SlideShare a Scribd company logo

Introduction to SQL Injections

Haim Michael
Haim Michael

I was using this presentation when delivering our meetup about SQL Injections. You can find the video of that event at https://youtu.be/akpe3vKFeoc More information about our professional services (including training and consulting) can be found at https://lifemichael.com

Technology
1 of 28
Download to read offline
SQL Injections Haim Michael May 2nd , 2023 All logos, trade marks and brand names used in this presentation belong to the respective owners. life michae l
© 2008 Haim Michael 20230307 What is SQL Injection?
© 2008 Haim Michael 20230307 What is SQL Injection?  SQL Injection takes place when the attacker succeeds injecting malicious SQL code into the executed SQL statements on the attacked server side.
© 2008 Haim Michael 20230307 Types of SQL Injections
© 2008 Haim Michael 20230307 Retrieving Hidden Data  This type of attack takes place when the hacker succeeds in modifying SQL statement in order to get additional hidden data.
© 2008 Haim Michael 20230307 Retrieving Hidden Data  When the table has the released column we can easily overcome that column and get all data including of those products that still weren't released. SELECT * FROM products WHERE category='food' AND released = 1 https://website.com/products?category=food'-- SELECT * FROM products WHERE category='food'--' AND released = 1
© 2008 Haim Michael 20230307 Retrieving Hidden Data  When the table has the rows of various categories we can easily bypass the category limitation and get the data of all products from all categories. SELECT * FROM products WHERE category='food' AND released = 1 https://website.com/products?category=food'+OR+1=1-- SELECT * FROM products WHERE category='food' OR 1=1--' AND released=1
© 2008 Haim Michael 20230307 Modifying Application Logic  This type of attack takes place when the hacker succeeds in modifying the application logic through the modification of SQL statements (e.g. When logging into application without credentials). Changing the username into admin'-- and avoid the password will result in SELECT * FROM users WHERE username='admin' AND password='ab$80' SELECT * FROM users WHERE username='admin'--' AND password=
© 2008 Haim Michael 20230307 Data from Other Tables  This type of attack takes place when the hacker succeeds getting data from other tables. Changing the category into ' UNION SELECT username, password from users-- will result in the following query: SELECT * FROM products WHERE category='food' SELECT * FROM products WHERE category='' UNION SELECT username, password from users--
© 2008 Haim Michael 20230307 Information about The Database  There are many SQL queries we can use for getting useful information about the database.  Web applications that return detailed error messages might reveal information about the database, and its tables. SELECT VERSION()
© 2008 Haim Michael 20230307 Blind SQL Injections  Blind SQL Injections take place when the HTTP responses do not contain the results of the relevant SQL query or the details of the database errors.
© 2008 Haim Michael 20230307 SQL Injections Detection
© 2008 Haim Michael 20230307 Detection Tools  Most of the SQL Injections vulnerabilities can be found using tools that perform automatic tests. sqlmap - https://sqlmap.org free open source invicti - https://invicti.com burp suite - https://portswigger.net/burp jsql injection - https://github.com/ron190/jsql-injection free open source app spider - https://www.rapid7.com/products/appspider acunetix - https://www.acunetix.com/vulnerability-scanner
© 2008 Haim Michael 20230307 Manual Detection  We can manually detect SQL Injections vulnerabilities by conducting systematic set of tests in every entry point of the application. Submitting single quote character ' and looking for errors or other anomalies. Submitting boolean conditions, such as OR 2=2 and OR 1=2 and looking for differences in the responses.
© 2008 Haim Michael 20230307 Vulnerable Websites to Practice  There are many vulnerable web applications you can install on your server in order to practice SQL Injections. Doing so will provide you with safe environment to practice your testing legally. Buggy Web Application (bWAPP) - http://itsecgames.com Damn Vulnerable Web Application (DVWA) - https://github.com/digininja/DVWA Google Gruyere (Gruyere) - https://google-gruyere.appspot.com/ Web Goat (WebGoat) - https://owasp.org/www-project-webgoat/ OWASP Mutillidae II (Multillidae) - https://github.com/webpwnized/mutillidae
© 2008 Haim Michael 20230307 Different Parts of The Query
© 2008 Haim Michael 20230307 SQL Injections in Different Parts  Most of the SQL Injections take place within the WHERE clause of a SELECT query.  The SQL Injections vulnerabilities can occur at any location within the query, and within different query types, such as the following ones: UPDATE statements - within the WHERE clause or the updated values. INSERT statements - within the inserted values SELECT statements - within the name of the table or the column SELECT statements - within the ORDER BY clause.
© 2008 Haim Michael 20230307 Different Contexts
© 2008 Haim Michael 20230307 Various Different Contexts  We can perform the SQL Injection attack using any controllable input that is processed as a SQL query by the application. Query String Web FORM Uploaded File Web Service Response
© 2008 Haim Michael 20230307 Various Different Contexts  The various different formats might provide us with various possibilities to obfuscate the attack. SELECT * FROM users
© 2008 Haim Michael 20230307 Second Order SQL Injection
© 2008 Haim Michael 20230307 First & Second Order SQL Injections  When a first order SQL Injection takes place, the application takes the input from a HTTP request, and incorporate that input into a SQL query in an unsafe way.  When a second order SQL Injection takes place, the application takes the input from a HTTP request, and stores it for a future use. At this point nothing harm happens. Later, when handling another request, the application retrieves the stored data and incorporates it into a query.
© 2008 Haim Michael 20230307 Database Specific Vulnerabilities
© 2008 Haim Michael 20230307 SQL has Variations  There are many differences between the common databases. SQL has different dialects. Every database and its dialect. As a result of that, each and every database might have its own specific SQL Injections techniques.
© 2008 Haim Michael 20230307 How to Prevent SQL Injection
© 2008 Haim Michael 20230307 Prepared Statement  Most of the SQL Injections vulnerabilities can be prevented by using parameterized queries (prepared statement). PreparedStatement statement = connection.prepareStatement( “SELECT * FROM products WHERE category ?“); ResultSet set = statement.executeQuery();  Make sure that the string the prepared statement query use is hard coded. Make sure to avoid the use of variables that hold those strings. That can lead to the use of malicious code.
© 2008 Haim Michael 20230307 White Listing  Creating a white list of permitted input will successfully complement the use of prepared statement.
© 2008 Haim Michael 20230307 Questions & Answers Thanks for Your Time! Haim Michael haim.michael@lifemichael.com +972+3+3726013 ext:700 life michae l

