SlideShare a Scribd company logo

Advanced Sql Injection ENG

Download as PPT, PDF
Dmitry Evteev
Dmitry Evteev
Technology
1 of 62
Advanced SQL Injection Dmitry Evteev ( Positive Technologies) Web Application Security Consortium (WASC) Contributor
Subjects in Question ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to Web Application Security
Unsafe World of Web Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],The data is based on automatic scanning of 16121 systems, detailed analysis of 59 web applications including analysis of the source code of over 10 applications .
Unsafe World of Web Applications: Statistics 2008
Chapter 1 : SQL Injection Vulnerability ,[object Object]
Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329&print=Y … . SELECT * from news where id = 6329 … .
Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329+union+select+id,pwd,0+from... … . SELECT * from news where id = 6329 union select id,pwd,0 from… … .
SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection – Basic Concepts ,[object Object],[object Object]
SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injectio n – Classical Exploitation ( MySQL ) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injectio n – Features of Different DBMSs ,[object Object],MySQL MSSQL MS Access Oracle DB2 PostgreSQL String concatenation concat(,) concat_ws(delim,) ' '+' ' " "&" " ' '||' ' '' concat '' " "+" " ' '||' ' ' '||' ' Comments -- and /* * / and # -- and /* No -- and /* -- -- and /* Request union union union and ; union union union union and ; Sub-requests v .4.1 >= Yes No Yes Yes Yes Stored procedures No Yes No Yes No Yes Availability of information_schema or its analogs v .5.0 >= Yes Yes Yes Yes Yes
SQL Injectio n – Exploitation for Different DBMSs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 2 : Blind SQL Injection ,[object Object]
Blind SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object]
Blind SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – Classical Exploitation ( MySQL ) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – Classical Exploitation ( MySQL ) Let’s go faster … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … and even faster … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … at the same rate … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Note: in the example, hexadecimal equivalents were used, e.g. 0 x787B312C307D instead x{1,0}
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … at the same rate … ,[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … at the maximal rate ! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) The Rate Limit … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Double Blind SQL Injectio n – Classical Exploitation ( MySQL ) More haste, less speed;) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 3 : Working with File System and Executing Commands on Server ,[object Object]
Working with File System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Working with File System – Difference of DBMSs ,[object Object],[object Object],[object Object],[object Object],[object Object],MySQL MSSQL MS Access Oracle PostgreSQL Built-in functions Yes No Yes No Yes Available functions load_file, load data infile, into otfile/dumpfile Procedures eq insert from file curdir() Procedures eq insert from file pg_read_file(), pg_ls_dir(), copy, etc.
Working with File System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Executing Commands on Server – Difference of DBMSs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MySQL MSSQL MS Access Oracle PostgreSQL Built-in functions No Yes Yes No No Available functions No EXEC shell() Own procedures Own procedures
Executing Commands on Server ,[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 4 : Methods to Bypass Security Filters ,[object Object]
Filters for Incoming data. Types ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters (1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters (2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters (3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters ( 4 ) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Raz0r, http://raz0r.name/vulnerabilities/sql-inekcii-svyazannye-s-multibajtovymi-kodirovkami-i-addslashes/
Methods to Bypass Security Filters (5) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 5 : Methods to Bypass Web Application Firewall ,[object Object]
What is WAF http:// server /?id=6329&print=Y At attack is detected ! Alarm !!! WAF Webserver http:// server /?id=5351 http:// server /?id=8234 http:// server /? id=“><script>... http:// server /?id=1+union+select... http:// server /? id=/../../../etc/passwd Data normalization Decode HTML entities (e.g. &#99;, &quot;, &#xAA;) Escaped characters (e.g. , 01, AA, AABB) Null byte string termination ... Signature search /(sel)(ect.+fr)(om)/is /(uni)(on.+sel)(ect)/is ...
Classification ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass WAF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection - Normalization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – HPP ( example 1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – HPP ,[object Object]
Practice of Bypassing WAF: SQL Injection - HPP Technology/Environment Parameter Interpretation Example ASP.NET/IIS Concatenation by comma par1=val1,val2 ASP/IIS Concatenation by comma par1=val1,val2 PHP/APACHE The last parameter is resulting par1=val2 PHP/Zeus The last parameter is resulting par1=val2 JSP, Servlet/Apache Tomcat The first parameter is resulting par1=val1 JSP,Servlet/Oracle Application Server 10g The first parameter is resulting par1=val1 JSP,Servlet/Jetty The first parameter is resulting par1=val1 IBM Lotus Domino The first parameter is resulting par1=val1 IBM HTTP Server The last parameter is resulting par1=val2 mod_perl,libapeq2/Apache The first parameter is resulting par1=val1 Perl CGI/Apache The first parameter is resulting par1=val1 mod_perl,lib???/Apache The first parameter is resulting par1=val1 mod_wsgi (Python)/Apache An array is returned ARRAY(0x8b9058c) Pythin/Zope The first parameter is resulting par1=val1 IceWarp An array is returned ['val1','val2'] AXIS 2400 The last parameter is resulting par1=val2 Linksys Wireless-G PTZ Internet Camera Concatenation by comma par1=val1,val2 Ricoh Aficio 1022 Printer The last parameter is resulting par1=val2 webcamXP Pro The first parameter is resulting par1=val1 DBMan Concatenation by two tildes par1=val1~~val2
Practice of Bypassing WAF: SQL Injection – HPP ( example 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – HPF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – Signature Bypass ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – Signature Bypass ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions
SQL Injection in “wildlife” ,[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automated Exploitation of SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automatic detection of SQL Injection
Additional materials and references ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you for your attention ! [email_address] http://devteev.blogspot.com/

