SlideShare a Scribd company logo

seminar report on Sql injection

Download as PPTX, PDF
Jawhar Ali
Jawhar Ali

seminar report on Sql injection By:- VIKASH SAINI

Education
1 of 23
SHEKHAWATI INSTITUTE OF ENGINEERING AND TECHNOLOGY A Project Presentation On SQL injection Submitted to:- Mrs. Suman Singh HOD of CSE Dept. Submitted by:- Vikash Saini B.Tech CSE 8th sem
CONTENTS • What is SQL? • What is SQL injection? • SQL Injection Attacks on the rise • Impact • Tools to find SQL Injection • How SQL injection work • Error based SQL injection • Uniscan • sqlmap
What is SQL • Structured Query language(SQL) is actually the standard language for dealing with relational databases • SQL programming can be effectively used to insert ,search,update,delete database records • In fact it can do lot of things including,but not limited to,optimizing and maintenance of database. • SQL Example SELECT * FROM Members WHERE Age>30
What is SQL injection SQL injection is probably the most dangerous known web attack. Sometimes it could lead to remote code execution that gives the hacker a full control By levering SQL injecton, an attacker could bypass authentication access ,modify and delete data within a database
SQL Injection Attacks on the rise
impact 1. Leakage of sensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
Some massive attacks • Yahoo! Voices was hacked in July 2003,The attack acquired 453,000 user email addresses and passwords. The perpetrators claimed to have used SQL injection to break in. • LinkedIn.com leaked 6.5 million user credentials in June. • the attack was accomplished with SQL injection.
Tools to find SQL Injection • Netsparker (Web) • Matrixay (Web) • HP Webinspect (Web) • IBM Rational AppScan (Web) • Pangolin (Web) • SQLMap (Web) • Fuzzer (PL/SQL)
How SQL injection work DB Server User Pass ‘ or 1=1-- • Attacker Application server
SQL Injection Attack #1 Unauthorized Access Attempt: password = ’ or 1=1 -- SQL statement becomes: select count(*) from users where username = ‘user’and password = ‘’or 1=1 -- Checks if password is empty OR 1=1, which is always
Some SQL injection strings
Error based SQL injection • In this case database simply send error messeage to the user • Response : syntax error converting the nvarchar value
Checking of vulnerable sites 1. by using google search engine
By using Uniscan kali tool
Some popular vulunrable site
sqlmap • Sqlmap is one of the most popular and powerful sql injection automation tool out there. • Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc.
SQL injection Conclusion • SQL injection is technique for exploiting applications that use relational databases as their back end. • Applications compose SQL statements and send to database. • SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user- supplied data that forms WHERE predicates or additional sub-queries.
THANK YOU

Recommended

SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 

Recommended

SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptxSimplilearn
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sql injection
Sql injectionSql injection
Sql injectionNuruzzaman Milon
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Sqlmap
SqlmapSqlmap
SqlmapRushikesh Kulkarni
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx0567Padma
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 

More Related Content

What's hot

SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptxSimplilearn
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 

What's hot (20)

SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
 
Sql injection
Sql injectionSql injection
Sql injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection
Sql injectionSql injection
Sql injection
 
Xss attack
Xss attackXss attack
Xss attack
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Security testing
Security testingSecurity testing
Security testing
 
Sqlmap
SqlmapSqlmap
Sqlmap
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 

Similar to seminar report on Sql injection

csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx0567Padma
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web security
Web securityWeb security
Web securitydogangcr
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi pptAhamed Saleem
 
Web application penetration using SQLMAP.
Web application penetration using SQLMAP.Web application penetration using SQLMAP.
Web application penetration using SQLMAP.asmitaanpat
 
Unique Features of SQL Injection in PHP Assignment
Unique Features of SQL Injection in PHP AssignmentUnique Features of SQL Injection in PHP Assignment
Unique Features of SQL Injection in PHP AssignmentLesa Cote
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedMicah Hoffman
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless HackingDon Anto
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Ravindra Singh Rathore
 
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOWSQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOWVladimir Arutin
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxprasadGade6
 
Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Gargee Hiray
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01G Prachi
 

Similar to seminar report on Sql injection (20)

csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Web security
Web securityWeb security
Web security
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi ppt
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
Web application penetration using SQLMAP.
Web application penetration using SQLMAP.Web application penetration using SQLMAP.
Web application penetration using SQLMAP.
 
