MT
Uploaded byMohamed Talaat
PPTX, PDF737 views

OWASP Top 10 - Day 1 - A1 injection attacks

The document discusses SQL injection attacks, detailing various types such as inband, blind, and time-based injections, along with real-world scenarios including exploits. It emphasizes the importance of the Open Web Application Security Project (OWASP) in raising awareness about application security, and provides prevention techniques like prepared statements and input validation. Additionally, tools like sqlmap are introduced for automating the identification of SQL injection vulnerabilities.

Embed presentation

Downloaded 21 times
A1 – Injection Attacks Mohamed Talaat Linkedin: https://www.linkedin.com/in/mtibrahim/ Twitter: https://twitter.com/t4144t E-mail: Mohamed.Talaat@owasp.org
Agenda • 1- SQL Injection • Demo • 2- Template Injection • Demo • 3- Broken Authentication • Demo • 4- Session Management • Demo
What’s OWASP? • Open Web Application Security Project aims to increase the awareness of the application security. • Everyone is free to participate in OWASP • We are OWASP Egypt – Cairo Chapter
OWASP Projects • OWASP Top 10 security vulnerabilities project • OWASP ZAP Project • OWASP Juice Shop • More on the following link: https://www.owasp.org/index.php/Category:OWASP_Project
OWASP Top 10 – Application Security Risks
How the web app works? • 3 Tiers Model:
Browser : Presentation Tier
PHP Code : Logic Tier
SQL Code: Storage Tier
SQL Queries Types • Static Query • Dymanic Query
What is the type of this query? • $dbhostname=‘127.0.0.1'; • $dbuser=‘admin'; • $dbpassword='password'; • $dbname='database'; • $connection = mysqli_connect($dbhostname, $dbuser, $dbpassword, $dbname); $query = "SELECT Name, Description FROM Products WHERE ID='3' UNION SELECT Username, Password FROM Accounts;";
What about this? $id = $_GET['id']; $connection = mysqli_connect($dbhostname, $dbuser, $dbpassword, $dbname); $query = "SELECT Name, Description FROM Products WHERE ID='$id';"; $results = mysqli_query($connection, $query); display_results($results);
A1 – SQL Injection • The first checked by hackers • Once found, ready to be exploited : )
Injection • What is the SQL & Types • Concept • Injection Issue • Attack • CRUD
Injection Concept • Identify injection point • Finding the best technique to attack • Data Exfiltration
SQLi Real World Scenarios
SQL Injection Scenario Yahoo! Sports blind injection • Stefano entered Yahoo! Web site with the following URL: http://sports.yahoo.com/nfl/draft?year=2010&type=20&round=2 • He tried to put a comment after the year 2010 and noticed what happen • So it will be like this: http://sports.yahoo.com/nfl/draft?year=2010--&type=20&round=2
SQL Injection Scenario Yahoo! Sports blind injection • Original Query: SELECT * FROM PLAYERS WHERE YEAR = 2010 AND TYPE = 20 AND ROUND = 2; • By inserting the dashes, Stefano essentially made it act like: SELECT * FROM PLAYERS WHERE YEAR = 2010;
SQL Injection Scenario Yahoo! Sports blind injection • Yahoo Sport Blind Injection – Before commenting
SQL Injection Scenario Yahoo! Sports blind injection • Yahoo Sport Blind Injection – After commenting
