SlideShare a Scribd company logo

Sql injection

Nuruzzaman Milon
Nuruzzaman Milon
Nuruzzaman MilonSenior Full-Stack Software Engineer at Flixbus

Sql injection

1 of 31
Download to read offline
Sql injection
 SQL Injection
› Blind SQL Injection
 Vulnerable Code
 Exploit
› Classic Login Page Vulnerability
› Error Based Injection(SQL Server)
› Union Based Injection
› Injection SQL Command
› Running CMD Command
› Blind Injection Attack
 How to Prevent
› Parameterized Query
› Use of Stored Procedure
› Escaping All User Supplied Input
› Additional Defenses(Configuration)
 Latest Privilege
 Isolate the Web Server
 Turning off Error Reporting
 PHP Configuration
 A SQL injection attack consists of insertion
or "injection" of a SQL query via the input
data from the client to the application.
 A successful SQL injection exploit can
read sensitive data from the
database, modify database data (Insert/
Update/ Delete), execute administration
operations on the database (such as
shutdown the DBMS).
 SQL Injection recover the content of a given
file present on the DBMS file system and in
some cases issue commands to the operating
system.
 SQL injection is a code injection
technique that exploits a security
vulnerability occurring in the database
layer of an application.
 SQL injection is one of the oldest attacks
against web applications.
 Blind SQL injection is identical to normal SQL
Injection except that when an attacker
attempts to exploit an application rather then
getting a useful error message they get a
generic page specified by the developer
instead.
 This makes exploiting a potential SQL
Injection attack more difficult but not
impossible.
 An attacker can still steal data by asking a series
of True and False questions through SQL
statements.
Ad

Recommended

Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 

More Related Content

What's hot

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 

What's hot (20)

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Web application security
Web application securityWeb application security
Web application security
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Sql injection
Sql injectionSql injection
Sql injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection  How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
Injection flaws
Injection flawsInjection flaws
Injection flaws
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 

Viewers also liked

Road -map of Teledermatology for doctor-patient-citizen relationship
Road -map  of Teledermatology for doctor-patient-citizen relationshipRoad -map  of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationshipNuruzzaman Milon
 
টেলিমেডিসিন কি
টেলিমেডিসিন কিটেলিমেডিসিন কি
টেলিমেডিসিন কিNuruzzaman Milon
 
Energy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart DevicesEnergy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart DevicesNuruzzaman Milon
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Bernardo Damele A. G.
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Artificial intelligence- Logic Agents
Artificial intelligence- Logic AgentsArtificial intelligence- Logic Agents
Artificial intelligence- Logic AgentsNuruzzaman Milon
 

Viewers also liked (8)

Road -map of Teledermatology for doctor-patient-citizen relationship
Road -map  of Teledermatology for doctor-patient-citizen relationshipRoad -map  of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationship
 
টেলিমেডিসিন কি
টেলিমেডিসিন কিটেলিমেডিসিন কি
টেলিমেডিসিন কি
 
Paypal
PaypalPaypal
Paypal
 
Energy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart DevicesEnergy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart Devices
 
টাইমস(Times)
টাইমস(Times)টাইমস(Times)
টাইমস(Times)
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
Artificial intelligence- Logic Agents
Artificial intelligence- Logic AgentsArtificial intelligence- Logic Agents
Artificial intelligence- Logic Agents
 

Similar to Sql injection

SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmIOSR Journals
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17Eoin Keary
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 

Similar to Sql injection (20)

Web application security
Web application securityWeb application security
Web application security
 
ieee
ieeeieee
ieee
 
E017131924
E017131924E017131924
E017131924
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Sql injection
Sql injectionSql injection
Sql injection
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql
SqlSql
Sql
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL Injection in JAVA
SQL Injection in JAVASQL Injection in JAVA
SQL Injection in JAVA
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
 

Recently uploaded

Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education pptsafnarafeek2002
 
Q1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIQ1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIMemory Fabric Forum
 
Azure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsAzure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsChristine Shepherd
 
Heltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfHeltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfMarielaL5
 
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfZ-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfDomotica daVinci
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologySafe Software
 
From eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the ManufacturingFrom eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the ManufacturingSoracom Global, Inc.
 
Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxMaarten Balliauw
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manualDomotica daVinci
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____Aathiraju
 
Navigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio LeadersNavigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio LeadersOnePlan Solutions
 
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFEDNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFEandreiandasan
 
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMINGAUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMINGLiveplex
 
Journey of Television in World & in India
Journey of Television in World & in IndiaJourney of Television in World & in India
Journey of Television in World & in IndiaAdarshAgarwal66
 
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-CManual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-CDomotica daVinci
 
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxKyle Willson
 
Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.Mateusz Kwasniewski
 
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfOTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfPaige Cruz
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxBrandon Minnick, MBA
 

Recently uploaded (20)

Importance of magazines in education ppt
Importance of magazines in education pptImportance of magazines in education ppt
Importance of magazines in education ppt
 