eti.pptx
eti.pptxeti.pptx
eti.pptx
 
Unique Features of SQL Injection in PHP Assignment
Unique Features of SQL Injection in PHP AssignmentUnique Features of SQL Injection in PHP Assignment
Unique Features of SQL Injection in PHP Assignment
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
SANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection ExploitedSANS @Night Talk: SQL Injection Exploited
SANS @Night Talk: SQL Injection Exploited
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Web & Wireless Hacking
Web & Wireless HackingWeb & Wireless Hacking
Web & Wireless Hacking
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOWSQL INJECTIONS EVERY TESTER NEEDS TO KNOW
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
 
Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7Cyber crime an eye opener 144 te 2 t-7
Cyber crime an eye opener 144 te 2 t-7
 
Sql injection
Sql injectionSql injection
Sql injection
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 

More from Jawhar Ali

seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomwareJawhar Ali
 
seminar report on kingapp application
seminar report on kingapp applicationseminar report on kingapp application
seminar report on kingapp applicationJawhar Ali
 
seminar report on school management system
seminar report on school management systemseminar report on school management system
seminar report on school management systemJawhar Ali
 
seminar presentation on apache-spark
seminar presentation on apache-sparkseminar presentation on apache-spark
seminar presentation on apache-sparkJawhar Ali
 
seminar presentation on Face ricognition technology
seminar presentation on Face ricognition technologyseminar presentation on Face ricognition technology
seminar presentation on Face ricognition technologyJawhar Ali
 
seminar presentation on Digital Jwellery
seminar presentation on Digital Jwelleryseminar presentation on Digital Jwellery
seminar presentation on Digital JwelleryJawhar Ali
 
powerpoint presentation on sixth sense Technology
powerpoint presentation on sixth sense Technologypowerpoint presentation on sixth sense Technology
powerpoint presentation on sixth sense TechnologyJawhar Ali
 
Powerpoint presentation on 5G wireless technology
Powerpoint presentation on 5G wireless technologyPowerpoint presentation on 5G wireless technology
Powerpoint presentation on 5G wireless technologyJawhar Ali
 
powerpoint presentation on Google glass
powerpoint presentation on Google glasspowerpoint presentation on Google glass
powerpoint presentation on Google glassJawhar Ali
 
Table Of Contents Google Glass
Table Of Contents Google GlassTable Of Contents Google Glass
Table Of Contents Google GlassJawhar Ali
 
introduction and abstract on Google Glass Major report
introduction and abstract on Google Glass Major reportintroduction and abstract on Google Glass Major report
introduction and abstract on Google Glass Major reportJawhar Ali
 
Candidate declaration on Google Glass
Candidate declaration on Google GlassCandidate declaration on Google Glass
Candidate declaration on Google GlassJawhar Ali
 
front Page on Google Glass
front Page on Google Glass front Page on Google Glass
front Page on Google GlassJawhar Ali
 
Table of contents on blood bank management system
Table of contents on blood bank management systemTable of contents on blood bank management system
Table of contents on blood bank management systemJawhar Ali
 
List of figures in Blood bank management system
List of figures in Blood bank management systemList of figures in Blood bank management system
List of figures in Blood bank management systemJawhar Ali
 
Full report on blood bank management system
Full report on blood bank management systemFull report on blood bank management system
Full report on blood bank management systemJawhar Ali
 
Cand declaration
Cand declaration Cand declaration
Cand declaration Jawhar Ali
 
Training report on web developing
Training report on web developingTraining report on web developing
Training report on web developingJawhar Ali
 
seminar report on wireless Sensor network
seminar report on wireless Sensor networkseminar report on wireless Sensor network
seminar report on wireless Sensor networkJawhar Ali
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing pptJawhar Ali
 

More from Jawhar Ali (20)

seminar report on What is ransomware
seminar report on What is ransomwareseminar report on What is ransomware
seminar report on What is ransomware
 
seminar report on kingapp application
seminar report on kingapp applicationseminar report on kingapp application
seminar report on kingapp application
 
seminar report on school management system
seminar report on school management systemseminar report on school management system
seminar report on school management system
 
seminar presentation on apache-spark
seminar presentation on apache-sparkseminar presentation on apache-spark
seminar presentation on apache-spark
 
seminar presentation on Face ricognition technology
seminar presentation on Face ricognition technologyseminar presentation on Face ricognition technology
seminar presentation on Face ricognition technology
 
seminar presentation on Digital Jwellery
seminar presentation on Digital Jwelleryseminar presentation on Digital Jwellery
seminar presentation on Digital Jwellery
 
powerpoint presentation on sixth sense Technology
powerpoint presentation on sixth sense Technologypowerpoint presentation on sixth sense Technology
powerpoint presentation on sixth sense Technology
 
