Intro to SQL Injection
•Download as PPTX, PDF•
0 likes•177 views
This is a short introduction to SQL Injection. It was presented to students in the SMU Computer Security Club. It was meant to be an introduction, but it is here for posterity and for any future students who need a very quick primer.
Report
Share
Report
Share
Recommended
SQL Injection in PHP
Mike Creuzer's presentation from the December, 2009 Suburban Chicago PHP & Web Dev Meetup. The topic is SQL injection in PHP and common PHP content management systems.
Visit Mike's blog at http://mike.creuzer.com/
OWASP TOP 10 for PHP Programmers
Presented at #PHPLX 11 September 2013
The 2013 edition of OWASP (Open Web Application Security Project) top 10 has just been released and unfortunately Injections (not only SQL injection) is still the most common security problem. In this talk we will review the top 10 list of security problems looking at possible attack scenarios and ways to protect against them mostly from a PHP programmer perspective.
OWASP Top 10 at International PHP Conference 2014 in Berlin
With the latest XSS and CSRF attacks on Twitter, PayPal and Facebook, security is still obviously a very difficult thing to get right.
Every 3 years, the open web application security project (OWASP) releases a new Top 10 vulnerabilities, this talk will walk you through 2013s list.
I'll present you the possible attack scenarios and how you can protect against them.
In addition we'll look at more security issues which are not part of the Top 10, but that you should definitely keep in mind.
Introduction to SQL Injection
This document provides an overview of SQL injection (SQLi), including what it is, how to detect and exploit it, and how to prevent it. SQLi allows attackers to interfere with and extract data from SQL queries by inserting malicious SQL code. It can be used to bypass authentication, obtain sensitive information, alter or delete database content, and execute remote commands. The document outlines manual and automated testing techniques for detecting SQLi vulnerabilities and tools like SQLMAP for exploiting them. It also discusses prevention best practices.
So long, jQuery, and thanks for all the fish!
Comparison of jQuery methods and their native JavaScript counterparts; jQuery and core JS performance comparison; and ways to use only the parts of jQuery you need.
Hacking Your Way to Better Security - PHP South Africa 2016
This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and more. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.
Codegnitorppt
This document provides an introduction to the CodeIgniter web application framework. It discusses CodeIgniter's MVC architecture, components like controllers, views and models, and how they work together. It also covers common tasks like form validation, sessions, and CRUD operations using CodeIgniter. Key aspects of CodeIgniter mentioned include its ease of use, configuration, libraries, and documentation.
Hacking Your Way To Better Security - php[tek] 2016
This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We will explore several of the OWASP top 10 attack vectors, such as SQL injection, XSS, CSRF, and session hijacking. Each topic will be approached from the perspective of an attacker to learn how these vulnerabilities are detected and exploited using several realistic examples. We will then apply this knowledge to learn how web applications can be secured against such vulnerabilities.
Recommended
SQL Injection in PHP
Mike Creuzer's presentation from the December, 2009 Suburban Chicago PHP & Web Dev Meetup. The topic is SQL injection in PHP and common PHP content management systems.
Visit Mike's blog at http://mike.creuzer.com/
OWASP TOP 10 for PHP Programmers
Presented at #PHPLX 11 September 2013
The 2013 edition of OWASP (Open Web Application Security Project) top 10 has just been released and unfortunately Injections (not only SQL injection) is still the most common security problem. In this talk we will review the top 10 list of security problems looking at possible attack scenarios and ways to protect against them mostly from a PHP programmer perspective.
OWASP Top 10 at International PHP Conference 2014 in Berlin
With the latest XSS and CSRF attacks on Twitter, PayPal and Facebook, security is still obviously a very difficult thing to get right.
Every 3 years, the open web application security project (OWASP) releases a new Top 10 vulnerabilities, this talk will walk you through 2013s list.
I'll present you the possible attack scenarios and how you can protect against them.
In addition we'll look at more security issues which are not part of the Top 10, but that you should definitely keep in mind.
Introduction to SQL Injection
This document provides an overview of SQL injection (SQLi), including what it is, how to detect and exploit it, and how to prevent it. SQLi allows attackers to interfere with and extract data from SQL queries by inserting malicious SQL code. It can be used to bypass authentication, obtain sensitive information, alter or delete database content, and execute remote commands. The document outlines manual and automated testing techniques for detecting SQLi vulnerabilities and tools like SQLMAP for exploiting them. It also discusses prevention best practices.
So long, jQuery, and thanks for all the fish!
Comparison of jQuery methods and their native JavaScript counterparts; jQuery and core JS performance comparison; and ways to use only the parts of jQuery you need.
Hacking Your Way to Better Security - PHP South Africa 2016
This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and more. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.
Codegnitorppt
This document provides an introduction to the CodeIgniter web application framework. It discusses CodeIgniter's MVC architecture, components like controllers, views and models, and how they work together. It also covers common tasks like form validation, sessions, and CRUD operations using CodeIgniter. Key aspects of CodeIgniter mentioned include its ease of use, configuration, libraries, and documentation.
Hacking Your Way To Better Security - php[tek] 2016
This talk educates developers on common security vulnerabilities, how they are exploited, and how to protect against them. We will explore several of the OWASP top 10 attack vectors, such as SQL injection, XSS, CSRF, and session hijacking. Each topic will be approached from the perspective of an attacker to learn how these vulnerabilities are detected and exploited using several realistic examples. We will then apply this knowledge to learn how web applications can be secured against such vulnerabilities.
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparen...
When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced what is called "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks.
The ESI language consists of a small set of instructions represented by XML tags, served by the backend application server, which are processed on the Edge servers (load balancers, reverse proxies). Due to the upstream-trusting nature of Edge servers, the ESI engine tasked to parse and execute these instructions are not able to distinguish between ESI instructions legitimately provided by the application server, and malicious instructions injected by a malicious party. Through our research, we explored the risks that may be encountered through ESI injection: We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and silently extract cookies. Because this attack vector leverages flaws on Edge servers and not on the client-side, the ESI engine can be reliably exploited to steal all cookies, including those protected by the HttpOnly mitigation flag, allowing JavaScript-less session hijacking.