Recommended

Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprisen|u - The Open Security Community
 
SQL Overview
SQL OverviewSQL Overview
SQL OverviewStewart Rogers
 

Recommended

Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprisen|u - The Open Security Community
 
SQL Overview
SQL OverviewSQL Overview
SQL OverviewStewart Rogers
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
 
Sql injection
Sql injectionSql injection
Sql injectionNuruzzaman Milon
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
sqlmap internals
sqlmap internalssqlmap internals
sqlmap internalsMiroslav Stampar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 
Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesCarol McDonald
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
Spring data jpa
Spring data jpaSpring data jpa
Spring data jpaJeevesh Pandey
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1Bernardo Damele A. G.
 

More Related Content

What's hot

Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpMindfire Solutions
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesCarol McDonald
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 

What's hot (20)

Sql injection
Sql injectionSql injection
Sql injection
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
sqlmap internals
sqlmap internalssqlmap internals
sqlmap internals
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads Up
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
Spring data jpa
Spring data jpaSpring data jpa
Spring data jpa
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
XSS
XSSXSS
XSS
 

Viewers also liked

D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)Bernardo Damele A. G.
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackImperva
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWebsecurify
 
Virtua lkeyboard
Virtua lkeyboardVirtua lkeyboard
Virtua lkeyboardJaya0006
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17Eoin Keary
 
Threat modeling librarian freedom conference
Threat modeling librarian freedom conferenceThreat modeling librarian freedom conference
Threat modeling librarian freedom conferenceevacide
 

Viewers also liked (20)

D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
 
Sql injection
Sql injectionSql injection
Sql injection
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
SQL injection and SYN attack
SQL injection and SYN attackSQL injection and SYN attack
SQL injection and SYN attack
 
Pen pc tech
Pen pc techPen pc tech
Pen pc tech
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
 
Virtua lkeyboard
Virtua lkeyboardVirtua lkeyboard
Virtua lkeyboard
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
Threat modeling librarian freedom conference
Threat modeling librarian freedom conferenceThreat modeling librarian freedom conference
Threat modeling librarian freedom conference
 
Virtual keyboard
Virtual keyboardVirtual keyboard
Virtual keyboard
 

Similar to Advanced Sql Injection ENG

Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)SqliChema Alonso
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersChema Alonso
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlChema Alonso
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLkobaitari
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Asegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingAsegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingChema Alonso
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your databaseMostafa Siraj
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngDmitry Evteev
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-onAndrea Valenza
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesChema Alonso
 

