SlideShare a Scribd company logo

Acme Sql Inject

Download as PPT, PDF
G
gbud7

A critical security report details an SQL injection vulnerability found in the testing website of ACME Retail. The vulnerability could allow malicious users to gather information from databases, modify tables, run system commands, and upload files by tricking the web server through standard query language injection over HTTP. The report recommends immediate validation checks on login scripts and removing error codes as well as long term steps like developing SQL hardening standards to remedy the issue and protect the network from further risks.

1 of 12
Critical Security Report For ACME Retail Testing Website SQL Injection Vulnerability A Brief Demonstration
[object Object],[object Object]
 
Testuser **************
Your Time is running out! Time Remaining 12:37:59 Click here to pay
Could this really happen? YES !!
Then How? Standard Query Language (SQL) Injection
What is SQL Injection? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How does it work? t1.acme.com Data Base Server Firewall Network Security Controls SQL injection over HTTP Database returns Account Passwords
Real example: password capture
Proliferation: The whole network is at risk sql.acme..com t1.acme..com Upload files Scanning, password cracking Unauthorized web content
Remediation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

20090127 Esmeloadtest Summary
20090127 Esmeloadtest Summary20090127 Esmeloadtest Summary
20090127 Esmeloadtest SummaryDick Hirsch
 
Denali Sql Server Security
Denali Sql Server SecurityDenali Sql Server Security
Denali Sql Server SecurityGabriel Villa
 
Sql injection exploit
Sql injection exploitSql injection exploit
Sql injection exploitVarun_duggal457
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09shlominar
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualizationsecurityxploded
 
Final presentation
Final presentationFinal presentation
Final presentationBrandon Barclay
 
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEthical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEric Vanderburg
 
Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...
Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...
Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...Edureka!
 

Recommended

20090127 Esmeloadtest Summary
20090127 Esmeloadtest Summary20090127 Esmeloadtest Summary
20090127 Esmeloadtest SummaryDick Hirsch
 
Denali Sql Server Security
Denali Sql Server SecurityDenali Sql Server Security
Denali Sql Server SecurityGabriel Villa
 
Sql injection exploit
Sql injection exploitSql injection exploit
Sql injection exploitVarun_duggal457
 
IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09IIS Critical Vulnerability 23/12/09
IIS Critical Vulnerability 23/12/09shlominar
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualizationsecurityxploded
 
Final presentation
Final presentationFinal presentation
Final presentationBrandon Barclay
 
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEthical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEric Vanderburg
 
Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...
Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...
Selenium Framework using Java | Selenium Tutorial | Selenium Training Online ...Edureka!
 
Selenium
SeleniumSelenium
SeleniumAnjali Rao
 
The history of selenium
The history of seleniumThe history of selenium
The history of seleniumArun Motoori
 
Selenium
SeleniumSelenium
SeleniumMayuresh Wadekar
 
Copy of final webmailing
Copy of final webmailingCopy of final webmailing
Copy of final webmailingKumar
 
Claromentis and Zend Server Explained
Claromentis and Zend Server ExplainedClaromentis and Zend Server Explained
Claromentis and Zend Server Explainedclaromentis
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Frameworkn|u - The Open Security Community
 
ZENworks Application Virtualization for NGN Dummies
ZENworks Application Virtualization for NGN DummiesZENworks Application Virtualization for NGN Dummies
ZENworks Application Virtualization for NGN DummiesRoel van Bueren
 
SynapseIndia dotnet website security development
SynapseIndia dotnet website security developmentSynapseIndia dotnet website security development
SynapseIndia dotnet website security developmentSynapseindiappsdevelopment
 
Spam Soap Products
Spam Soap ProductsSpam Soap Products
Spam Soap ProductsKevin Krusiewicz
 
Testing world selenium_start_chapter1 (1)
Testing world selenium_start_chapter1 (1)Testing world selenium_start_chapter1 (1)
Testing world selenium_start_chapter1 (1)Testing World
 
Watir
WatirWatir
WatirSai Venkat
 
SQL Injection and DoS
SQL Injection and DoSSQL Injection and DoS
SQL Injection and DoSEmil Tan
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure ApplicationsMindfire Solutions
 