Recommended

Sql security
Sql securitySql security
Sql securitySafwan Hashmi
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptCNSHacking
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptLokeshK66
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 
Web application security
Web application securityWeb application security
Web application securitywww.netgains.org
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacksijsrd.com
 
Sql Injection
Sql InjectionSql Injection
Sql InjectionLakshika Rasanjali
 
Sql injection
Sql injectionSql injection
Sql injectionAshok Kumar
 

Recommended

Sql security
Sql securitySql security
Sql securitySafwan Hashmi
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptCNSHacking
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptLokeshK66
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 
Web application security
Web application securityWeb application security
Web application securitywww.netgains.org
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacksijsrd.com
 
Sql Injection
Sql InjectionSql Injection
Sql InjectionLakshika Rasanjali
 
Sql injection
Sql injectionSql injection
Sql injectionAshok Kumar
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
SQL Injection - Newsletter
SQL Injection - NewsletterSQL Injection - Newsletter
SQL Injection - NewsletterSmitha Padmanabhan
 
Greensql2007
Greensql2007Greensql2007
Greensql2007Kaustav Sengupta
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Database security issues
Database security issuesDatabase security issues
Database security issuesn|u - The Open Security Community
 
E017131924
E017131924E017131924
E017131924IOSR Journals
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET Journal
 
Sql Injection
Sql InjectionSql Injection
Sql InjectionTayyip Gören
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention Rejaul Islam Royel
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackIJRESJOURNAL
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Sql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsSql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsKlaudiia Jacome
 
Security vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataSecurity vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataTELKOMNIKA JOURNAL
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET Journal
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Securityijsrd.com
 
Op2423922398
Op2423922398Op2423922398
Op2423922398IJERA Editor
 
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George WaltersOrganizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George WaltersGeorge Walters
 
Anti Patterns
Anti PatternsAnti Patterns
Anti PatternsHaim Michael
 
Virtual Threads in Java
Virtual Threads in JavaVirtual Threads in Java
Virtual Threads in JavaHaim Michael
 

More Related Content

Similar to Introduction to SQL Injections

Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET Journal
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention Rejaul Islam Royel
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackIJRESJOURNAL
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
Sql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsSql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsKlaudiia Jacome
 