Similar to Advanced Sql Injection ENG (20)

Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)Sql
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
Asp
AspAsp
Asp
 
ieee
ieeeieee
ieee
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQL
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Sq li
Sq liSq li
Sq li
 
Asegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingAsegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File Downloading
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your database
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-on
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy Queries
 

More from Dmitry Evteev

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Dmitry Evteev
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Dmitry Evteev
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Dmitry Evteev
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Dmitry Evteev
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Dmitry Evteev
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБОDmitry Evteev
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...Dmitry Evteev
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системDmitry Evteev
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банковDmitry Evteev
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future NowDmitry Evteev
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный вебDmitry Evteev
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеровDmitry Evteev
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Dmitry Evteev
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftDmitry Evteev
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоDmitry Evteev
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийDmitry Evteev
 
Введение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийВведение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийDmitry Evteev
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестированийDmitry Evteev
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестераDmitry Evteev
 

More from Dmitry Evteev (20)

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...
 
penetest VS. APT
penetest VS. APTpenetest VS. APT
penetest VS. APT
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБО
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских систем
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банков
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future Now
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный веб
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеров
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях Microsoft
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это было
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учреждений
 
Введение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийВведение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложений
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестирований
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестера
 

Recently uploaded

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 

Recently uploaded (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 

Advanced Sql Injection ENG

  • 1. Advanced SQL Injection Dmitry Evteev ( Positive Technologies) Web Application Security Consortium (WASC) Contributor
  • 2.
  • 3. Introduction to Web Application Security
  • 4.
  • 5. Unsafe World of Web Applications: Statistics 2008
  • 6.
  • 7. Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329&print=Y … . SELECT * from news where id = 6329 … .
  • 8. Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329+union+select+id,pwd,0+from... … . SELECT * from news where id = 6329 union select id,pwd,0 from… … .
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42. What is WAF http:// server /?id=6329&print=Y At attack is detected ! Alarm !!! WAF Webserver http:// server /?id=5351 http:// server /?id=8234 http:// server /? id=“><script>... http:// server /?id=1+union+select... http:// server /? id=/../../../etc/passwd Data normalization Decode HTML entities (e.g. &#99;, &quot;, &#xAA;) Escaped characters (e.g. , 01, AA, AABB) Null byte string termination ... Signature search /(sel)(ect.+fr)(om)/is /(uni)(on.+sel)(ect)/is ...
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48. Practice of Bypassing WAF: SQL Injection - HPP Technology/Environment Parameter Interpretation Example ASP.NET/IIS Concatenation by comma par1=val1,val2 ASP/IIS Concatenation by comma par1=val1,val2 PHP/APACHE The last parameter is resulting par1=val2 PHP/Zeus The last parameter is resulting par1=val2 JSP, Servlet/Apache Tomcat The first parameter is resulting par1=val1 JSP,Servlet/Oracle Application Server 10g The first parameter is resulting par1=val1 JSP,Servlet/Jetty The first parameter is resulting par1=val1 IBM Lotus Domino The first parameter is resulting par1=val1 IBM HTTP Server The last parameter is resulting par1=val2 mod_perl,libapeq2/Apache The first parameter is resulting par1=val1 Perl CGI/Apache The first parameter is resulting par1=val1 mod_perl,lib???/Apache The first parameter is resulting par1=val1 mod_wsgi (Python)/Apache An array is returned ARRAY(0x8b9058c) Pythin/Zope The first parameter is resulting par1=val1 IceWarp An array is returned ['val1','val2'] AXIS 2400 The last parameter is resulting par1=val2 Linksys Wireless-G PTZ Internet Camera Concatenation by comma par1=val1,val2 Ricoh Aficio 1022 Printer The last parameter is resulting par1=val2 webcamXP Pro The first parameter is resulting par1=val1 DBMan Concatenation by two tildes par1=val1~~val2
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 57.
  • 58.
  • 59.
  • 60. Automatic detection of SQL Injection
  • 61.
  • 62. Thank you for your attention ! [email_address] http://devteev.blogspot.com/