Web Security
Web SecurityWeb Security
Web SecurityChatree Kunjai
 
Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacksamiable_indian
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
Testing web applications
Testing web applicationsTesting web applications
Testing web applicationsmsksaba
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...Quek Lilian
 
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank KimJava EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kimjaxconf
 

More Related Content

What's hot

The history of selenium
The history of seleniumThe history of selenium
The history of seleniumArun Motoori
 
Copy of final webmailing
Copy of final webmailingCopy of final webmailing
Copy of final webmailingKumar
 
Claromentis and Zend Server Explained
Claromentis and Zend Server ExplainedClaromentis and Zend Server Explained
Claromentis and Zend Server Explainedclaromentis
 
ZENworks Application Virtualization for NGN Dummies
ZENworks Application Virtualization for NGN DummiesZENworks Application Virtualization for NGN Dummies
ZENworks Application Virtualization for NGN DummiesRoel van Bueren
 
SynapseIndia dotnet website security development
SynapseIndia dotnet website security developmentSynapseIndia dotnet website security development
SynapseIndia dotnet website security developmentSynapseindiappsdevelopment
 
Testing world selenium_start_chapter1 (1)
Testing world selenium_start_chapter1 (1)Testing world selenium_start_chapter1 (1)
Testing world selenium_start_chapter1 (1)Testing World
 
SQL Injection and DoS
SQL Injection and DoSSQL Injection and DoS
SQL Injection and DoSEmil Tan
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure ApplicationsMindfire Solutions
 

What's hot (14)

Selenium
SeleniumSelenium
Selenium
 
The history of selenium
The history of seleniumThe history of selenium
The history of selenium
 
Selenium
SeleniumSelenium
Selenium
 
Copy of final webmailing
Copy of final webmailingCopy of final webmailing
Copy of final webmailing
 
Claromentis and Zend Server Explained
Claromentis and Zend Server ExplainedClaromentis and Zend Server Explained
Claromentis and Zend Server Explained
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
 
ZENworks Application Virtualization for NGN Dummies
ZENworks Application Virtualization for NGN DummiesZENworks Application Virtualization for NGN Dummies
ZENworks Application Virtualization for NGN Dummies
 
SynapseIndia dotnet website security development
SynapseIndia dotnet website security developmentSynapseIndia dotnet website security development
SynapseIndia dotnet website security development
 
Spam Soap Products
Spam Soap ProductsSpam Soap Products
Spam Soap Products
 
Testing world selenium_start_chapter1 (1)
Testing world selenium_start_chapter1 (1)Testing world selenium_start_chapter1 (1)
Testing world selenium_start_chapter1 (1)
 
Watir
WatirWatir
Watir
 
SQL Injection and DoS
SQL Injection and DoSSQL Injection and DoS
SQL Injection and DoS
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure Applications
 

Similar to Acme Sql Inject

Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacksamiable_indian
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
Testing web applications
Testing web applicationsTesting web applications
Testing web applicationsmsksaba
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...Quek Lilian
 
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank KimJava EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kimjaxconf
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTGabriel Villa
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversVi Tính Hoàng Nam
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversVi Tính Hoàng Nam
 
Web Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernWeb Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernQuek Lilian
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 

Similar to Acme Sql Inject (20)

Web Security
Web SecurityWeb Security
Web Security
 
Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacks
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
Testing web applications
Testing web applicationsTesting web applications
Testing web applications
 
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
 
Java EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank KimJava EE Web Security By Example: Frank Kim
Java EE Web Security By Example: Frank Kim
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
Securing you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTTSecuring you SQL Server - Denver, RMTT
Securing you SQL Server - Denver, RMTT
 
SqlSa94
SqlSa94SqlSa94
SqlSa94
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Ceh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webserversCeh v5 module 11 hacking webservers
Ceh v5 module 11 hacking webservers
 
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database serversCe hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
 
Web Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernWeb Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok Chern
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReport
 
A Closer Look on C&C Panels
A Closer Look on C&C PanelsA Closer Look on C&C Panels
A Closer Look on C&C Panels
 
Full MSSQL Injection PWNage
Full MSSQL Injection PWNageFull MSSQL Injection PWNage
Full MSSQL Injection PWNage
 

Acme Sql Inject