This document discusses code injection and SQL injection. It defines code injection as a technique used to attack data-driven applications by inserting malicious SQL statements. It describes different types of threats from SQL injection like spoofing, tampering, and information disclosure. It provides examples of how SQL injection can happen through authentication bypass and dropping tables. It recommends input validation, least privileges, prepared statements, and output encoding to prevent SQL injection vulnerabilities.

1. CODE INJECTION
Patel Gayatri K.
MCA, Roll no:41
Dharmsinh Desai Univercity, Nadiad

2. My Agendas:
 Introduction
 Different types of threats resulted by Code
Injection
 How to find vulnerable site?
 How Code Injections happens?
 How to prevent Code Injection?
 Examples of Vulnerable Sites

3. Introduction
 What is Code Injection?
 Code injection is a code injection technique, used
to attack data-driven applications, in which malicious SQL
statements are inserted into an entry field for execution.
“Code Injections allows a programmer
user
specified query to execute in the
database”

4. Code Injections examples which results in
different types of threats
Types Of Threats SQL Injections Examples
Spoofing  Retrieve and use another user’s
credentials
 Modify Author value for messages
Tampering  Modify product stock informations
 Change any other data in the database
Repudiation  Delete transaction records
Information Disclosure  Obtain saved credit card numbers

5. How to find vulnerable site?
1.Open Google.
2.Type in a search box like,
 Inurl:product.php?id=1
 Or
 Inurl:category.php?categoryid=3
 Etc.
3.Press enter.
4.Open websites to check wheather they are vulnerable or not by
putting ‘ at the end of the url string like,
 http://www.myshop.com//products.php?id=1’
5.Press enter.
6.If page gives a sql error, then the website is vulnerable to sql
injection.

6. How SQL Injection happens?
Sample Scenario
• There is a webpage, login.php
• The details behind the code is,
Database : sqlidemo
Table Name : sq_usermaster
Columns : sq_um_uid
sq_um_uname ,sq_um_pwd

7. Authentication Bypass
• To login to the login.php page, whenever the admin will enter the userid and
password, a query will executed on usermaster table, the query will look
somewhat like,
select * from sq_usermaster where sq_um_uname =‘<value>’ and sq_um_pwd
=‘<value>’;
i.e. :
select * from sq_usermaster where sq_um_uname=‘admin’ and
sq_um_pwd=‘qwerty’;
• If the username and password are correct then admin will be able to
login with the username “admin” and password “qwerty” otherwise it will
give negative response and as a result you could see and error, “User
does not exist or password may wrong”.

8. Authentication Bypass
• But what if some one is passing ‘or’0’=‘0 as password ???
• The query would be
select * from sq_usermaster where sq_um_uname=‘admin’
and sq_um_pwd=‘' or '1' = '1' or '’;
• What ever we will pass as value, it will be passed
between two single quotes,
i.e. : ‘<value>’
‘or’1’=‘1’or ‘

9. Authentication Bypass
• The query will be divided into two parts,
select * from sq_usermaster where sq_um_uname=‘admin’
and sq_um_pwd=‘' or '1' = '1' or '’;
• Here, the condition ‘0’=‘0’ will result positively and authentication will
be bypassed !
• We can try to put the same ‘or’0’=‘0 as the username and password if
needed.
• It is to be understood that we can replace 0 with 1,X i.e. : ‘or’1’=‘1
‘or’X’=‘X
• As per the surveys, still more than 65% websites are vulnerable with
this injection.

10. A More Malicious Example
 What if the attacker had instead entered:
 blah‘; DROP TABLE prodinfo--;
 Results in the following SQL:
 SELECT prodinfo FROM prodtable WHERE
prodname = ‘blah’; DROP TABLE prodinfo;
--’
 Note how comment (--) consumes the final
quote

11. Other Injection possibilities
 Using Code injections, attackers can:
 Add new data to the database
 Could be embarrassing to find yourself selling
politically incorrect items on an eCommerce site
 Perform an INSERT in the injected SQL
 Modify data currently in the database
 Could be very costly to have an expensive item
suddenly be deeply ‘discounted’
 Perform an UPDATE in the injected SQL
 Often can gain access to other user’s system
capabilities by obtaining their password

12. Ways to prevent SQL injections:
• Stored Procedures - a stored procedure is defined and stored in the
database itself, and then called from the application rather than
something that a user is allowed to enter.
• Escaping all User Supplied Input - Each DBMS supports one or more
character escaping schemes specific to certain kinds of queries. If you
then escape all user supplied input using the proper escaping scheme
for the database you are using, the DBMS will not confuse that input
with SQL code written by the developer, thus avoiding any possible
SQL injection vulnerabilities
• Least Privilege – or minimizing the privileges assigned to every
database account, so that users have enough permission to do their
job, but no more.
• Give proper Input Validation
• Do not store password in the plain text in database.,Hash them.
• Review code .

13. Some examples of vulnerable sites
 www.terraclean.net
 www.best-miner.com
 www.lightcon.com
 www.ddmf.eu

14. Conclusion
 Be careful! Code Injection is dangerous and
cause vulnerability to your system.
 Code Injection can:
• Bypass the authentication
• Grab the structure of database
• Grab the sensitive data.
 By applying proper SQL prevention techniques,sql
injections can be fixed more effectively.

15. THANK YOU

16. References
 www.webopedia.com
 www.wikipedia.org
 www.slideshare.com
 www.stackoverflow.com