Identified affected vendors include Akamai, Varnish Cache, Squid Proxy, Fastly, IBM WebSphere, Oracle WebLogic, F5, and countless language-specific solutions (NodeJS, Ruby, etc.). This presentation will start by defining ESI and visiting typical infrastructures leveraging this model. We will then delve into to the good stuff; identification and exploitation of popular ESI engines, and mitigation recommendations.
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
This talk educates junior and mid-level developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and others. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.
Spca2014 hillier 3rd party_javascript_libraries
This document discusses several popular third-party JavaScript libraries including: DataJS for working with data, BreezeJS for managing data models, KnockoutJS for building user interfaces, AngularJS as a full-featured MVC framework, LESS as a CSS pre-processor, Bootstrap for responsive design, and media queries for responsive design across devices. Code examples are provided for implementing these libraries.
Hacking Your Way to Better Security - ZendCon 2016
This document discusses various web application security vulnerabilities like SQL injection and cross-site scripting (XSS) from the perspective of an attacker. It begins by introducing SQL injection and demonstrates how it can be used to extract hidden data like usernames and credit card numbers. It then covers XSS and how malicious scripts can be injected onto a page to hijack user sessions. Finally, it discusses ways to protect against these vulnerabilities like input filtering, output encoding, and prepared statements. The overall goal is to help understand common attacks and how to build more secure applications.
Cheap tricks for startups
This document discusses cheap tricks for startups to experiment and deploy features quickly. It recommends using feature flags to control features for different users, deploying to staging environments first, and using read-only mode for low-risk deployments. It also suggests adding created/updated date fields to all tables to easily track site growth over time, and storing daily report calculations in the database to graph metrics over time. The overall message is that these techniques allow for easy, fast, and cheap experimentation, deployment, and analytics.
18.register login
This document provides instructions for setting up a basic register/login system using Laravel. It includes steps for installing composer dependencies, creating a User model and migration, generating authentication routes and views, and building a LoginController to handle authentication logic. Views are defined for the homepage, login, registration, profile, and shared master layout. The LoginController contains methods for registration, authentication, authorization, and logout.
You're Doing it Wrong - WordCamp Atlanta
The document discusses various ways that developers commonly do things wrong in WordPress development and provides recommendations for doing them right. Some of the common mistakes discussed include not upgrading WordPress, hard-coding paths, not validating user input, not using caching, and not contributing back to the WordPress community. The document provides alternatives and resources for properly enqueueing scripts, using template tags, validating data, utilizing caching, and contributing to WordPress.
2. 엔티티 매핑(entity mapping) 2 2 엔티티매핑 2-2-4. 식별자 자동 생성(@generated-value) part2
2. 엔티티 매핑(entity mapping) 2 2 엔티티매핑 2-2-4. 식별자 자동 생성(@generated-value) part2탑크리에듀(구로디지털단지역3번출구 2분거리)
[GenerationType.TABLE, 오라클 예제]
STS에서 File -> New -> Spring Stater Project 프로젝트 이름 : GeneratedValueTest
다음화면에서 SQL : JPA, Web : Web 선택
1. pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>GeneratedValueTest</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
Introduction to jQuery - Barcamp London 9
This document introduces jQuery, a JavaScript library that simplifies HTML document manipulation and AJAX interactions. It allows selecting elements, handling events, animating elements, and making AJAX requests. Some key benefits of jQuery include being cross-browser compatible, having excellent documentation, being widely adopted, and being lightweight. The document provides many code examples demonstrating how to select elements, handle events, animate elements, traverse the DOM, make AJAX requests, and more using jQuery.
ໂປຮແກຮມ MySQL
This document discusses MySQL and SQL. It provides information on installing and downloading MySQL, how to connect to a MySQL database using the command line, how to create, select, insert, update, and delete data from MySQL databases and tables using SQL statements. It also includes SQL statements for creating sample tables to demonstrate MySQL and SQL commands.
Selenium rc presentation_20110104
Selenium RC allows test automation by simulating a user navigating web pages and verifying content. It works by launching a Selenium server, then running Selenese test scripts written in a language like PHPUnit that connect to the server. Tests can open pages, click links, fill forms, and verify page content and titles. Locating elements uses strategies like XPath, ID, CSS, and tests may require handling issues such as dynamic window names and false positives.
Ionic tabs template explained
This document explains concepts used in an Ionic tabs template application, including dependency injection, nested states, services, controllers, and templates. Key concepts covered include using ng-repeat to loop through data arrays, accessing services from controllers, passing state parameters between views, and two-way data binding with ng-model. The application structure separates code into modules for services, controllers, and configuration, with templates populated from controllers using the tabs navigation template.
Laravel 로 배우는 서버사이드 #5
This document describes how to build a bulletin board application in Laravel. It covers setting up the application structure with Blade views and layouts, connecting to a MySQL database to manage users and posts, creating Eloquent models, and building out the controller logic for common actions like registration, login, creating, editing, and deleting posts. Key sections include setting up the MVC framework with routes and controllers, implementing authentication with sessions, and using relationships and pagination for working with related data.
FamilySearch Reference Client
The FamilySearch Reference Client is an open-source implementation of the Family Tree user interface that was developed to:
1) Make it easy for partners to access the FamilySearch tree using an extensible framework
2) Provide reusable components for partners to use
3) Demonstrate how to access the FamilySearch Tree using the Javascript SDK
Angular JS blog tutorial
Tutorial to create a blog using AngularJS.
The slides were originally used for a study
meetup at our office.