Security vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataSecurity vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataTELKOMNIKA JOURNAL
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET Journal
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Securityijsrd.com
 
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George WaltersOrganizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George WaltersGeorge Walters
 

Similar to Introduction to SQL Injections (20)

Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
 
SQL Injection - Newsletter
SQL Injection - NewsletterSQL Injection - Newsletter
SQL Injection - Newsletter
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
E017131924
E017131924E017131924
E017131924
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection Attack
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
Sql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor adminsSql server 2008 r2 security overviewfor admins
Sql server 2008 r2 security overviewfor admins
 
Security vulnerabilities related to web-based data
Security vulnerabilities related to web-based dataSecurity vulnerabilities related to web-based data
Security vulnerabilities related to web-based data
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReport
 
GreenSQL Security
GreenSQL Security GreenSQL Security
GreenSQL Security
 
Op2423922398
Op2423922398Op2423922398
Op2423922398
 
Organizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George WaltersOrganizational compliance and security SQL 2012-2019 by George Walters
Organizational compliance and security SQL 2012-2019 by George Walters
 

More from Haim Michael

Virtual Threads in Java
Virtual Threads in JavaVirtual Threads in Java
Virtual Threads in JavaHaim Michael
 
MongoDB Design Patterns
MongoDB Design PatternsMongoDB Design Patterns
MongoDB Design PatternsHaim Michael
 
Record Classes in Java
Record Classes in JavaRecord Classes in Java
Record Classes in JavaHaim Michael
 
Microservices Design Patterns
Microservices Design PatternsMicroservices Design Patterns
Microservices Design PatternsHaim Michael
 
Structural Pattern Matching in Python
Structural Pattern Matching in PythonStructural Pattern Matching in Python
Structural Pattern Matching in PythonHaim Michael
 
Unit Testing in Python
Unit Testing in PythonUnit Testing in Python
Unit Testing in PythonHaim Michael
 
OOP Best Practices in JavaScript
OOP Best Practices in JavaScriptOOP Best Practices in JavaScript
OOP Best Practices in JavaScriptHaim Michael
 
JavaScript Jump Start 20220214
JavaScript Jump Start 20220214JavaScript Jump Start 20220214
JavaScript Jump Start 20220214Haim Michael
 
Bootstrap Jump Start
Bootstrap Jump StartBootstrap Jump Start
Bootstrap Jump StartHaim Michael
 
What is new in PHP
What is new in PHPWhat is new in PHP
What is new in PHPHaim Michael
 
What is new in Python 3.9
What is new in Python 3.9What is new in Python 3.9
What is new in Python 3.9Haim Michael
 
Programming in Python on Steroid
Programming in Python on SteroidProgramming in Python on Steroid
Programming in Python on SteroidHaim Michael
 
The matplotlib Library
The matplotlib LibraryThe matplotlib Library
The matplotlib LibraryHaim Michael
 
Pandas meetup 20200908
Pandas meetup 20200908Pandas meetup 20200908
Pandas meetup 20200908Haim Michael
 
The num py_library_20200818
The num py_library_20200818The num py_library_20200818
The num py_library_20200818Haim Michael
 
Jupyter notebook 20200728
Jupyter notebook 20200728Jupyter notebook 20200728
Jupyter notebook 20200728Haim Michael
 
Node.js Crash Course (Jump Start)
Node.js Crash Course (Jump Start) Node.js Crash Course (Jump Start)
Node.js Crash Course (Jump Start) Haim Michael
 
The Power of Decorators in Python [Meetup]
The Power of Decorators in Python [Meetup]The Power of Decorators in Python [Meetup]
The Power of Decorators in Python [Meetup]Haim Michael
 

More from Haim Michael (20)

Anti Patterns
Anti PatternsAnti Patterns
Anti Patterns
 
Virtual Threads in Java
Virtual Threads in JavaVirtual Threads in Java
Virtual Threads in Java
 
MongoDB Design Patterns
MongoDB Design PatternsMongoDB Design Patterns
MongoDB Design Patterns
 
Record Classes in Java
Record Classes in JavaRecord Classes in Java
Record Classes in Java
 
Microservices Design Patterns
Microservices Design PatternsMicroservices Design Patterns
Microservices Design Patterns
 
Structural Pattern Matching in Python
Structural Pattern Matching in PythonStructural Pattern Matching in Python
Structural Pattern Matching in Python
 
