SlideShare a Scribd company logo

Sql Injection

Download as PPT, PDF
Lakshika Rasanjali
Lakshika Rasanjali

SQL injection is a code injection technique that exploits security vulnerabilities in web applications. It works by inserting malicious SQL statements into entry fields for execution by the backend database, allowing an attacker to retrieve hidden data, subvert application login, retrieve data from other database tables, and examine the database structure. SQL injection vulnerabilities occur when user input is not sanitized and is used to construct SQL queries through string concatenation. The impact can include unauthorized access to sensitive data and damage to the application's reputation. Proper use of parameterized queries can prevent SQL injection by separating user input from the SQL query structure.

Education
1 of 20
1 / GROUP – 01 SQL INJECTION
2 / Topics….●What is SQL injection (SQLi) ? ●What is the impact of a successful SQL injection attack ? ●How SQL injection works? ●SQL injection examples ●Retrieving hidden data ●Subverting application login ●Retrieving data from other database tables ●Examining the database ●Blind SQL vulnerabilities ●How to detect SQL injection vulnerabilities ●SQL injection in different parts of the query ●Second-order SQL injection ●Database-specific factors
3 / What is SQL injection (SQLi)? ●SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. 2015ICT08
4 / What is the impact of a successful SQL injection attack? ●Unauthorized access to sensitive data, such as –Passwords –Credit card details –Personal user information ●Leading to Reputational damage and Regulatory fines. ●Leading to a long-term compromise that can go unnoticed for an extended period. 2015ICT08
5 / How SQL injection works? 1) App sends form to user 2) Attacker submits form with SQL exploit data 3) Application builds string with exploit data 4) Application sends SQL query to database 5) Database executes query, including exploit, sends data back to application 6) Application returns data to user 2015ICT41
6 / 2015ICT41
7 / SQL injection examples ●Retrieve hidden data, where you can modify an SQL query to return additional results. ●Subverting application logic, where you can change a query to interfere with the application’s logic. ●UNION attacks, where you can retrieve data from different database tables. ●Examining the database, where you can extract information about the version and structure of the database. ●Blind SQL injection, where the result of a query you control are not returned in the application’s responses. 2015ICT41
8 / Retrieving hidden data ●https://insecure-website.com/products?category=Gifts –SELECT * FROM products WHERE category=’Gifts’ AND released=1; –Attacker can construct an attack like : ●http://insecure-website.com/product?category=Gifts’-- –SELECT * FROM products WHERE category=’Gifts’--’ AND released=1; ●All products are displayed, including unreleased products. ●http://insecure-website.com/product?category=Gifts’+OR+1=1-- –SELECT * FROM products WHERE category=’Gifts’ OR 1=1--’ AND released=1; ●All items will return. 2015ICT85
9 / Subverting application logic ●Username – Admin, Password – Admin –SELECT * from users WHERE username=’Admin’ AND password=’Admin’; ●Attacker can login as any user without password : ●SELECT * FROM users WHERE username=’Admin’--’ AND password=‘ ’; ●Returns the user whose username is Admin and successfully logs the attacker in as that user. 2015ICT85
10/ Retrieving data from other database tables ●This is done using UNION keyword, which lets you execute an additional SELECT query and append the results to the query. ●For example, If an application executes the following query containing the user input ‘Gifts’ –SELECT name,description FROM products WHERE category=’Gifts’; ●then an attacker can submit the input: –UNION SELECT username,password FROM users-- ●Return all usernames and passwords along with the names and descriptions of products. 2015ICT48
11/ SQL injection UNION attacks ●When an application is vulnerable to SQL injection and the results of the query are returned within the application’s responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in an SQL injection UNION attack. –SELECT a,b FROM table1 UNION SELECT c,d FROM table2; ●For a UNION query to work, 2 key requirements must be met : –The individual queries must return the same number of columns. –The data types in each columns must be compatible between the individual queries. 2015ICT48
12/ Examining the database ●It is generally useful to obtain some information can often pave the way for further exploitation ●Can query the version details for the database. The way that this is done depends on the database type, so you can infer the database type from whichever technique works. –For example, on Oracle you can execute: – SELECT * FROM v$version ●Can also determine what database tables exist, and which columns they contain. –For example, on most databases you can execute the following query to list the tables: –SELECT * FROM information_schema.tables 2015ICT42
13/ Blind SQL vulnerabilities ●Blind SQL injection is a type of SQL injection attack that asks the database true or false questions and determines the answer based on the applications responses. ●Techniques can be used to exploit blind SQL injection vulnerabilities: –You can change the logic of the query –You can conditionally trigger a time delay in the processing of the query –You can trigger an out-of-band network interaction 2015ICT42
14/ How to detect SQL injection vulnerabilities ●SQL injection can be detected manually by using a systematic set of tests against every entry point in the application. ● This typically involves: –Submitting the single quote character ‘ and looking for errors or other anomalies. –Submitting some SQL-specific syntax that evaluates to the base (original) value of the entry point, and to a different value, and looking for systematic differences in the resulting application responses. –Submitting Boolean condition such as OR 1=1 and OR 1=2, and looking for differences in the application’s responses. –Submitting payloads designed to trigger time delays when executed within an SQL query, and looking for differences in the time taken to respond. –Submitting OAST payloads designed to trigger an out-of-band network interaction when executed within an SQL query, and monitoring for any resulting interactions. 2015ICT01
15/ SQL injection in different parts of the query ●In UPDATE statement, within the updated values or the WHERE clause ●In INSERT statement, within the inserted values ●In SELECT statement, within the table or column name ●In SELECT statement, within the ORDER BY clause 2015ICT79
16/ Second-order SQL injection ●In second-order SQL injection(also known as stored SQL injection),the application takes user input from an HTTP request and stores for future use. ●This is usually done by placing the input into a database, but no vulnerability arises at the point where the data is stored. ●When handling a different HTTP request, the application retrieves the stored data and incorporates it into SQL query in an unsafe way. ●When the data is later processed, it is deemed to be safe, since it was previously placed into the database safely. 2015ICT79
17/ Database specific factors ●Some Core Features of the SQL language are implemented in the same way across popular database platforms, and so many ways of detecting and exploiting SQL injection vulnerabilities work identically on different type database. ●There also many differences between common databases. These mean that some techniques for detecting and exploiting SQL injection work differently on different platforms. ●Example –Syntax for string Concentration. –Comments. –Batched. 2015ICT59
18/ How to prevent SQL injection ●Most instances of sql injection can be prevented by using parameterized queries instead of string concatenation with in the query. ●The following code vulnerable to SQL injection because the user input is concatenated directly in to the query. ●String query= “SELECT * FROM products WHERE category =' "+ input +“ ' " ; ●Statement statement =connection.createStatement() ; ●ResultSet resultSet =statement.executeQuery(query); ●This is the way that prevents the user input from interfering with the query structure. ●PreparedStatement statement = connection.prepareStatement("SELECT *FROM products Where category = ?“ ); 2015ICT02
19/ ●Parameterized queries can be used for any situation where untrusted input appears as data within the query, Including the WHERE clause and values in an INSERT OR UPDATE statement. ●They can’t be used to handle untrusted input in other parts of the query such as table or column names ,or the order by clause. ●Parameterized query to be effective in preventing SQL injection the String that is used in the query must always be a hard-coded constant, and must never contain any variable data from any origin. 2015ICT02
20/ THANK YOU