Um roadmap do Framework Ruby on Rails, do Rails 1 ao Rails 4 - DevDay 2013
Esta palestra apresentará as funcionalidades disponibilizadas pelo framework web Ruby on Rails desde sua primeira versão até o Rails 4. Serão apresentadas as evoluções mais significativas de cada release e as principais características do Rails 4. Ruby on Rails tem se tornado cada vez mais popular e ganhado mais adeptos. Sempre ouço comentários de desenvolvedores de outras tecnologias que desejam conhecer melhor o framework, seja para implementar projetos pessoais ou mesmo dar um novo rumo na vida profissional. Acredito que uma apresentação das evoluções implementas nesta tecnologia permitirá que muitos desenvolvedores e entusiatas obtenham um conhecimento básico, o que facilitará seus estudos posteriores permitindo que possam aprofundar mais em cada tópico coberto na palestra. A palestra não tem o objetivo de entrar em detalhes técnicos das implementações, mas sim explicar e, sempre que possível exemplificar, o que passou a ser possível de ser implementado após cada release.
Drupal Development (Part 2)
A whirlwind tour of Drupal best practices, presented at the Chicago CMS Expo in April 2008. See http://cmsexpo.net for more information.
Common UI patterns
The JavaScript community has learned a lot in the last 5 years. Here are some common patterns that the community has converged on.
Djangoアプリのデプロイに関するプラクティス / Deploy django application
This document contains notes from a meeting on web application security. It discusses several common vulnerabilities like SQL injection, cross-site scripting (XSS), and clickjacking. It provides examples of how these vulnerabilities can occur and ways to prevent them, such as sanitizing user input, enabling CSRF protection middleware, and using the X-Frame-Options header. Keywords discussed include MySQL, Docker, Kubernetes, Ansible, and various attack vectors like CSRF, XSS, SQL injection, and clickjacking. The document aims to educate on security best practices for Python and Django web applications.
jQuery: Tips, tricks and hints for better development and Performance
This document provides an overview of a presentation on jQuery tips, tricks, and hints for better development and performance. The presentation covers:
1. What is jQuery and how it simplifies document traversing, event handling, and rapid web development.
2. Ten useful tips for better development, including avoiding flashing content, using Firebug's console, loading jQuery from Google Code, and writing custom filter selectors.
3. Ten performance tips such as using .find() instead of new selectors, giving selectors context, caching jQuery objects, and using event delegation.
The presentation concludes with contact information for the presenter.
SQLSecurity.ppt
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, including the use of views and privileges. It then describes SQL injection attacks, giving examples of how attackers can exploit vulnerabilities to view sensitive data or delete tables. The best defense is using prepared statements with bound parameters rather than embedding user input directly into SQL. Other defenses include input validation, output encoding, limiting permissions, and configuring error reporting.
SQLSecurity.ppt
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, views, and limitations of SQL security. It defines SQL injection attacks and gives examples of how attacks work by inserting malicious SQL statements into user input. The document recommends best practices for prevention, including using prepared statements with bound variables, input validation, output encoding, and limiting database permissions.
More Related Content
What's hot
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparen...
When caching servers and load balancers became an integral part of the Internet's infrastructure, vendors introduced what is called "Edge Side Includes" (ESI), a technology allowing malleability in caching systems. This legacy technology, still implemented in nearly all popular HTTP surrogates (caching/load balancing services), is dangerous by design and brings a yet unexplored vector for web-based attacks.
The ESI language consists of a small set of instructions represented by XML tags, served by the backend application server, which are processed on the Edge servers (load balancers, reverse proxies). Due to the upstream-trusting nature of Edge servers, the ESI engine tasked to parse and execute these instructions are not able to distinguish between ESI instructions legitimately provided by the application server, and malicious instructions injected by a malicious party. Through our research, we explored the risks that may be encountered through ESI injection: We identified that ESI can be used to perform SSRF, bypass reflected XSS filters (Chrome), and silently extract cookies. Because this attack vector leverages flaws on Edge servers and not on the client-side, the ESI engine can be reliably exploited to steal all cookies, including those protected by the HttpOnly mitigation flag, allowing JavaScript-less session hijacking.
Identified affected vendors include Akamai, Varnish Cache, Squid Proxy, Fastly, IBM WebSphere, Oracle WebLogic, F5, and countless language-specific solutions (NodeJS, Ruby, etc.). This presentation will start by defining ESI and visiting typical infrastructures leveraging this model. We will then delve into to the good stuff; identification and exploitation of popular ESI engines, and mitigation recommendations.
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
This talk educates junior and mid-level developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, and others. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. We'll then apply this knowledge to see how web applications can be secured against such vulnerabilities.
Spca2014 hillier 3rd party_javascript_libraries
This document discusses several popular third-party JavaScript libraries including: DataJS for working with data, BreezeJS for managing data models, KnockoutJS for building user interfaces, AngularJS as a full-featured MVC framework, LESS as a CSS pre-processor, Bootstrap for responsive design, and media queries for responsive design across devices. Code examples are provided for implementing these libraries.
Hacking Your Way to Better Security - ZendCon 2016
This document discusses various web application security vulnerabilities like SQL injection and cross-site scripting (XSS) from the perspective of an attacker. It begins by introducing SQL injection and demonstrates how it can be used to extract hidden data like usernames and credit card numbers. It then covers XSS and how malicious scripts can be injected onto a page to hijack user sessions. Finally, it discusses ways to protect against these vulnerabilities like input filtering, output encoding, and prepared statements. The overall goal is to help understand common attacks and how to build more secure applications.
Cheap tricks for startups
This document discusses cheap tricks for startups to experiment and deploy features quickly. It recommends using feature flags to control features for different users, deploying to staging environments first, and using read-only mode for low-risk deployments. It also suggests adding created/updated date fields to all tables to easily track site growth over time, and storing daily report calculations in the database to graph metrics over time. The overall message is that these techniques allow for easy, fast, and cheap experimentation, deployment, and analytics.
18.register login
This document provides instructions for setting up a basic register/login system using Laravel. It includes steps for installing composer dependencies, creating a User model and migration, generating authentication routes and views, and building a LoginController to handle authentication logic. Views are defined for the homepage, login, registration, profile, and shared master layout. The LoginController contains methods for registration, authentication, authorization, and logout.