Q1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AIQ1 Memory Fabric Forum: XConn CXL Switches for AI
Q1 Memory Fabric Forum: XConn CXL Switches for AI
 
Azure Migration Guide for IT Professionals
Azure Migration Guide for IT ProfessionalsAzure Migration Guide for IT Professionals
Azure Migration Guide for IT Professionals
 
Heltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdfHeltun_HE-RS01_User_Manual_B9AH.pdf
Heltun_HE-RS01_User_Manual_B9AH.pdf
 
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdfZ-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
Z-Wave Fan coil Thermostat Heltun_HE-HT01_User_Manual.pdf
 
Breaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI TechnologyBreaking Barriers & Leveraging the Latest Developments in AI Technology
Breaking Barriers & Leveraging the Latest Developments in AI Technology
 
5 Tech Trend to Notice in ESG Landscape- 47Billion
5 Tech Trend to Notice in ESG Landscape- 47Billion5 Tech Trend to Notice in ESG Landscape- 47Billion
5 Tech Trend to Notice in ESG Landscape- 47Billion
 
From eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the ManufacturingFrom eSIMs to iSIMs: It’s Inside the Manufacturing
From eSIMs to iSIMs: It’s Inside the Manufacturing
 
Bringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptxBringing nullability into existing code - dammit is not the answer.pptx
Bringing nullability into existing code - dammit is not the answer.pptx
 
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
Zi-Stick UBS Dongle ZIgbee from  Aeotec manualZi-Stick UBS Dongle ZIgbee from  Aeotec manual
Zi-Stick UBS Dongle ZIgbee from Aeotec manual
 
M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____M.Aathiraju Self Intro.docx-AD21001_____
M.Aathiraju Self Intro.docx-AD21001_____
 
Navigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio LeadersNavigating the Never Normal Strategies for Portfolio Leaders
Navigating the Never Normal Strategies for Portfolio Leaders
 
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFEDNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
DNA LIGASE BIOTECHNOLOGY BIOLOGY STUDY OF LIFE
 
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMINGAUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
AUGMENTED REALITY (AR) IN DAILY LIFE: EXPANDING BEYOND GAMING
 
Journey of Television in World & in India
Journey of Television in World & in IndiaJourney of Television in World & in India
Journey of Television in World & in India
 
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-CManual  sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
Manual sensor Zigbee 3.0 MOES ZSS-X-PIRL-C
 
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptxEvolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
Evolution of Chatbots: From Custom AI Chatbots and AI Chatbots for Websites.pptx
 
Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.Put a flag on it. A busy developer's guide to feature toggles.
Put a flag on it. A busy developer's guide to feature toggles.
 
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdfOTel Orientation_ How to Train Teams (OTel in Practice).pdf
OTel Orientation_ How to Train Teams (OTel in Practice).pdf
 
Introduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptxIntroduction to Serverless with AWS Lambda in C#.pptx
Introduction to Serverless with AWS Lambda in C#.pptx
 