SQL Injection Scenario SQLi to RCE • Ibrahim Raafat (Egyptian Researcher) could exploit a SQLi vulnerability to have full control on the server. • He was doing purchase when he noticed the following URL and tried to inject it with SQLi payload in each parameter until one succeeded. • Union based SQL injection in order_id parameter POST: order_id=-116564954 union select 1337,2,3,4,5,6,7,8,9,10,11,12,13,14,15– – &first_name=aaaa&last_name=sssss&street1=ddddddddddd&street2=ddddddd&city=fffffff&state=ff&postal _code=12547&country_code=US&phone=45454545457&method=flickr.products.orders.setShippingAddress &csrf=1365645560%3Acmj2m0s5jvyrpb9%kld65d65d54d54d55d45dsq&api_key=3c7ab2846f4183ecg56s96 d5d5w4e644268&format=json&hermes=1&hermesClient=1&reqId=q3oovqa&nojsoncallback=1
SQL Injection Scenario SQLi to RCE • He was able to read sensitive files from the web server
SQL Injection Scenario SQLi to RCE • And also write files to the server!
SQL Injection Scenario SQLi to RCE • Aaaaand the RCE
SQL Injection Scenario SQLi to RCE • After that he got 15K bounty
So how they did it?
Exploiting SQLi SELECT Name, Description FROM Products WHERE ID='$id‘ and PASSWORD=‘$password’; Attacker input: ‘ or ‘a’=‘a # SELECT Name, Description FROM Products WHERE ID='' OR 'a'='a#‘and PASSWORD=‘$password’;
SQL Injection Types • Inband:- • Error Based Injection • Blind Injection • Time Based • Boolean Based (True/false) • Out-Of-Band
SQL Injection Types • Error Based SQLi
SQL Injection Types • Blind SQLi
Injection Points • GET Parameters • POST Parameters • Headers • COOKIES
What can be done with SQLi? • Authentication Bypass • Read file systems? • Run system commands? • Dump all the data?
SQL Injection Scenario • Yahoo Sport Blind Injection
SQL Injection Prevention • Prepared Statement Or Parameterized Query • Stored Procedure • Input Validation (Blacklisting or whitelisting)
SQL Injection Prevention • Prepared Statement Or Parameterized Query
SQL Injection Prevention • Stored Procedure
SQL Injection Prevention • Input Validation: (Escaping) – PHP
SQL Injection Prevention • Input Validation: Type Casting $user_id = (int) $user_id;
Code & Command Injection • OS Command Injection • Code Injection
OS Command Injection - Case
OS Command Injection - Vulnerable
OS Command Injection - Protection
Code injection – case
Code Injection - Vulnerable
Code Injection - Protection
Demo – SQLi in request headers • Perform full scan on the victim • Finding the injection point • Exfiltration • Get the reassure : )
SQLmap • A tool used to automate SQLi slow exfiltration and to identify potential SQLi injection points. • Ready with a great number of scripts to be executed • Could be integrated with other tools such as Burpsuite, Metasploit
SQLmap Basics • -u : pass a URL to SQLmap • --dbs: sort all the databases in the system • --banner: Grap the database banner • --threads 7: increase the number of threads in blind injections • --tables: grap the db tables • -T table: choose table • --dump: dump all the data in a table of db • --level: sets a level from 1 to 5 for the number of injection points (headers and parameters) • --risk: sets a level from 1 to 3 for the type of test made • --batch: run sqlmap defaults
SQLmap Basics • Basic Scan: • sqlmap -u http://192.168.203.139 - - batch • Intense Scan (Not Recommended on production): • sqlmap -u "http://192.168.203.139" --level 5 --risk 3 --threads 7 --batch

