Successfully reported this slideshow.

More Related Content

Viewers also liked

Common Web Application Attacks
Ahmed Sherif
Unicode
Ronan Dunne, CEH, SSCP
Error codes & custom 404s
Ronan Dunne, CEH, SSCP
RESTful Web Services
Christopher Bartling
Object Oriented Programming with Laravel - Session 5
Shahrzad Peyman
ASP.NET Mvc 4 web api
Tiago Knoch
Overview of RESTful web services
nbuddharaju
40+ tips to use Postman more efficiently
postmanclient
Secure code practices
Hina Rawal
ApacheCon North America 2018: Creating Spark Data Sources
Jayesh Thakrar
SQL injection prevention techniques
SongchaiDuangpan
Web Hacking Series Part 1
Aditya Kamat
1. web techniques
Mayuri Bhandari
Solr Architecture
Ramez Al-Fayez
Introducing asp
aspnet123
Postman Collection Format v2.0 (pre-draft)
Postman
Web Hacking Series Part 4
Aditya Kamat
CORS and (in)security
n|u - The Open Security Community
ASP.NET WEB API
Thang Chung

Similar to SQL injection basics

SQL injection
Akash Panchal
Php Security By Mugdha And Anish
OSSCube
Top 10 Bad Coding Practices Lead to Security Problems
Narudom Roongsiriwong, CISSP
CIS 282 Final Review
Randy Riness @ South Puget Sound Community College
Sql Injection and Entity Frameworks
Rich Helton
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
Cos 432 web_security
Michael Freyberger
Core defense mechanisms against security attacks on web applications
Karan Nagrecha
C01461422
IOSR Journals
Steps to mitigate Top 5 OWASP Vulnerabilities 2013
Jayasree Veliyath
Database testing part1
PAVAN KUMAR BHIMAVARAPU
Part36 parameter,form success
Girija Muscut
Top web apps security vulnerabilities
Aleksandar Bozinovski
Salesforce CLI Cheat Sheet
Keir Bowden
Bt0075 rdbms with mysql 2
Techglyphs
Stored procedures
Randy Riness @ South Puget Sound Community College
SQLi for Security Champions
PetraVukmirovic
Sql injection
Mohit Shukla
Jdbc sasidhar
Sasidhar Kothuru
Owasp Backend Security Project 1.0beta
Security Date

More from Blueinfy Solutions

Mobile Application Scan and Testing
Blueinfy Solutions
Mobile security chess board - attacks & defense
Blueinfy Solutions
Mobile code mining for discovery and exploits nullcongoa2013
Blueinfy Solutions
iOS Application Security Testing
Blueinfy Solutions
Html5 on mobile
Blueinfy Solutions
Android secure coding
Blueinfy Solutions
Android attacks
Blueinfy Solutions
Automation In Android & iOS Application Review
Blueinfy Solutions
Web Services Hacking and Security
Blueinfy Solutions
Source Code Analysis with SAST
Blueinfy Solutions
HTML5 hacking
Blueinfy Solutions
CSRF, ClickJacking & Open Redirect
Blueinfy Solutions
XSS - Attacks & Defense
Blueinfy Solutions
Defending against Injections
Blueinfy Solutions
Blind SQL Injection
Blueinfy Solutions
Application fuzzing
Blueinfy Solutions
Applciation footprinting, discovery and enumeration
Blueinfy Solutions
Assessment methodology and approach
Blueinfy Solutions
Advanced applications-architecture-threats
Blueinfy Solutions

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
System Identification: Tutorials Presented at the 5th IFAC Symposium on Identification and System Parameter Estimation, F.R. Germany, September 1979 Elsevier Books Reference
(4/5)
Free
Energy Conservation in Buildings: The Achievement of 50% Energy Saving: An Environmental Challenge? Elsevier Books Reference
(4/5)
Free
Young Men and Fire: Twenty-fifth Anniversary Edition Norman Maclean
(4.5/5)
Free
Longitude: The True Story of a Lone Genius Who Solved the Greatest Scientific Problem of His Time Dava Sobel
(4/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
If Then: How the Simulmatics Corporation Invented the Future Jill Lepore
(4.5/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free

SQL injection basics

  1. 1. SQL Injections and basics
  2. 2. SQL Query Poisoning • Parameters from the URL or input fields get used in SQL queries. • An instance of Input Validation attacks. • Data can be altered to extend the SQL query. – e.g. http://server/query.asp?item=3+OR+1=1 • Execution of stored procedures. • May even lead to back-end database server compromise.
  3. 3. Identify candidate parameters • Determine what parameters seem to be passed to the database. • Usually some selection criteria. • Results have a uniform template, but varying data content.
  4. 4. Force SQL errors • Insert meta-characters around or within the parameters. • Range testing - BOF or EOF. • Changing the data type. • Premature query termination: – quotation marks - ‘ or “ – trailing hyphens -- • Look for error messages generated from the database.
  5. 5. SQL Query Poisoning • Insecure code (ASP): roduct_id = request.querystring(“ID”) onn.Open uery = "select * from items where product_id = " & product_id et result = conn.execute(query)
  6. 6. SQL Query Poisoning • How the query gets assembled http://192.168.7.120/details.asp?id=http://192.168.7.120/details.asp?id= 33 select * from items where product_id =select * from items where product_id = 33 DB
  7. 7. Identifying SQL errors • Try and force error messages from database servers. • Gives us an idea how the SQL query is being created and used. • Tamper the input parameter. – Change data type – Premature termination by ‘ “ etc… • If the SQL query fails, we have a candidate for SQL injection.
  8. 8. Identifying SQL errors • Identify which resources contain SQL interfaces. • Identify the offending parameters which cause the SQL queries to break. • Root cause of all SQL query poisoning is lack of input sanitization. • Strip off meta-characters.
  9. 9. http://192.168.7.120/details.asp?id= Identifying SQL errors • Forcing SQL errors. • Ideal for identifying database interfaces! ‘3 select * from items where product_id = ‘3 DB
  10. 10. Identifying SQL errors • Premature SQL query termination: We now have an SQL injection point.
  11. 11. Identifying SQL errors Example: PHP + MySQL error message
  12. 12. Identifying SQL errors Example: ColdFusion + SQL Server error msg
  13. 13. Extend SQL queries • Add valid SQL clauses to extend the SQL query. • “OR 1=1” – return all rows. • “;SELECT …” – multiple queries. • “;EXEC …” – stored procedures.
  14. 14. Retrieve all rows • Retrieve excessive data http://192.168.7.120/details.asp?id= 3+OR+1=1 select * from items where product_id = 3 OR 1=1 DB
  15. 15. Executing Stored Procedures • SQL Injection attacks can be extended beyond excessive data retrieval. • Stored procedures, if known, and accessible, can also be invoked. – For example Microsoft SQL Server’s extended stored procedures. • Use the SQL “EXEC” statement.
  16. 16. EXEC master..xp_cmdshell ‘dir’ Executing Stored Procedures • How the query gets assembled: http://192.168.7.120/details.asp?id= 3%01EXEC+master..xp_cmdshell+’dir’ select * from items where product_id = 3 DB
  17. 17. Executing Stored Procedures • Viewing the results of execution:
  18. 18. Conclusion

×