick friends…Lets see why, further.
SQLI and the infamous ‘ ▪ SQL injection is a code injection technique in which malicious SQL statements are inserted into an entry field for execution. – Get / Post parameters, Cookies, Referrer header, User Agent and so on… ▪ It involves the alteration of SQL statements that are used within a web application through the use of attacker-supplied data. ▪ It is caused because of Incorrectly filtering the special characters before an action is performed on the input. ▪ The infamous rouge character that we love is ‘ which breaks the syntax and lets us do the work.
Honors and greatness of SQLI ▪ SQLi was ranked first on the MITRE CommonWeakness Enumeration (CWE) in 2011. ▪ TopVulnerability in OWASPTop 10 (2010 and 2013) under Injection category. ▪ SANSTop 25 Most Dangerous Software Errors list.  Authentication bypass, complete takeover of the database.  If you are still lucky, you can get the command shell too.
Authentication Bypass BUT HOW
How does it work… ▪ The query used by the developer to validate the login credentials is : Select * from users where username=‘$user’ and password=‘$pwd’; – If DB it returns one row, the user gets logged in. ▪ Instead of legit credentials, I inject “ admin’ AND ‘1’=‘1’ -- “ for username ▪ PHP interpreter will comment out the query after “ - - “ and sends the following query to DB for execution : Select * from users where username=‘admin’AND ‘1’=‘1’; ▪ DB processes the above query and returns one row, as the expression ‘1’=‘1’ is alwaysTrue and the username also exists.
How does it work…
Behavior of the application with safe input Another one…
Behavior of the application with Malicious input True Condition False Condition Different responses for True and False conditions confirms the injection vuln.
Little further... No of columns are not 4 ...try with a lesser one No of columns : 3
Google Dorks ▪ Inurl:.php?id= ▪ article.php?id= ▪ about.php?cartID= ▪ inurl:login.php ▪ intitle:Admin inurl:login.php site:.pk And so on….
Thanks to My guru Bharat kumar Ping me @ fb.com/arjungupta.m ▪ Audi https://github.com/Audi-1/sqli-labs ▪ The makers of DVWA

Recommended

Web Security attacks and defense
Web Security attacks and defenseWeb Security attacks and defense
Web Security attacks and defense
Jose Mato
 
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkVulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Pichaya Morimoto
 
C days2015
C days2015C days2015
C days2015
Nuno Loureiro
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
Mike Crabb
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
Nuno Loureiro
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 

Recommended

Web Security attacks and defense
Web Security attacks and defenseWeb Security attacks and defense
Web Security attacks and defense
Jose Mato
 
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP FrameworkVulnerable Active Record: A tale of SQL Injection in PHP Framework
Vulnerable Active Record: A tale of SQL Injection in PHP Framework
Pichaya Morimoto
 
C days2015
C days2015C days2015
C days2015
Nuno Loureiro
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
Mike Crabb
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
Nuno Loureiro
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
Public Broadcasting Service
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
Mohamed Talaat
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
JW CyberNerd
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-SiteSQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
ijtsrd
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
Edureka!
 
SQL Injection - Mozilla Security Learning Center
SQL Injection - Mozilla Security Learning CenterSQL Injection - Mozilla Security Learning Center
SQL Injection - Mozilla Security Learning Center
Michael Coates
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
XSS And SQL Injection Vulnerabilities
XSS And SQL Injection VulnerabilitiesXSS And SQL Injection Vulnerabilities
XSS And SQL Injection Vulnerabilities
Mindfire Solutions
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
amiable_indian
 
Principais ameças à Aplicações Web - Como explorá-las e como se proteger.
Principais ameças à Aplicações Web - Como explorá-las e como se proteger. Principais ameças à Aplicações Web - Como explorá-las e como se proteger.
Principais ameças à Aplicações Web - Como explorá-las e como se proteger.
Clavis Segurança da Informação
 
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire..."Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
SegInfo
 

More Related Content

What's hot

Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-SiteSQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
ijtsrd
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
Edureka!
 