More Related Content

PDF
Web Application Penetration Testing
byPriyanka Aash
 
PPTX
Owasp Top 10 A1: Injection
byMichael Hendrickx
 
PDF
Ekoparty 2017 - The Bug Hunter's Methodology
bybugcrowd
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
PPTX
Waf bypassing Techniques
byAvinash Thapa
 
PDF
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
PPTX
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
PDF
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 
Web Application Penetration Testing
byPriyanka Aash
 
Owasp Top 10 A1: Injection
byMichael Hendrickx
 
Ekoparty 2017 - The Bug Hunter's Methodology
bybugcrowd
 
Bug Bounty Hunter Methodology - Nullcon 2016
bybugcrowd
 
Waf bypassing Techniques
byAvinash Thapa
 
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
Bug Bounty for - Beginners
byHimanshu Kumar Das
 
Neat tricks to bypass CSRF-protection
byMikhail Egorov
 

What's hot

PDF
Sql Injection Myths and Fallacies
byKarwin Software Solutions LLC
 
PPTX
Cross-Site Scripting (XSS)
byDaniel Tumser
 
PDF
Bug Bounty - Hackers Job
byArbin Godar
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PDF
Offzone | Another waf bypass
byДмитрий Бумов
 
PDF
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
byFrans Rosén
 
ODP
Secure coding in C#
bySiddharth Bezalwar
 
PDF
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
PPTX
Cross Site Scripting: Prevention and Detection(XSS)
byAman Singh
 
PDF
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
PDF
Android Security & Penetration Testing
bySubho Halder
 
PDF
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
PDF
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
PPTX
Web Cache Poisoning
byKuldeepPandya5
 
PPTX
Security Code Review 101
byPaul Ionescu
 
PPTX
Pentesting Android Applications
byCláudio André
 
PPTX
Attacking thru HTTP Host header
bySergey Belov
 
PDF
Bug Bounty Basics
byHackerOne
 
PDF
DNS exfiltration using sqlmap
byMiroslav Stampar
 
PPTX
Bug Bounty #Defconlucknow2016
byShubham Gupta
 
Sql Injection Myths and Fallacies
byKarwin Software Solutions LLC
 
Cross-Site Scripting (XSS)
byDaniel Tumser
 
Bug Bounty - Hackers Job
byArbin Godar
 
Sql injections - with example
byPrateek Chauhan
 
Offzone | Another waf bypass
byДмитрий Бумов
 
OWASP AppSecEU 2018 – Attacking "Modern" Web Technologies
byFrans Rosén
 
Secure coding in C#
bySiddharth Bezalwar
 
SQL injection: Not Only AND 1=1 (updated)
byBernardo Damele A. G.
 
Cross Site Scripting: Prevention and Detection(XSS)
byAman Singh
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
byFrans Rosén
 
Android Security & Penetration Testing
bySubho Halder
 
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
byAbhinav Mishra
 
Web Cache Poisoning
byKuldeepPandya5
 
Security Code Review 101
byPaul Ionescu
 
Pentesting Android Applications
byCláudio André
 
Attacking thru HTTP Host header
bySergey Belov
 
Bug Bounty Basics
byHackerOne
 
DNS exfiltration using sqlmap
byMiroslav Stampar
 
Bug Bounty #Defconlucknow2016
byShubham Gupta
 

Similar to OWASP Top 10 - Day 1 - A1 injection attacks

PPTX
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
PPTX
Sql Injection
byAju Thomas
 
PDF
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
PPTX
SQL INJECTION
byAnoop T
 
PDF
SQL Injection
byAbhinav Nair
 
PDF
Practical Approach towards SQLi ppt
byAhamed Saleem
 
PPTX
Sql injection
bySuraj Tiwari
 
PPTX
SQLi for Security Champions
byPetraVukmirovic
 
PPTX
SQL injection implementation and prevention
byRejaul Islam Royel
 
PPTX
cybersecurity and sql injection for students
byVeenaShree20
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PDF
Sql injection
byGauthamMK
 
PDF
SQL injection Colombo Cybersecurity Meetup
byJanith Malinga
 
PDF
How to identify and prevent SQL injection
byEguardian Global Services
 
PPTX
Hack through Injections
byNazar Tymoshyk, CEH, Ph.D.
 
