Ppt on sql injection

2,137 views

Published on

Published in: Engineering, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,137
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
166
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Ppt on sql injection

  1. 1. SQL INJECTION SUBMITTED TO:- SUBMITTED BY :- MR. NAVEEN KEDIA ASHISH KUMAR FINAL YEAR I.T.
  2. 2. INDEX  Ethical Hacking.  What is SQL.  How does SQL Injection work.  Example of SQL Injection.  Diagram of SQL Injection.
  3. 3. ETHICAL HACKING  Independent computer security Professionals breaking into the computer systems.  Neither damage the target systems nor steal information.  Evaluate target systems security and report back to owners about the Bugs found.
  4. 4. ETHICAL HACKERS BUT NOT CRIMINAL HACKERS  Completely trustworthy.  Strong programming and computer networking skills.  Learn about the system and trying to find its weaknesses.  Techniques of Criminal hackers-Detection-Prevention.  Tester only reports findings, does not solve problems.
  5. 5. WHAT IS SQL?  SQL stands for Structured Query Language  Allows us to access a database  ANSI and ISO standard computer language  The most current standard is SQL99  SQL can:  execute queries against a database  retrieve data from a database  insert new records in a database  delete records from a database  update records in a database
  6. 6. WHAT IS A SQL INJECTION ATTACK?  Many web applications take user input from a form  Often this user input is used literally in the construction of a SQL query submitted to a database. For example:  SELECT productdata FROM table WHERE productname = ‘user input product name’;  A SQL injection attack involves placing SQL statements in the user input
  7. 7. HOW DOES SQL INJECTION WORK? Common vulnerable login query SELECT * FROM users WHERE login = 'victor' AND password = '123' (If it returns something then login) ASP/MS SQL Server login syntax var sql = "SELECT * FROM users WHERE login = '" + formusr + "' AND password = '" + formpwd + "'";
  8. 8. INJECTING THROUGH STRINGS formusr = ' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 – – AND password = 'anything'
  9. 9. SQL INJECTION CHARACTERS  ' or "character String Indicators  -- or # single-line commen  /*…*/ multiple-line comment  + addition, concatenate (or space in url)  || (double pipe) concatenate  % wildcard attribute indicator
  10. 10. ALL TABLES AND COLUMNS IN ONE QUERY  union select 0, sysobjects.name + ': ' + syscolumns.name + ': ' + systypes.name, 1, 1, '1', 1, 1, 1, 1, 1 from sysobjects, syscolumns, systypes where sysobjects.xtype = 'U' AND sysobjects.id = syscolumns.id AND syscolumns.xtype = systypes.xtype --
  11. 11. ARCHITECTURE OF SQL INJECTION
  12. 12. LINKS  A lot of SQL Injection related papers  http://www.nextgenss.com/papers.htm  http://www.spidynamics.com/support/whitepapers/  http://www.appsecinc.com/techdocs/whitepapers.html  http://www.atstake.com/research/advisories  Other resources  http://www.owasp.org  http://www.sqlsecurity.com  http://www.securityfocus.com/infocus/1768
  13. 13. THANK YOU

×