You're Doing it Wrong - WordCamp Atlanta
The document discusses various ways that developers commonly do things wrong in WordPress development and provides recommendations for doing them right. Some of the common mistakes discussed include not upgrading WordPress, hard-coding paths, not validating user input, not using caching, and not contributing back to the WordPress community. The document provides alternatives and resources for properly enqueueing scripts, using template tags, validating data, utilizing caching, and contributing to WordPress.
2. 엔티티 매핑(entity mapping) 2 2 엔티티매핑 2-2-4. 식별자 자동 생성(@generated-value) part2
2. 엔티티 매핑(entity mapping) 2 2 엔티티매핑 2-2-4. 식별자 자동 생성(@generated-value) part2탑크리에듀(구로디지털단지역3번출구 2분거리)
[GenerationType.TABLE, 오라클 예제]
STS에서 File -> New -> Spring Stater Project 프로젝트 이름 : GeneratedValueTest
다음화면에서 SQL : JPA, Web : Web 선택
1. pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.example</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>GeneratedValueTest</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
Introduction to jQuery - Barcamp London 9
This document introduces jQuery, a JavaScript library that simplifies HTML document manipulation and AJAX interactions. It allows selecting elements, handling events, animating elements, and making AJAX requests. Some key benefits of jQuery include being cross-browser compatible, having excellent documentation, being widely adopted, and being lightweight. The document provides many code examples demonstrating how to select elements, handle events, animate elements, traverse the DOM, make AJAX requests, and more using jQuery.
ໂປຮແກຮມ MySQL
This document discusses MySQL and SQL. It provides information on installing and downloading MySQL, how to connect to a MySQL database using the command line, how to create, select, insert, update, and delete data from MySQL databases and tables using SQL statements. It also includes SQL statements for creating sample tables to demonstrate MySQL and SQL commands.
Selenium rc presentation_20110104
Selenium RC allows test automation by simulating a user navigating web pages and verifying content. It works by launching a Selenium server, then running Selenese test scripts written in a language like PHPUnit that connect to the server. Tests can open pages, click links, fill forms, and verify page content and titles. Locating elements uses strategies like XPath, ID, CSS, and tests may require handling issues such as dynamic window names and false positives.
Ionic tabs template explained
This document explains concepts used in an Ionic tabs template application, including dependency injection, nested states, services, controllers, and templates. Key concepts covered include using ng-repeat to loop through data arrays, accessing services from controllers, passing state parameters between views, and two-way data binding with ng-model. The application structure separates code into modules for services, controllers, and configuration, with templates populated from controllers using the tabs navigation template.
Laravel 로 배우는 서버사이드 #5
This document describes how to build a bulletin board application in Laravel. It covers setting up the application structure with Blade views and layouts, connecting to a MySQL database to manage users and posts, creating Eloquent models, and building out the controller logic for common actions like registration, login, creating, editing, and deleting posts. Key sections include setting up the MVC framework with routes and controllers, implementing authentication with sessions, and using relationships and pagination for working with related data.
FamilySearch Reference Client
The FamilySearch Reference Client is an open-source implementation of the Family Tree user interface that was developed to:
1) Make it easy for partners to access the FamilySearch tree using an extensible framework
2) Provide reusable components for partners to use
3) Demonstrate how to access the FamilySearch Tree using the Javascript SDK
Angular JS blog tutorial
Tutorial to create a blog using AngularJS.
The slides were originally used for a study
meetup at our office.
Um roadmap do Framework Ruby on Rails, do Rails 1 ao Rails 4 - DevDay 2013
Esta palestra apresentará as funcionalidades disponibilizadas pelo framework web Ruby on Rails desde sua primeira versão até o Rails 4. Serão apresentadas as evoluções mais significativas de cada release e as principais características do Rails 4. Ruby on Rails tem se tornado cada vez mais popular e ganhado mais adeptos. Sempre ouço comentários de desenvolvedores de outras tecnologias que desejam conhecer melhor o framework, seja para implementar projetos pessoais ou mesmo dar um novo rumo na vida profissional. Acredito que uma apresentação das evoluções implementas nesta tecnologia permitirá que muitos desenvolvedores e entusiatas obtenham um conhecimento básico, o que facilitará seus estudos posteriores permitindo que possam aprofundar mais em cada tópico coberto na palestra. A palestra não tem o objetivo de entrar em detalhes técnicos das implementações, mas sim explicar e, sempre que possível exemplificar, o que passou a ser possível de ser implementado após cada release.
Drupal Development (Part 2)
A whirlwind tour of Drupal best practices, presented at the Chicago CMS Expo in April 2008. See http://cmsexpo.net for more information.
Common UI patterns
The JavaScript community has learned a lot in the last 5 years. Here are some common patterns that the community has converged on.
Djangoアプリのデプロイに関するプラクティス / Deploy django application
This document contains notes from a meeting on web application security. It discusses several common vulnerabilities like SQL injection, cross-site scripting (XSS), and clickjacking. It provides examples of how these vulnerabilities can occur and ways to prevent them, such as sanitizing user input, enabling CSRF protection middleware, and using the X-Frame-Options header. Keywords discussed include MySQL, Docker, Kubernetes, Ansible, and various attack vectors like CSRF, XSS, SQL injection, and clickjacking. The document aims to educate on security best practices for Python and Django web applications.
jQuery: Tips, tricks and hints for better development and Performance
This document provides an overview of a presentation on jQuery tips, tricks, and hints for better development and performance. The presentation covers:
1. What is jQuery and how it simplifies document traversing, event handling, and rapid web development.
2. Ten useful tips for better development, including avoiding flashing content, using Firebug's console, loading jQuery from Google Code, and writing custom filter selectors.
3. Ten performance tips such as using .find() instead of new selectors, giving selectors context, caching jQuery objects, and using event delegation.
The presentation concludes with contact information for the presenter.
What's hot (20)
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparen...
Edge Side Include Injection: Abusing Caching Servers into SSRF and Transparen...