SQL Injection - Mozilla Security Learning Center
SQL Injection - Mozilla Security Learning CenterSQL Injection - Mozilla Security Learning Center
SQL Injection - Mozilla Security Learning Center
Michael Coates
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 

What's hot (20)

SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
 
OWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacksOWASP Top 10 - Day 1 - A1 injection attacks
OWASP Top 10 - Day 1 - A1 injection attacks
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-SiteSQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
SQL Injection - Mozilla Security Learning Center
SQL Injection - Mozilla Security Learning CenterSQL Injection - Mozilla Security Learning Center
SQL Injection - Mozilla Security Learning Center
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
Sql injection
Sql injectionSql injection
Sql injection
 
XSS And SQL Injection Vulnerabilities
XSS And SQL Injection VulnerabilitiesXSS And SQL Injection Vulnerabilities
XSS And SQL Injection Vulnerabilities
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 

Viewers also liked

PHP e componentes reutilizáveis
PHP e componentes reutilizáveisPHP e componentes reutilizáveis
PHP e componentes reutilizáveis
elliando dias
 
Lista de Aceptados PAB Verano 2013
Lista de Aceptados PAB Verano 2013Lista de Aceptados PAB Verano 2013
Lista de Aceptados PAB Verano 2013
uagrmweb
 
Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...
Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...
Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...
Clavis Segurança da Informação
 
Exemplo De Plano De Gerenciamento De Projeto
Exemplo De Plano De Gerenciamento De ProjetoExemplo De Plano De Gerenciamento De Projeto
Exemplo De Plano De Gerenciamento De Projeto
lhencar
 

Viewers also liked (11)

Principais ameças à Aplicações Web - Como explorá-las e como se proteger.
Principais ameças à Aplicações Web - Como explorá-las e como se proteger. Principais ameças à Aplicações Web - Como explorá-las e como se proteger.
Principais ameças à Aplicações Web - Como explorá-las e como se proteger.
 
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire..."Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
"Atacando e Defendendo Aplicações Web" por Rafael Soares Ferreira, Sócio-Dire...
 
PHP e componentes reutilizáveis
PHP e componentes reutilizáveisPHP e componentes reutilizáveis
PHP e componentes reutilizáveis
 
Security & PHP
Security & PHPSecurity & PHP
Security & PHP
 
Lista de Aceptados PAB Verano 2013
Lista de Aceptados PAB Verano 2013Lista de Aceptados PAB Verano 2013
Lista de Aceptados PAB Verano 2013
 
Validação e Testes de Software - MOD2
Validação e Testes de Software - MOD2Validação e Testes de Software - MOD2
Validação e Testes de Software - MOD2
 
Disponibilizando dependências PHP com Composer, GitHub e Packagist
Disponibilizando dependências PHP com Composer, GitHub e PackagistDisponibilizando dependências PHP com Composer, GitHub e Packagist
Disponibilizando dependências PHP com Composer, GitHub e Packagist
 
Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...
Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...
Webinar # 16 – Ataques de Força Bruta – Método Dicionário, Híbridos e Rainbow...
 
JTableView - Swing
JTableView - SwingJTableView - Swing
JTableView - Swing
 
Validação e Testes de Software - MOD1
Validação e Testes de Software - MOD1Validação e Testes de Software - MOD1
Validação e Testes de Software - MOD1
 
Exemplo De Plano De Gerenciamento De Projeto
Exemplo De Plano De Gerenciamento De ProjetoExemplo De Plano De Gerenciamento De Projeto
Exemplo De Plano De Gerenciamento De Projeto
 

Similar to SQL Injections and Behind...

SecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
ThreatReel Podcast
 
CONHESI 2021 - Exploiting Web APIs
CONHESI 2021 - Exploiting Web APIsCONHESI 2021 - Exploiting Web APIs
CONHESI 2021 - Exploiting Web APIs
ThreatReel Podcast
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIs
ThreatReel Podcast
 
How to Hijack a Pizza Delivery Robot with Injection Flaws
How to Hijack a Pizza Delivery Robot with Injection FlawsHow to Hijack a Pizza Delivery Robot with Injection Flaws
How to Hijack a Pizza Delivery Robot with Injection Flaws
Security Innovation
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
Shubham Takode
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
 
Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)
Priyanka Aash
 
CiNPA Security SIG - Exploiting the Tiredful API
CiNPA Security SIG - Exploiting the Tiredful APICiNPA Security SIG - Exploiting the Tiredful API
CiNPA Security SIG - Exploiting the Tiredful API
ThreatReel Podcast
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
mirahman
 

Similar to SQL Injections and Behind... (20)

Google Dorks and SQL Injection
Google Dorks and SQL InjectionGoogle Dorks and SQL Injection
Google Dorks and SQL Injection
 
SecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIsSecureWV: Exploiting Web APIs
SecureWV: Exploiting Web APIs
 