PDF
Sql injection
byBee_Ware
 
PPTX
Intro to SQL Injection
byhon1nbo
 
PDF
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
PPTX
SQL injection
byRaj Parmar
 
PPTX
Sql injection
byMehul Boghra
 
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
Sql Injection
byAju Thomas
 
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
SQL INJECTION
byAnoop T
 
SQL Injection
byAbhinav Nair
 
Practical Approach towards SQLi ppt
byAhamed Saleem
 
Sql injection
bySuraj Tiwari
 
SQLi for Security Champions
byPetraVukmirovic
 
SQL injection implementation and prevention
byRejaul Islam Royel
 
cybersecurity and sql injection for students
byVeenaShree20
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
Sql injection
byGauthamMK
 
SQL injection Colombo Cybersecurity Meetup
byJanith Malinga
 
How to identify and prevent SQL injection
byEguardian Global Services
 
Hack through Injections
byNazar Tymoshyk, CEH, Ph.D.
 
Sql injection
byBee_Ware
 
Intro to SQL Injection
byhon1nbo
 
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
SQL injection
byRaj Parmar
 
Sql injection
byMehul Boghra
 

Recently uploaded

PDF
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PDF
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
PPTX
Fluorimetric Analysis- Theory, Instrumentation and Application
bySayali Powar
 
PDF
Unit Plan and Unit Test-pdf-Dr. Rajashekhar Shirvalkar, Principal, SMRS B.Ed ...
byRajashekhar Shirvalkar
 
PPTX
ENGLISH-7-Quarter-4-Week-3 Matatag .pptx
byKimberlyJadeCuyos
 
PDF
RAJAT ARORA SIR PHYSICAL EDUCATION NOTES ALL CHAPTERS .pdf
bysumitkannoujiya74
 
PPTX
ECP Demo ppt.pptx Visualizing and Identifying solid figures using concrete an...
byireneodechavez1
 
PPTX
GRADE 8_WEEK 2_QUARTER 4_ENGLISH_MATATAG.pptx
byRoinelReyes1
 
PDF
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
PDF
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PDF
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
PDF
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PPTX
Cultivation practice of Okra in Nepal.pptx
byUmeshTimilsina1
 
PPTX
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
PDF
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
PPTX
How to Configure Dispatch Management System in Odoo 18 Inventory
byCeline George
 
PDF
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 
Workshop 29 Crystal Review All Students by YogiGoddess
by©LDMMIA, ©Reiki Yoga
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
Orlando by Virginia Woolf: The Granite and The Rainbow
byAdityarajsinh Gohil
 
Fluorimetric Analysis- Theory, Instrumentation and Application
bySayali Powar
 
Unit Plan and Unit Test-pdf-Dr. Rajashekhar Shirvalkar, Principal, SMRS B.Ed ...
byRajashekhar Shirvalkar
 
ENGLISH-7-Quarter-4-Week-3 Matatag .pptx
byKimberlyJadeCuyos
 
RAJAT ARORA SIR PHYSICAL EDUCATION NOTES ALL CHAPTERS .pdf
bysumitkannoujiya74
 
ECP Demo ppt.pptx Visualizing and Identifying solid figures using concrete an...
byireneodechavez1
 
GRADE 8_WEEK 2_QUARTER 4_ENGLISH_MATATAG.pptx
byRoinelReyes1
 
Family and Marriage __ Sociology __ Jhasketan Kuanar __ NURSING VIBE ONLY .pdf
byJK NURSING VIBES ONLY JHASKETAN KUANAR
 
Judgement Regarding Land Acquisition Act not Applicable to Encroachers.pdf
byssuser9d8e4e
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
Pharmaceutical Quality Assurance Unit 1 (BP606T)
byChetan Mali
 
Artificial Intelligence in Research and Academic Writing, Workshop on Researc...
byProf. Vinod Kumar Kanvaria
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
Cultivation practice of Okra in Nepal.pptx
byUmeshTimilsina1
 