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016
2. 엔티티 매핑(entity mapping) 2 2 엔티티매핑 2-2-4. 식별자 자동 생성(@generated-value) part2
2. 엔티티 매핑(entity mapping) 2 2 엔티티매핑 2-2-4. 식별자 자동 생성(@generated-value) part2
Um roadmap do Framework Ruby on Rails, do Rails 1 ao Rails 4 - DevDay 2013
Um roadmap do Framework Ruby on Rails, do Rails 1 ao Rails 4 - DevDay 2013
Djangoアプリのデプロイに関するプラクティス / Deploy django application
Djangoアプリのデプロイに関するプラクティス / Deploy django application
jQuery: Tips, tricks and hints for better development and Performance
jQuery: Tips, tricks and hints for better development and Performance
Similar to Intro to SQL Injection
SQLSecurity.ppt
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, including the use of views and privileges. It then describes SQL injection attacks, giving examples of how attackers can exploit vulnerabilities to view sensitive data or delete tables. The best defense is using prepared statements with bound parameters rather than embedding user input directly into SQL. Other defenses include input validation, output encoding, limiting permissions, and configuring error reporting.
SQLSecurity.ppt
The document discusses database security and SQL injection attacks. It provides an overview of access control in SQL and MySQL, views, and limitations of SQL security. It defines SQL injection attacks and gives examples of how attacks work by inserting malicious SQL statements into user input. The document recommends best practices for prevention, including using prepared statements with bound variables, input validation, output encoding, and limiting database permissions.
Database presentation
The document discusses connecting to a MySQL database from PHP, creating databases and tables, and inserting data. It covers creating a connection, selecting a database, constructing and executing SQL queries to create tables and insert data, and retrieving error messages. It also discusses taking user input from HTML forms and inserting it into the database.
Sql Injection V.2
SQL injection is a common web application vulnerability that allows attackers to inject malicious SQL statements into an application's database. It can allow data leakage, modification, denial of access, and complete host takeover. SQL injection occurs when user-supplied input is not properly sanitized before being used in SQL queries. Developers can prevent SQL injection by using prepared statements with parameterized queries, stored procedures, and properly escaping all user input. Web application firewalls and additional defenses like whitelist input validation can also help mitigate SQL injection risks.
Sql security
This document discusses database security and SQL injection attacks. It begins with an overview of access control in SQL and views before discussing SQL injection attacks in more detail. The key points are that SQL injection attacks involve inserting malicious SQL statements into user input fields to exploit applications that directly insert user input into SQL queries. Examples are given of how attacks can read or delete entire databases. The best defenses include using prepared statements with bound parameters and validating/sanitizing all user input.
Sql injection
SQL injection is a common web application security vulnerability that allows attackers to control an application's database by tricking the application into sending unexpected SQL commands to the database. It works by submitting malicious SQL code as input, which gets executed by the database since the application concatenates user input directly into SQL queries. The key to preventing SQL injection is using prepared statements with bound parameters instead of building SQL queries through string concatenation. This separates the SQL statement from any user-supplied input that could contain malicious code.
Php Security - OWASP
This document discusses various cybersecurity topics related to PHP, including hacking, attacks, and recovering from attacks. It provides an overview of general security aspects and the OSI model layers. It then covers specific types of attacks like denial-of-service, spoofing, and man-in-the-middle attacks. It also discusses vulnerabilities, exploits, and the OWASP top 10 security risks. A large portion of the document focuses on SQL injection attacks, how they work, and ways to protect against them. It also briefly discusses other injection attacks and cross-site scripting attacks.
03. sql and other injection module v17
This document discusses SQL injection and ways to prevent it. SQL injection occurs when malicious SQL statements are inserted into an insufficiently validated string that is later executed as a database command. It can allow attackers to read or modify data in the database. The document outlines different types of SQL injection attacks and provides examples of how input validation and prepared statements can prevent injection. It also discusses command injection and file path traversal attacks.
Sql Injection Myths and Fallacies
The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application security. In this presentation, you'll see some common myths busted and you'll get a better understanding of defending against SQL injection.
Intro to php
This document provides an introduction to PHP, including:
- PHP is an open source scripting language suited for web development that can be embedded into HTML. Code is placed between <?php ?> tags.
- PHP files are processed by the web server, which returns plain HTML with no PHP code visible. Variables can store and pass different types of data between PHP sections.
- Functions allow common or repetitive tasks to be reused. Popular PHP functions and a large library are available online.
- Form data can be captured with PHP variables like $_POST then inserted into a MySQL database using SQL queries. The data is later retrieved and output dynamically.
- Data validation is important for security. Functions like htmlentities() and mysql
Brief introduction into SQL injection attack scenarios
This document discusses SQL injection vulnerabilities and techniques. It explains how web applications interact with databases by passing user-input as parameters in SQL queries. SQL injection occurs when user-input containing SQL code is not sanitized. The document outlines various SQL injection payloads and techniques, such as terminating strings, commenting queries, accessing stored procedures and server variables. It also provides recommendations for secure coding practices and database hardening.
You're Doing it Wrong - WordCamp Orlando
The document discusses various ways that developers commonly do things wrong when working with WordPress. It provides examples of wrong code patterns and anti-patterns compared to better right ways of doing things, such as properly validating and escaping user input, using WordPress helper functions and classes instead of globals, enqueueing scripts and styles rather than directly echoing them, and contributing back to the WordPress community.
Code injection and green sql
The document discusses SQL injection and GreenSQL. SQL injection is a code injection technique that allows attackers to gain unauthorized access to databases. GreenSQL is a database firewall that works as a proxy for SQL commands, calculates query risks, and supports different protection modes like IDS, IPS, and learning modes. It fingerprints databases and detects risky queries like stack-based and tautological queries. GreenSQL provides a dashboard to monitor queries and configure whitelist rules and alerts.