Unit Testing in Python
Unit Testing in PythonUnit Testing in Python
Unit Testing in Python
 
OOP Best Practices in JavaScript
OOP Best Practices in JavaScriptOOP Best Practices in JavaScript
OOP Best Practices in JavaScript
 
Java Jump Start
Java Jump StartJava Jump Start
Java Jump Start
 
JavaScript Jump Start 20220214
JavaScript Jump Start 20220214JavaScript Jump Start 20220214
JavaScript Jump Start 20220214
 
Bootstrap Jump Start
Bootstrap Jump StartBootstrap Jump Start
Bootstrap Jump Start
 
What is new in PHP
What is new in PHPWhat is new in PHP
What is new in PHP
 
What is new in Python 3.9
What is new in Python 3.9What is new in Python 3.9
What is new in Python 3.9
 
Programming in Python on Steroid
Programming in Python on SteroidProgramming in Python on Steroid
Programming in Python on Steroid
 
The matplotlib Library
The matplotlib LibraryThe matplotlib Library
The matplotlib Library
 
Pandas meetup 20200908
Pandas meetup 20200908Pandas meetup 20200908
Pandas meetup 20200908
 
The num py_library_20200818
The num py_library_20200818The num py_library_20200818
The num py_library_20200818
 
Jupyter notebook 20200728
Jupyter notebook 20200728Jupyter notebook 20200728
Jupyter notebook 20200728
 
Node.js Crash Course (Jump Start)
Node.js Crash Course (Jump Start) Node.js Crash Course (Jump Start)
Node.js Crash Course (Jump Start)
 
The Power of Decorators in Python [Meetup]
The Power of Decorators in Python [Meetup]The Power of Decorators in Python [Meetup]
The Power of Decorators in Python [Meetup]
 

Recently uploaded

Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingWSO2
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....rightmanforbloodline
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxMarkSteadman7
 

Recently uploaded (20)

Quantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation ComputingQuantum Leap in Next-Generation Computing
Quantum Leap in Next-Generation Computing
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
TEST BANK For Principles of Anatomy and Physiology, 16th Edition by Gerard J....
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 