MEMORY &FORGETTING. Shilpa Hotakar.Psychology pptx
bySHILPA HOTAKAR
 
Pratishta Educational Society., Courses & Opportunities
byGanapathiVankudoth
 
How to Configure Dispatch Management System in Odoo 18 Inventory
byCeline George
 
Bones by Sadu Kassam (play) story ppt pdf
byRonnieMaeBorres
 

OWASP Top 10 - Day 1 - A1 injection attacks

  • 1.
    A1 – InjectionAttacks Mohamed Talaat Linkedin: https://www.linkedin.com/in/mtibrahim/ Twitter: https://twitter.com/t4144t E-mail: Mohamed.Talaat@owasp.org
  • 2.
    Agenda • 1- SQLInjection • Demo • 2- Template Injection • Demo • 3- Broken Authentication • Demo • 4- Session Management • Demo
  • 3.
    What’s OWASP? • OpenWeb Application Security Project aims to increase the awareness of the application security. • Everyone is free to participate in OWASP • We are OWASP Egypt – Cairo Chapter
  • 4.
    OWASP Projects • OWASPTop 10 security vulnerabilities project • OWASP ZAP Project • OWASP Juice Shop • More on the following link: https://www.owasp.org/index.php/Category:OWASP_Project
  • 5.
    OWASP Top 10– Application Security Risks
  • 6.
    How the webapp works? • 3 Tiers Model:
  • 7.
  • 8.
    PHP Code :Logic Tier
  • 9.
  • 10.
    SQL Queries Types •Static Query • Dymanic Query
  • 11.
    What is thetype of this query? • $dbhostname=‘127.0.0.1'; • $dbuser=‘admin'; • $dbpassword='password'; • $dbname='database'; • $connection = mysqli_connect($dbhostname, $dbuser, $dbpassword, $dbname); $query = "SELECT Name, Description FROM Products WHERE ID='3' UNION SELECT Username, Password FROM Accounts;";
  • 12.
    What about this? $id= $_GET['id']; $connection = mysqli_connect($dbhostname, $dbuser, $dbpassword, $dbname); $query = "SELECT Name, Description FROM Products WHERE ID='$id';"; $results = mysqli_query($connection, $query); display_results($results);
  • 13.
    A1 – SQLInjection • The first checked by hackers • Once found, ready to be exploited : )
  • 14.
    Injection • What isthe SQL & Types • Concept • Injection Issue • Attack • CRUD
  • 15.
    Injection Concept • Identifyinjection point • Finding the best technique to attack • Data Exfiltration
  • 16.
    SQLi Real WorldScenarios
  • 17.
    SQL Injection Scenario Yahoo!Sports blind injection • Stefano entered Yahoo! Web site with the following URL: http://sports.yahoo.com/nfl/draft?year=2010&type=20&round=2 • He tried to put a comment after the year 2010 and noticed what happen • So it will be like this: http://sports.yahoo.com/nfl/draft?year=2010--&type=20&round=2
  • 18.
    SQL Injection Scenario Yahoo!Sports blind injection • Original Query: SELECT * FROM PLAYERS WHERE YEAR = 2010 AND TYPE = 20 AND ROUND = 2; • By inserting the dashes, Stefano essentially made it act like: SELECT * FROM PLAYERS WHERE YEAR = 2010;
  • 19.
    SQL Injection Scenario Yahoo!Sports blind injection • Yahoo Sport Blind Injection – Before commenting
  • 20.
    SQL Injection Scenario Yahoo!Sports blind injection • Yahoo Sport Blind Injection – After commenting
  • 21.
    SQL Injection Scenario SQLito RCE • Ibrahim Raafat (Egyptian Researcher) could exploit a SQLi vulnerability to have full control on the server. • He was doing purchase when he noticed the following URL and tried to inject it with SQLi payload in each parameter until one succeeded. • Union based SQL injection in order_id parameter POST: order_id=-116564954 union select 1337,2,3,4,5,6,7,8,9,10,11,12,13,14,15– – &first_name=aaaa&last_name=sssss&street1=ddddddddddd&street2=ddddddd&city=fffffff&state=ff&postal _code=12547&country_code=US&phone=45454545457&method=flickr.products.orders.setShippingAddress &csrf=1365645560%3Acmj2m0s5jvyrpb9%kld65d65d54d54d55d45dsq&api_key=3c7ab2846f4183ecg56s96 d5d5w4e644268&format=json&hermes=1&hermesClient=1&reqId=q3oovqa&nojsoncallback=1