Greensql2007
The document discusses SQL injection and GreenSQL. SQL injection is a code injection technique that allows attackers to gain unauthorized access to databases. GreenSQL is a database firewall that works as a proxy for SQL commands, calculates query risks, and supports different protection modes like IDS, IPS, and learning modes. It fingerprints databases and detects risky queries like stack-based and tautological queries. GreenSQL provides a dashboard to monitor queries and configure whitelist rules and alerts.
Fortress SQL Server
The document discusses best practices for locking down databases and applications in Microsoft SQL Server. It covers topics such as authentication, logins vs users, database roles, permissions, ownership chaining, auditing, and encryption. The author is a SQL Server MVP who provides recommendations based on their experience with security architecture, incident response, and SQL Server.
Web Security - Hands-on
The document provides an overview of topics related to web security and hands-on exercises. It discusses SQL injection exploits, cross-site scripting (XSS), and ways to sanitize user inputs to prevent exploits. The document outlines steps to create databases and tables in MySQL, build login and messaging systems, and introduces ways attackers can exploit vulnerabilities, such as blind SQL injections, XSS, and accessing sensitive browser data. It emphasizes the importance of using prepared statements and sanitizing all user inputs to protect against security issues.
Sq linjection
SQL injection is a code injection technique that exploits security vulnerabilities in web applications by inserting malicious SQL statements into input fields. When user-supplied input is inserted into a SQL query without validation or sanitization, an attacker can manipulate the SQL statement and gain unauthorized access to sensitive data or make unauthorized changes by supplying specially crafted input containing SQL keywords and operators. Common defenses include sanitizing all user input, using parameterized queries instead of dynamic SQL, and running database access with least privileges.
SQL Injection Attacks
SQL injection attacks occur when user-supplied input is inserted into SQL statements without proper validation or escaping. This can allow attackers to view sensitive data or even modify databases by altering the structure of SQL queries. The document discusses how SQL injection works, provides examples, and recommends defenses like input validation, query parameterization, and limiting database permissions.
Introduction to Active Record - Silicon Valley Ruby Conference 2007
Active Record is an object-relational mapping (ORM) pattern that allows developers to interact with a database using objects rather than SQL queries. It establishes a direct association between classes and database tables, and between class objects and table rows. The key characteristics of Active Record include directly mapping classes to tables, objects to rows, and using finders and setters to encapsulate data access. The Ruby on Rails framework includes an implementation of Active Record to provide data modeling and database access functions.
Similar to Intro to SQL Injection (20)
Brief introduction into SQL injection attack scenarios
Brief introduction into SQL injection attack scenarios
Introduction to Active Record - Silicon Valley Ruby Conference 2007
Introduction to Active Record - Silicon Valley Ruby Conference 2007
Recently uploaded
ACE - Team 24 Wrapup event at ahmedabad.
Atlassian Team 24 event wrap-up Ahmedabad. Recap of Atlassian team24 event.
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...The Third Creative Media
"Navigating Invideo: A Comprehensive Guide" is an essential resource for anyone looking to master Invideo, an AI-powered video creation tool. This guide provides step-by-step instructions, helpful tips, and comparisons with other AI video creators. Whether you're a beginner or an experienced video editor, you'll find valuable insights to enhance your video projects and bring your creative ideas to life.The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
Visual testing plays a vital role in ensuring that software products meet the aesthetic requirements specified by clients in functional and non-functional specifications. In today's highly competitive digital landscape, users expect a seamless and visually appealing online experience. Visual testing, also known as automated UI testing or visual regression testing, verifies the accuracy of the visual elements that users interact with.
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
Ensuring the optimal performance of your audio-visual (AV) equipment is crucial for delivering exceptional experiences. AV performance validation is a critical process that verifies the quality and functionality of your AV setup. Whether you're a content creator, a business conducting webinars, or a homeowner creating a home theater, validating your AV performance is essential.
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Consistent toolbox talks are critical for maintaining workplace safety, as they provide regular opportunities to address specific hazards and reinforce safe practices.
These brief, focused sessions ensure that safety is a continual conversation rather than a one-time event, which helps keep safety protocols fresh in employees' minds. Studies have shown that shorter, more frequent training sessions are more effective for retention and behavior change compared to longer, infrequent sessions.
Engaging workers regularly, toolbox talks promote a culture of safety, empower employees to voice concerns, and ultimately reduce the likelihood of accidents and injuries on site.
The traditional method of conducting safety talks with paper documents and lengthy meetings is not only time-consuming but also less effective. Manual tracking of attendance and compliance is prone to errors and inconsistencies, leading to gaps in safety communication and potential non-compliance with OSHA regulations. Switching to a digital solution like Safelyio offers significant advantages.
Safelyio automates the delivery and documentation of safety talks, ensuring consistency and accessibility. The microlearning approach breaks down complex safety protocols into manageable, bite-sized pieces, making it easier for employees to absorb and retain information.
This method minimizes disruptions to work schedules, eliminates the hassle of paperwork, and ensures that all safety communications are tracked and recorded accurately. Ultimately, using a digital platform like Safelyio enhances engagement, compliance, and overall safety performance on site. https://safelyio.com/
Enums On Steroids - let's look at sealed classes !
These are slides for my session"Enums On Steroids - let's look at sealed classes !" - delivered among others, on Devoxx UK 2024 conference
Kubernetes at Scale: Going Multi-Cluster with Istio
Divine Odazie and Jubril Oyetunji share tips on Going Multi-Cluster with Istio Service Mesh at DevOpsDays Houston.
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Join us for an engaging session led by Flow Champion, Tom Kitt. This session will dive into a technique of enhancing the user interfaces and user experiences within Screen Flows using the Salesforce Lightning Design System (SLDS). This technique uses Native functionality, with No Apex Code, No Custom Components and No Managed Packages required.
Malibou Pitch Deck For Its €3M Seed Round
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
Superpower Your Apache Kafka Applications Development with Complementary Open...