CONHESI 2021 - Exploiting Web APIs
CONHESI 2021 - Exploiting Web APIsCONHESI 2021 - Exploiting Web APIs
CONHESI 2021 - Exploiting Web APIs
 
Code injection
Code injectionCode injection
Code injection
 
Sq li
Sq liSq li
Sq li
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIs
 
4 andrii kudiurov - web application security 101
4 andrii kudiurov - web application security 1014 andrii kudiurov - web application security 101
4 andrii kudiurov - web application security 101
 
How to Hijack a Pizza Delivery Robot with Injection Flaws
How to Hijack a Pizza Delivery Robot with Injection FlawsHow to Hijack a Pizza Delivery Robot with Injection Flaws
How to Hijack a Pizza Delivery Robot with Injection Flaws
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
 
2600 Thailand #50 From 0day to CVE
2600 Thailand #50 From 0day to CVE2600 Thailand #50 From 0day to CVE
2600 Thailand #50 From 0day to CVE
 
Website Hacking and Preventive Measures
Website Hacking and Preventive MeasuresWebsite Hacking and Preventive Measures
Website Hacking and Preventive Measures
 
Sql interview question part 8
Sql interview question part 8Sql interview question part 8
Sql interview question part 8
 
Ebook8
Ebook8Ebook8
Ebook8
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 
Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)
 
OWASP TOP 10 by Team xbios
OWASP TOP 10 by Team xbiosOWASP TOP 10 by Team xbios
OWASP TOP 10 by Team xbios
 
CiNPA Security SIG - Exploiting the Tiredful API
CiNPA Security SIG - Exploiting the Tiredful APICiNPA Security SIG - Exploiting the Tiredful API
CiNPA Security SIG - Exploiting the Tiredful API
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Recently uploaded (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

SQL Injections and Behind...

  • 2. Beating my own drums... Arjun Gupta M fb.com/arjungupta.m ▪ Working with Birlasoft, Security analyst at World Bank Group....just bkz I have to work ▪ I enjoy hacking ...de facto I knw ntng else ▪ Always a learner ▪ Long rides, Planting trees, Charities ▪ Indian...I take pride in this
  • 3. Let’s start with DB and SQL ▪ Database is an organized collection of data. ▪ Easy to Access, Manage and Update the data. ▪ SQL / Structured Query language is the standard language to interact with the databases. ▪ DB’s andTrue/False are thick friends…Lets see why, further.
  • 4. SQLI and the infamous ‘ ▪ SQL injection is a code injection technique in which malicious SQL statements are inserted into an entry field for execution. – Get / Post parameters, Cookies, Referrer header, User Agent and so on… ▪ It involves the alteration of SQL statements that are used within a web application through the use of attacker-supplied data. ▪ It is caused because of Incorrectly filtering the special characters before an action is performed on the input. ▪ The infamous rouge character that we love is ‘ which breaks the syntax and lets us do the work.
  • 5. Honors and greatness of SQLI ▪ SQLi was ranked first on the MITRE CommonWeakness Enumeration (CWE) in 2011. ▪ TopVulnerability in OWASPTop 10 (2010 and 2013) under Injection category. ▪ SANSTop 25 Most Dangerous Software Errors list.  Authentication bypass, complete takeover of the database.  If you are still lucky, you can get the command shell too.
  • 6.
  • 8. How does it work… ▪ The query used by the developer to validate the login credentials is : Select * from users where username=‘$user’ and password=‘$pwd’; – If DB it returns one row, the user gets logged in. ▪ Instead of legit credentials, I inject “ admin’ AND ‘1’=‘1’ -- “ for username ▪ PHP interpreter will comment out the query after “ - - “ and sends the following query to DB for execution : Select * from users where username=‘admin’AND ‘1’=‘1’; ▪ DB processes the above query and returns one row, as the expression ‘1’=‘1’ is alwaysTrue and the username also exists.
  • 9. How does it work…
  • 10. Behavior of the application with safe input Another one…
  • 11. Behavior of the application with Malicious input True Condition False Condition Different responses for True and False conditions confirms the injection vuln.
  • 12. Little further... No of columns are not 4 ...try with a lesser one No of columns : 3
  • 13. Google Dorks ▪ Inurl:.php?id= ▪ article.php?id= ▪ about.php?cartID= ▪ inurl:login.php ▪ intitle:Admin inurl:login.php site:.pk And so on….
  • 14. Thanks to My guru Bharat kumar Ping me @ fb.com/arjungupta.m ▪ Audi https://github.com/Audi-1/sqli-labs ▪ The makers of DVWA