  • 22.
    SQL Injection Scenario SQLito RCE • He was able to read sensitive files from the web server
  • 23.
    SQL Injection Scenario SQLito RCE • And also write files to the server!
  • 24.
    SQL Injection Scenario SQLito RCE • Aaaaand the RCE
  • 25.
    SQL Injection Scenario SQLito RCE • After that he got 15K bounty
  • 26.
    So how theydid it?
  • 27.
    Exploiting SQLi SELECT Name,Description FROM Products WHERE ID='$id‘ and PASSWORD=‘$password’; Attacker input: ‘ or ‘a’=‘a # SELECT Name, Description FROM Products WHERE ID='' OR 'a'='a#‘and PASSWORD=‘$password’;
  • 28.
    SQL Injection Types •Inband:- • Error Based Injection • Blind Injection • Time Based • Boolean Based (True/false) • Out-Of-Band
  • 29.
    SQL Injection Types •Error Based SQLi
  • 30.
  • 31.
    Injection Points • GETParameters • POST Parameters • Headers • COOKIES
  • 32.
    What can bedone with SQLi? • Authentication Bypass • Read file systems? • Run system commands? • Dump all the data?
  • 33.
    SQL Injection Scenario •Yahoo Sport Blind Injection
  • 34.
    SQL Injection Prevention •Prepared Statement Or Parameterized Query • Stored Procedure • Input Validation (Blacklisting or whitelisting)
  • 35.
    SQL Injection Prevention •Prepared Statement Or Parameterized Query
  • 36.
  • 37.
    SQL Injection Prevention •Input Validation: (Escaping) – PHP
  • 38.
    SQL Injection Prevention •Input Validation: Type Casting $user_id = (int) $user_id;
  • 39.
    Code & CommandInjection • OS Command Injection • Code Injection
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
    Code Injection -Vulnerable
  • 45.
    Code Injection -Protection
  • 46.
    Demo – SQLiin request headers • Perform full scan on the victim • Finding the injection point • Exfiltration • Get the reassure : )
  • 47.
    SQLmap • A toolused to automate SQLi slow exfiltration and to identify potential SQLi injection points. • Ready with a great number of scripts to be executed • Could be integrated with other tools such as Burpsuite, Metasploit
  • 48.
    SQLmap Basics • -u: pass a URL to SQLmap • --dbs: sort all the databases in the system • --banner: Grap the database banner • --threads 7: increase the number of threads in blind injections • --tables: grap the db tables • -T table: choose table • --dump: dump all the data in a table of db • --level: sets a level from 1 to 5 for the number of injection points (headers and parameters) • --risk: sets a level from 1 to 3 for the type of test made • --batch: run sqlmap defaults
  • 49.
    SQLmap Basics • BasicScan: • sqlmap -u http://192.168.203.139 - - batch • Intense Scan (Not Recommended on production): • sqlmap -u "http://192.168.203.139" --level 5 --risk 3 --threads 7 --batch

Editor's Notes

  • #7 Presentation Tier: View to the user Translates the user requests to HTTP request – sends it to the logic tier Rendering HTML Code to graphical view Logic Tier: Web server which stores the code of the app Middleware which makes the processing tasks Loads, compiles, executes scripts Translates the HTTP request to Database query and sends it to the storage tier Storage: Execute database query Then the logic tier pulls the result back, formats it, sends it back to the presentation tier
  • #15 The injection issue is the lack of the sanitization for user input (Much confidence) The attack leverages from the ability of an attacker to inject a malicious SQL/ database queries to the logic tier in order to execute it at the database and returns the result to the attacker. CRUD: Create, Read, Update, Delete