Kafka Summit talk (Bangalore, India, May 2, 2024, https://events.bizzabo.com/573863/agenda/session/1300469 )
Many Apache Kafka use cases take advantage of Kafka’s ability to integrate multiple heterogeneous systems for stream processing and real-time machine learning scenarios. But Kafka also exists in a rich ecosystem of related but complementary stream processing technologies and tools, particularly from the open-source community. In this talk, we’ll take you on a tour of a selection of complementary tools that can make Kafka even more powerful. We’ll focus on tools for stream processing and querying, streaming machine learning, stream visibility and observation, stream meta-data, stream visualisation, stream development including testing and the use of Generative AI and LLMs, and stream performance and scalability. By the end you will have a good idea of the types of Kafka “superhero” tools that exist, which are my favourites (and what superpowers they have), and how they combine to save your Kafka applications development universe from swamploads of data stagnation monsters!
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Closing talk for the Performance Engineering track at Community Over Code EU (Bratislava, Slovakia, June 5 2024) https://eu.communityovercode.org/sessions/2024/why-apache-kafka-clusters-are-like-galaxies-and-other-cosmic-kafka-quandaries-explored/ Instaclustr (now part of NetApp) manages 100s of Apache Kafka clusters of many different sizes, for a variety of use cases and customers. For the last 7 years I’ve been focused outwardly on exploring Kafka application development challenges, but recently I decided to look inward and see what I could discover about the performance, scalability and resource characteristics of the Kafka clusters themselves. Using a suite of Performance Engineering techniques, I will reveal some surprising discoveries about cosmic Kafka mysteries in our data centres, related to: cluster sizes and distribution (using Zipf’s Law), horizontal vs. vertical scalability, and predicting Kafka performance using metrics, modelling and regression techniques. These insights are relevant to Kafka developers and operators.
Orca: Nocode Graphical Editor for Container Orchestration
Tool demo on CEDI/SISTEDES/JISBD2024 at A Coruña, Spain. 2024.06.18
"Orca: Nocode Graphical Editor for Container Orchestration"
by Pedro J. Molina PhD. from Metadev
14 th Edition of International conference on computer vision
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
In today's fiercely competitive mobile app market, the role of the QA team is pivotal for continuous improvement and sustained success. Effective testing strategies are essential to navigate the challenges confidently and precisely. Ensuring the perfection of mobile apps before they reach end-users requires thoughtful decisions in the testing plan.
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Ready to overcome challenges and drive innovation in your organization? Join us in our upcoming webinar where we discuss how to combat resource limitations, scope creep, and the difficulties of aligning your projects with strategic goals. Discover how OnePlan can revolutionize your product development processes, helping your team to innovate faster, manage resources more effectively, and deliver exceptional results.
What’s New in Odoo 17 – A Complete Roadmap
Odoo releases a new update every year. The latest version, Odoo 17, came out in October 2023. It brought many improvements to the user interface and user experience, along with new features in modules like accounting, marketing, manufacturing, websites, and more.
The Odoo 17 update has been a hot topic among startups, mid-sized businesses, large enterprises, and Odoo developers aiming to grow their businesses. Since it is now already the first quarter of 2024, you must have a clear idea of what Odoo 17 entails and what it can offer your business if you are still not aware of it.
This blog covers the features and functionalities. Explore the entire blog and get in touch with expert Odoo ERP consultants to leverage Odoo 17 and its features for your business too.
An Overview of Odoo ERP
Odoo ERP was first released as OpenERP software in February 2005. It is a suite of business applications used for ERP, CRM, eCommerce, websites, and project management. Ten years ago, the Odoo Enterprise edition was launched to help fund the Odoo Community version.
When you compare Odoo Community and Enterprise, the Enterprise edition offers exclusive features like mobile app access, Odoo Studio customisation, Odoo hosting, and unlimited functional support.
Today, Odoo is a well-known name used by companies of all sizes across various industries, including manufacturing, retail, accounting, marketing, healthcare, IT consulting, and R&D.
The latest version, Odoo 17, has been available since October 2023. Key highlights of this update include:
Enhanced user experience with improvements to the command bar, faster backend page loading, and multiple dashboard views.
Instant report generation, credit limit alerts for sales and invoices, separate OCR settings for invoice creation, and an auto-complete feature for forms in the accounting module.
Improved image handling and global attribute changes for mailing lists in email marketing.
A default auto-signature option and a refuse-to-sign option in HR modules.
Options to divide and merge manufacturing orders, track the status of manufacturing orders, and more in the MRP module.
Dark mode in Odoo 17.
Now that the Odoo 17 announcement is official, let’s look at what’s new in Odoo 17!
What is Odoo ERP 17?
Odoo 17 is the latest version of one of the world’s leading open-source enterprise ERPs. This version has come up with significant improvements explained here in this blog. Also, this new version aims to introduce features that enhance time-saving, efficiency, and productivity for users across various organisations.
Odoo 17, released at the Odoo Experience 2023, brought notable improvements to the user interface and added new functionalities with enhancements in performance, accessibility, data analysis, and management, further expanding its reach in the market.
Measures in SQL (SIGMOD 2024, Santiago, Chile)
SQL has attained widespread adoption, but Business Intelligence tools still use their own higher level languages based upon a multidimensional paradigm. Composable calculations are what is missing from SQL, and we propose a new kind of column, called a measure, that attaches a calculation to a table. Like regular tables, tables with measures are composable and closed when used in queries.
SQL-with-measures has the power, conciseness and reusability of multidimensional languages but retains SQL semantics. Measure invocations can be expanded in place to simple, clear SQL.
To define the evaluation semantics for measures, we introduce context-sensitive expressions (a way to evaluate multidimensional expressions that is consistent with existing SQL semantics), a concept called evaluation context, and several operations for setting and modifying the evaluation context.
A talk at SIGMOD, June 9–15, 2024, Santiago, Chile
Authors: Julian Hyde (Google) and John Fremlin (Google)
https://doi.org/10.1145/3626246.3653374
42 Ways to Generate Real Estate Leads - Sellxpert
Generate hot real estate leads with these simple strategies. 42 innovative ways to attract clients in the real estate industry.