Introduction to SQL Injections

  • 1. SQL Injections Haim Michael May 2nd , 2023 All logos, trade marks and brand names used in this presentation belong to the respective owners. life michae l
  • 2. © 2008 Haim Michael 20230307 What is SQL Injection?
  • 3. © 2008 Haim Michael 20230307 What is SQL Injection?  SQL Injection takes place when the attacker succeeds injecting malicious SQL code into the executed SQL statements on the attacked server side.
  • 4. © 2008 Haim Michael 20230307 Types of SQL Injections
  • 5. © 2008 Haim Michael 20230307 Retrieving Hidden Data  This type of attack takes place when the hacker succeeds in modifying SQL statement in order to get additional hidden data.
  • 6. © 2008 Haim Michael 20230307 Retrieving Hidden Data  When the table has the released column we can easily overcome that column and get all data including of those products that still weren't released. SELECT * FROM products WHERE category='food' AND released = 1 https://website.com/products?category=food'-- SELECT * FROM products WHERE category='food'--' AND released = 1
  • 7. © 2008 Haim Michael 20230307 Retrieving Hidden Data  When the table has the rows of various categories we can easily bypass the category limitation and get the data of all products from all categories. SELECT * FROM products WHERE category='food' AND released = 1 https://website.com/products?category=food'+OR+1=1-- SELECT * FROM products WHERE category='food' OR 1=1--' AND released=1
  • 8. © 2008 Haim Michael 20230307 Modifying Application Logic  This type of attack takes place when the hacker succeeds in modifying the application logic through the modification of SQL statements (e.g. When logging into application without credentials). Changing the username into admin'-- and avoid the password will result in SELECT * FROM users WHERE username='admin' AND password='ab$80' SELECT * FROM users WHERE username='admin'--' AND password=
  • 9. © 2008 Haim Michael 20230307 Data from Other Tables  This type of attack takes place when the hacker succeeds getting data from other tables. Changing the category into ' UNION SELECT username, password from users-- will result in the following query: SELECT * FROM products WHERE category='food' SELECT * FROM products WHERE category='' UNION SELECT username, password from users--
  • 10. © 2008 Haim Michael 20230307 Information about The Database  There are many SQL queries we can use for getting useful information about the database.  Web applications that return detailed error messages might reveal information about the database, and its tables. SELECT VERSION()
  • 11. © 2008 Haim Michael 20230307 Blind SQL Injections  Blind SQL Injections take place when the HTTP responses do not contain the results of the relevant SQL query or the details of the database errors.
  • 12. © 2008 Haim Michael 20230307 SQL Injections Detection
  • 13. © 2008 Haim Michael 20230307 Detection Tools  Most of the SQL Injections vulnerabilities can be found using tools that perform automatic tests. sqlmap - https://sqlmap.org free open source invicti - https://invicti.com burp suite - https://portswigger.net/burp jsql injection - https://github.com/ron190/jsql-injection free open source app spider - https://www.rapid7.com/products/appspider acunetix - https://www.acunetix.com/vulnerability-scanner
  • 14. © 2008 Haim Michael 20230307 Manual Detection  We can manually detect SQL Injections vulnerabilities by conducting systematic set of tests in every entry point of the application. Submitting single quote character ' and looking for errors or other anomalies. Submitting boolean conditions, such as OR 2=2 and OR 1=2 and looking for differences in the responses.
  • 15. © 2008 Haim Michael 20230307 Vulnerable Websites to Practice  There are many vulnerable web applications you can install on your server in order to practice SQL Injections. Doing so will provide you with safe environment to practice your testing legally. Buggy Web Application (bWAPP) - http://itsecgames.com Damn Vulnerable Web Application (DVWA) - https://github.com/digininja/DVWA Google Gruyere (Gruyere) - https://google-gruyere.appspot.com/ Web Goat (WebGoat) - https://owasp.org/www-project-webgoat/ OWASP Mutillidae II (Multillidae) - https://github.com/webpwnized/mutillidae
  • 16. © 2008 Haim Michael 20230307 Different Parts of The Query
  • 17. © 2008 Haim Michael 20230307 SQL Injections in Different Parts  Most of the SQL Injections take place within the WHERE clause of a SELECT query.  The SQL Injections vulnerabilities can occur at any location within the query, and within different query types, such as the following ones: UPDATE statements - within the WHERE clause or the updated values. INSERT statements - within the inserted values SELECT statements - within the name of the table or the column SELECT statements - within the ORDER BY clause.
  • 18. © 2008 Haim Michael 20230307 Different Contexts
  • 19. © 2008 Haim Michael 20230307 Various Different Contexts  We can perform the SQL Injection attack using any controllable input that is processed as a SQL query by the application. Query String Web FORM Uploaded File Web Service Response
  • 20. © 2008 Haim Michael 20230307 Various Different Contexts  The various different formats might provide us with various possibilities to obfuscate the attack. SELECT * FROM users
  • 21. © 2008 Haim Michael 20230307 Second Order SQL Injection
  • 22. © 2008 Haim Michael 20230307 First & Second Order SQL Injections  When a first order SQL Injection takes place, the application takes the input from a HTTP request, and incorporate that input into a SQL query in an unsafe way.  When a second order SQL Injection takes place, the application takes the input from a HTTP request, and stores it for a future use. At this point nothing harm happens. Later, when handling another request, the application retrieves the stored data and incorporates it into a query.
  • 23. © 2008 Haim Michael 20230307 Database Specific Vulnerabilities
  • 24. © 2008 Haim Michael 20230307 SQL has Variations  There are many differences between the common databases. SQL has different dialects. Every database and its dialect. As a result of that, each and every database might have its own specific SQL Injections techniques.
  • 25. © 2008 Haim Michael 20230307 How to Prevent SQL Injection
  • 26. © 2008 Haim Michael 20230307 Prepared Statement  Most of the SQL Injections vulnerabilities can be prevented by using parameterized queries (prepared statement). PreparedStatement statement = connection.prepareStatement( “SELECT * FROM products WHERE category ?“); ResultSet set = statement.executeQuery();  Make sure that the string the prepared statement query use is hard coded. Make sure to avoid the use of variables that hold those strings. That can lead to the use of malicious code.
  • 27. © 2008 Haim Michael 20230307 White Listing  Creating a white list of permitted input will successfully complement the use of prepared statement.
  • 28. © 2008 Haim Michael 20230307 Questions & Answers Thanks for Your Time! Haim Michael haim.michael@lifemichael.com +972+3+3726013 ext:700 life michae l