Sql injection

  • 2.  SQL Injection › Blind SQL Injection  Vulnerable Code  Exploit › Classic Login Page Vulnerability › Error Based Injection(SQL Server) › Union Based Injection › Injection SQL Command › Running CMD Command › Blind Injection Attack
  • 3.  How to Prevent › Parameterized Query › Use of Stored Procedure › Escaping All User Supplied Input › Additional Defenses(Configuration)  Latest Privilege  Isolate the Web Server  Turning off Error Reporting  PHP Configuration
  • 4.  A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.  A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/ Update/ Delete), execute administration operations on the database (such as shutdown the DBMS).
  • 5.  SQL Injection recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.  SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.  SQL injection is one of the oldest attacks against web applications.
  • 6.  Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead.  This makes exploiting a potential SQL Injection attack more difficult but not impossible.  An attacker can still steal data by asking a series of True and False questions through SQL statements.
  • 7.  SQL Injection happens when a developer accepts user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.  This can allow an attacker to not only steal data from your database, but also modify and delete it.  Attackers commonly insert single quotes into a URL's query string, or into a forms input field to test for SQL Injection.  Every code that uses user inputs to generate SQL queries without sanitization is vulnerable to SQL injections.
  • 9.  SQL Injection is very common with PHP and ASP applications due to the prevalence of older functional interfaces.  Due to the nature of programmatic interfaces available, Java EE and ASP.NET applications are less likely to have easily exploited SQL injections.  SQL injection bugs is very various so it is very difficult to identify the actual procedure of preventing SQL injection.
  • 10.  The attacker attempts to elicit exception conditions and anomalous behavior from the Web application by manipulating the identified inputs. › Special Characters › White Space › SQL Keywords › Oversized request
  • 11.  Any unexpected reaction from the Web application is noted and investigated by the attackers. › Scripting Error Message  possibly with snippets of code › Server Errors  Error 500/ Error 513 › Half Loader Page › Timed out Server Request
  • 12.  Attackers often try following inputs to determine if web application has sql injection bug or not. › ' › or 1=1 › or 1=1— › " or 1=1— › or 1=1--' › or 'a'='a › " or "a"="a › ') or ('a'='a
  • 13.  Here is a login SQL query- › var sql = "select * from users where username = '" + username + "' and password = '" + password + "'";  In a normal login when user inputs are followings: › Username: John › Password: 1234  The query string is: › select * from users where username = 'John' and password = '1234'
  • 14.  But if user manipulates input like the followings: › Username: John › Password: i_dont_know' or 'x'='x  Then the query becomes: › select * from users where username = 'John' and password = 'i_dont_know' or 'x'='x‘  So 'where clause' is true for every row of table and user can login without knowing password!
  • 15.  If the user specifies the following: › Username: '; drop table users--  The 'users' table will be deleted, denying access to the application for all users. › The '--' character sequence is the 'single line comment' sequence in Transact-SQL. › The ';' character denotes the end of one query and the beginning of another. › The '--' at the end of the username field is required in order for this particular query to terminate without error.
  • 16.  The attacker could log on as any user, given that they know the users name, using the following input: › Username: admin‘--  The attacker could log in as the first user in the 'users' table, with the following input: › Username: ' or 1=1--  the attacker can log in as an entirely fictional user with the following input: › Username: ' union select 1, 'fictional_user', 'some_password', 1 --
  • 17.  This is the most common attack on Microsoft SQL Server.  This kind of attack is based on 'error message' received from server.  Error messages that are returned from the application, the attackers can determine the determine the entire structure of the database or can get any value that can be read only by a user of that application.
  • 18.  The UNION operator is used to combine the result-set of two or more SELECT statements.  In this kind of injection attacker tries to inject a union operator to the query to change the result to read information.  Union based attacks look like this: › Username: junk' union select 1,2,3,4,... --  Notice that each SELECT statement within the UNION must have the same number of columns.
  • 19.  Attacker can inject sql commands if the data base supports stacked queries.  In most of data bases it is possible to executing more than one query in one transaction by using semicolon ( ;).  Following example show how to create a table named foo which has a single column line by injecting stacked query: › Username: ' create table foo (line varchar(1000))--
  • 20.  This can only work on Microsoft SQL Server.  Attacker can use stored procedures to do things like executing commands.  xp_cmdshell is a built-in extended stored procedure that allows the execution of arbitrary command lines. For example: › Username: '; exec master..xp_cmdshell 'dir‘--
  • 21.  Some of MS-SQL Extended stored procedures are listed below: › xp_cmdshell - execute shell commands › xp_enumgroups - enumerate NT user groups › xp_logininfo - current login info › xp_grantlogin - grant login rights › xp_getnetname - returns WINS server name › xp_regdeletekey - registry manipulation › xp_msver - SQL server version info
  • 22.  An attacker may verify whether a sent request returned True or False in a few ways: › (in)visible content: Having a simple page, which displays article with given ID as the parameter, the attacker may perform a couple of simple tests if a page is vulnerable to SQL Injection attack. › Example URL:  http://newspaper.com/items.php?id=2 › Sends the following query to the database:  SELECT title, description, body FROM items WHERE ID = 2
  • 23. › Timing Attack: A Timing Attack depends upon injecting the following MySQL query:  SELECT IF(expression, true, false) › Using some time-taking operation e.g. BENCHMARK(), will delay server responses if the expression is True.  BENCHMARK(5000000,ENCODE('MSG','by 5 seconds')) › This will execute 5000000 times the ENCODE function.
  • 24.  Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later.  This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.  Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
  • 25.  Language specific recommendations: › Java EE – use PreparedStatement() with bind variables › .NET – use parameterized queries like SqlCommand() or OleDbCommand() with bind variables › PHP – use PDO with strongly typed parameterized queries (using bindParam()) › Hibernate - use createQuery() with bind variables (called named parameters in Hibernate)
  • 27.  Stored procedures have the same effect as the use of prepared statements when implemented safely.  They require the developer to define the SQL code first, and then pass in the parameters after.  The difference between prepared statements and stored procedures is that the SQL code for a stored procedure is defined and stored in the database itself, and then called from the application.
  • 28.  This is a technique to escape user input before putting it in a query.  This is a very useful method because this can be applied with almost no effect on the structure of the code.  This actually removes some special characters from the input data that are highly vulnerable to the DBMS such as- * , ` ( ) - -- ;
  • 29.  Least Privilege › Web applications should not use one connection for all transactions to the database. Because if a SQL Injection bug has been exploited, it can grant most access to the attacker.  Isolate the Webserver › Design the network infrastructure to assume that attackers will have full administrator access to the machine, and then attempt to limit how that can be leveraged to compromise other things.
  • 30.  Turning off error reporting › The default error reporting for some frameworks includes developer debugging information, and this cannot be shown to outside users.  PHP Configuration › PHP Configuration has a direct bearing on the severity of attacks. › many “security” options in PHP are set incorrectly by default and give a false sense of security.