Sql Injection Working Example


Published on

Hi, There are lots of material that a beginner can learn from but to actual try his hands he needs permission to perform sql Injection. In this presentation I am not going to explain about SQL Injection, I will let you try it on your own PC. You need to download this Presentation and there you will find everything including PHP files (sample Website to hack).

I would like to have any feedback or comment if there is any need for improvement.
You can contact me any time at the given ID in the last slide.

Thnx everyone.
plz enjoy.

#This is only for educational purpose.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Sql Injection Working Example

  2. 2. INDEX• Definition• Pre-Requisite• Instructions• Create Database• SQL Injection• Prevention
  3. 3. DEFINITION : WHAT IS SQL INJECTION• SQL injection is a technique used to take advantage of non validatedinput vulnerabilities to pass SQL commands through a Webapplication for execution by a backed Database
  4. 4. PRE-REQUISITE TO PERFORM SQL INJECTION1. Local Machine2. Web Server – IIS (6.2)With Fast CGI3. Application Server – (PHP server)4. Database Server – (MySQL)5. Web Browser (chrome/Mozila)6. Operating System (windows 7 or 8)
  5. 5. INSTRUCTIONS1. Install IIS web server from Add/Remove windows feature in control panel with Fast CGI2. Install MySQL Server http://dev.mysql.com/downloads3. Install PHP 5.4 or any http://windows.php.net/download/ (installer –NTS for IIS)4. Install and configure all5. After Installation open IIS and check whether the default web page is working or not: just typehttp://localhost/ and press enter6. Open MySQL Command line (mysql.exe)7. Create Database first (Given in Next Slide)8. Copy and Past all the files given here to your IIS root dir ( inetpubwwwroot )9. Open your Browser and open localhostAction.php10. Execute SQL Injection (Given in second next slide)
  6. 6. 1. Open mysql.exe and type the following which is in Red2. Create database Bank; >> show databases;  here you can see the one created now3. Use Bank;  this will set your bank database now we need to create table in this DB4. Create table custbal (CustID SMALLINT, CustNameVARCHAR(40),AddressVARCHAR(40), BalanceDouble, MobNoVARCHAR(40), PassVARCHAR(40) );5. Insert into custbal (CustID, CustName,Address,Balance,MobNo,Pass)Value(’1’,’Bill’,’washington’, ’5000’,’011’, MD5(’one’) ); You must create at least 4 Database of differentID & Name6. Select * from custbal; To see the whole table7. Now you are ready with the database so lets open the url Now login with following credentials (ID=1, password=one)9. If no error comes you can see the details of User BILL10. Now you are ready to go for SQL InjectionCREATE DATABASE
  7. 7. SQL INJECTION1. Enter the Input 1 or 1=1))# as given in the image .2. If every thing goes right you will be able to see all the users in the database.3. You have successfully bypass the password and penetrated to the database of customer on your own machine .Explanation  If you see the SQL query in result.php which is :$result = mysqli_query($con,"SELECT * FROM CustBal where ((CustID=$ID) AND (Pass=$PASS))"); After your Input it will be$result = mysqli_query($con,"SELECT * FROM CustBal where ((CustID= 1 or 1=1))# ) AND (Pass=$PASS))"); Where CustId= ‘1’ or ‘1=1’ will return true and # makes rest of the statement as a comment thus your query will worksame as:Select * from Custbal;Which will return you all the data in database;
  8. 8. PREVENTIONhttps://owasp.org/index.php/SQL_Injection_Prevention_Cheat_SheetPrimary defense:1. Use of Prepared Statements (Parameterized Queries) first define all the SQL code, and then pass in each parameter to the query later2. Use of Stored Procedures  Same as above but Uses Database itself3. Escaping all User Supplied Input  remove harmful user input e.g=‘ or # by redefining them e.g ‘ to ’’ or ”Additional Defense:1. Least Privilege2. White List InputValidationFor more detail go to :
  9. 9. THANK YOU©Raghavendra ArolePune, INDIAReach me atraghavendra.arole@live.com