Powerpoint presentation on 5G wireless technology
Powerpoint presentation on 5G wireless technologyPowerpoint presentation on 5G wireless technology
Powerpoint presentation on 5G wireless technology
 
powerpoint presentation on Google glass
powerpoint presentation on Google glasspowerpoint presentation on Google glass
powerpoint presentation on Google glass
 
Table Of Contents Google Glass
Table Of Contents Google GlassTable Of Contents Google Glass
Table Of Contents Google Glass
 
introduction and abstract on Google Glass Major report
introduction and abstract on Google Glass Major reportintroduction and abstract on Google Glass Major report
introduction and abstract on Google Glass Major report
 
Candidate declaration on Google Glass
Candidate declaration on Google GlassCandidate declaration on Google Glass
Candidate declaration on Google Glass
 
front Page on Google Glass
front Page on Google Glass front Page on Google Glass
front Page on Google Glass
 
Table of contents on blood bank management system
Table of contents on blood bank management systemTable of contents on blood bank management system
Table of contents on blood bank management system
 
List of figures in Blood bank management system
List of figures in Blood bank management systemList of figures in Blood bank management system
List of figures in Blood bank management system
 
Full report on blood bank management system
Full report on blood bank management systemFull report on blood bank management system
Full report on blood bank management system
 
Cand declaration
Cand declaration Cand declaration
Cand declaration
 
Training report on web developing
Training report on web developingTraining report on web developing
Training report on web developing
 
seminar report on wireless Sensor network
seminar report on wireless Sensor networkseminar report on wireless Sensor network
seminar report on wireless Sensor network
 
Cloud computing ppt
Cloud computing pptCloud computing ppt
Cloud computing ppt
 

Recently uploaded

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991RKavithamani
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 

Recently uploaded (20)

Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
Industrial Policy - 1948, 1956, 1973, 1977, 1980, 1991
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

seminar report on Sql injection

  • 1. SHEKHAWATI INSTITUTE OF ENGINEERING AND TECHNOLOGY A Project Presentation On SQL injection Submitted to:- Mrs. Suman Singh HOD of CSE Dept. Submitted by:- Vikash Saini B.Tech CSE 8th sem
  • 2. CONTENTS • What is SQL? • What is SQL injection? • SQL Injection Attacks on the rise • Impact • Tools to find SQL Injection • How SQL injection work • Error based SQL injection • Uniscan • sqlmap
  • 3. What is SQL • Structured Query language(SQL) is actually the standard language for dealing with relational databases • SQL programming can be effectively used to insert ,search,update,delete database records • In fact it can do lot of things including,but not limited to,optimizing and maintenance of database. • SQL Example SELECT * FROM Members WHERE Age>30
  • 4. What is SQL injection SQL injection is probably the most dangerous known web attack. Sometimes it could lead to remote code execution that gives the hacker a full control By levering SQL injecton, an attacker could bypass authentication access ,modify and delete data within a database
  • 5. SQL Injection Attacks on the rise
  • 6. impact 1. Leakage of sensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
  • 7. Some massive attacks • Yahoo! Voices was hacked in July 2003,The attack acquired 453,000 user email addresses and passwords. The perpetrators claimed to have used SQL injection to break in. • LinkedIn.com leaked 6.5 million user credentials in June. • the attack was accomplished with SQL injection.
  • 8. Tools to find SQL Injection • Netsparker (Web) • Matrixay (Web) • HP Webinspect (Web) • IBM Rational AppScan (Web) • Pangolin (Web) • SQLMap (Web) • Fuzzer (PL/SQL)
  • 9. How SQL injection work DB Server User Pass ‘ or 1=1-- • Attacker Application server
  • 10. SQL Injection Attack #1 Unauthorized Access Attempt: password = ’ or 1=1 -- SQL statement becomes: select count(*) from users where username = ‘user’and password = ‘’or 1=1 -- Checks if password is empty OR 1=1, which is always
  • 12. Error based SQL injection • In this case database simply send error messeage to the user • Response : syntax error converting the nvarchar value
  • 13. Checking of vulnerable sites 1. by using google search engine
  • 14. By using Uniscan kali tool
  • 16. sqlmap • Sqlmap is one of the most popular and powerful sql injection automation tool out there. • Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21. SQL injection Conclusion • SQL injection is technique for exploiting applications that use relational databases as their back end. • Applications compose SQL statements and send to database. • SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user- supplied data that forms WHERE predicates or additional sub-queries.
  • 22.