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Vector databases are transforming how we handle data, allowing us to search through text, images, and audio by converting them into vectors. Today, we'll dive into the basics of this exciting technology and discuss its potential to revolutionize our next-generation AI applications. We'll examine typical uses for these databases and the essential tools
developers need. Plus, we'll zoom in on the advanced capabilities of vector search and semantic caching in Java, showcasing these through a live demo with Redis libraries. Get ready to see how these powerful tools can change the game!
Recently uploaded (20)
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Power of Visual Regression Testing_ Why It Is Critical for Enterprise App...
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
The Comprehensive Guide to Validating Audio-Visual Performances.pdf
Assure Contact Center Experiences for Your Customers With ThousandEyes
Assure Contact Center Experiences for Your Customers With ThousandEyes
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Safelyio Toolbox Talk Softwate & App (How To Digitize Safety Meetings)
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Kubernetes at Scale: Going Multi-Cluster with Istio
Kubernetes at Scale: Going Multi-Cluster with Istio
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Enhanced Screen Flows UI/UX using SLDS with Tom Kitt
Superpower Your Apache Kafka Applications Development with Complementary Open...
Superpower Your Apache Kafka Applications Development with Complementary Open...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Why Apache Kafka Clusters Are Like Galaxies (And Other Cosmic Kafka Quandarie...
Orca: Nocode Graphical Editor for Container Orchestration
Orca: Nocode Graphical Editor for Container Orchestration
14 th Edition of International conference on computer vision
14 th Edition of International conference on computer vision
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
A Comprehensive Guide on Implementing Real-World Mobile Testing Strategies fo...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
Transforming Product Development using OnePlan To Boost Efficiency and Innova...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...
Intro to SQL Injection
- 2. SQL Injection SQLi Attack Vectors Web Applications Mobile Applications Thick Clients Two primary types Visible SQLi Blind SQLi Impact Compromise of info. Tampering with database Destruction of info. Compromise of other server components
- 3. Cause Unsafe Concatenation (usually) $query = "SELECT userid, username FROM users WHERE username = '$input'"; What happens if… $input = bob Returns userid ,username of bob. $input = ‘bob SQL Error. Why?
- 4. What happened? Sequence: $query = “SELECT userid,username FROM users WHERE username = ‘$input’”; $input = ‘ bob’ $query => “SELECT userid,username FROM users WHERE username = ‘’ bob’’ ”; i_see_what_you_did_there.jpg
- 5. What now? If we can manipulate the quotes, or similar characters, we can alter the SQL query $query = “SELECT userid,username FROM users WHERE username = ‘$input’”; $input = ‘ <malicious SQL Command> $query => “SELECT userid,username FROM users WHERE username = ‘’ <malicious SQL command>’”;
- 6. Manipulating Control Insertion of conditionals and modifiers OR, UNION, % (SQL wildcard) are the most common How can these help us? Demo Time!
- 7. Cool Stuff… for a Kiddie When ‘or ‘1’=1 works there are limitations… Always returns every valid answer. Not useful if the system only reads one value, i.e. the first. Not useful if you need to extract information from alternate columns Consider the following: $query = “SELECT userid,username FROM users WHERE username = ‘$input’” Goal is to obtain the password of the user ‘joe’
- 8. SELECT Modifiers The most glorious of all: UNION SELECT Consider the following: $input = ‘ UNION SELECT 1, password FROM users WHERE username = ‘joe $query = “SELECT userid,username FROM users WHERE username = ‘’ UNION SELECT 1,password FROM users WHERE username = ‘joe’”; Demo Time!
- 9. Is SQL Broken? No. Remediation NEVER trust user input ALWAYS escape bad characters ALWAYS use parameter based queries where possible (Prepared Statements) See OWASP guide on SQL Injection Prevention for more details
- 10. Advanced Techniques Abusing obscure privileges CREATE Create_priv databases, tables, or indexes DROP Drop_priv databases, tables, or views GRANT OPTION Grant_priv databases, tables, or stored routines LOCK TABLES Lock_tables_priv databases REFERENCES References_priv databases or tables EVENT Event_priv databases ALTER Alter_priv tables DELETE Delete_priv tables INDEX Index_priv tables INSERT Insert_priv tables or columns SELECT Select_priv tables or columns UPDATE Update_priv tables or columns CREATE TEMPORARY TABLES Create_tmp_table_priv tables TRIGGER Trigger_priv tables CREATE VIEW Create_view_priv views SHOW VIEW Show_view_priv views ALTER ROUTINE Alter_routine_priv stored routines CREATE ROUTINE Create_routine_priv stored routines EXECUTE Execute_priv stored routines FILE File_priv file access on server host CREATE USER Create_user_priv server administration PROCESS Process_priv server administration RELOAD Reload_priv server administration REPLICATION CLIENT Repl_client_priv server administration REPLICATION SLAVE Repl_slave_priv server administration SHOW DATABASES Show_db_priv server administration SHUTDOWN Shutdown_priv server administration SUPER Super_priv server administration ALL [PRIVILEGES] server administration USAGE server administration
- 11. FILE File privilege allows disk I/O access This is BAD for most cases… How can we abuse this? ‘; SELECT LOAD_FILE("/etc/passwd") INTO OUTFILE "/var/www/passwd.txt";-- What if we can upload a text file, or post a text comment? What about PHP uploads? Most servers that will store PHP do so in a non- executable extension or database… But we can change that
- 12. Installing a Shell Let’s say web server allowed you to attach a text file, called myupload.txt Let’s say you’re evil, and the contents of myupload.txt is the code of a PHP shell. Won’t execute due to uploader. Let’s fix that. '))); SELECT LOAD_FILE("/var/www/<user>/uploads/myupload.tx t") INTO OUTFILE "/var/www/myshell.php";-- Best served with the command “rm –rf /var/www”
- 13. Questions?
- 14. Security Consultant @ Cigital, Inc. hon1nbo@hackingand.coffee @hon1nbo