Recommended

SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injections
Sql injectionsSql injections
Sql injections
KK004
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
Rich Helton
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi ppt
Ahamed Saleem
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
ijsrd.com
 

Recommended

SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injections
Sql injectionsSql injections
Sql injections
KK004
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
Rich Helton
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi ppt
Ahamed Saleem
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
ijsrd.com
 
SQL Injection - Newsletter
SQL Injection - NewsletterSQL Injection - Newsletter
SQL Injection - Newsletter
Smitha Padmanabhan
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
Sql injection
Sql injectionSql injection
Sql injection
Safwan Hashmi
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
IOSR Journals
 
Sql injection & command injection
Sql injection & command injectionSql injection & command injection
Sql injection & command injection
Lahore Garrison University
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Kumar
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET Journal
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention
Rejaul Islam Royel
 
OER UNIT 5 Audit
OER UNIT 5 AuditOER UNIT 5 Audit
OER UNIT 5 Audit
Girija Muscut
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET Journal
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
Web application security
Web application securityWeb application security
Web application security
www.netgains.org
 
Sql injection
Sql injectionSql injection
Sql injection
The Avi Sharma
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
PetraVukmirovic
 
E017131924
E017131924E017131924
E017131924
IOSR Journals
 
Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)
R Islam
 
SQL INJECTIONS.pptx
SQL INJECTIONS.pptxSQL INJECTIONS.pptx
SQL INJECTIONS.pptx
JayeshYadav53
 
Introduction to SQL Injections
Introduction to SQL InjectionsIntroduction to SQL Injections
Introduction to SQL Injections
Haim Michael
 
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
IRJET Journal
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
Editor IJCATR
 

More Related Content

What's hot

SQL Injection - Newsletter
SQL Injection - NewsletterSQL Injection - Newsletter
SQL Injection - Newsletter
Smitha Padmanabhan
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
Sql injection
Sql injectionSql injection
Sql injection
Safwan Hashmi
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
IOSR Journals
 
Sql injection & command injection
Sql injection & command injectionSql injection & command injection
Sql injection & command injection
Lahore Garrison University
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Kumar
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET Journal
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention
Rejaul Islam Royel
 
OER UNIT 5 Audit
OER UNIT 5 AuditOER UNIT 5 Audit
OER UNIT 5 Audit
Girija Muscut
 

What's hot (11)

SQL Injection - Newsletter
SQL Injection - NewsletterSQL Injection - Newsletter
SQL Injection - Newsletter
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
 
Sql injection & command injection
Sql injection & command injectionSql injection & command injection
Sql injection & command injection
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A SurveyIRJET- Detection of SQL Injection using Machine Learning : A Survey
IRJET- Detection of SQL Injection using Machine Learning : A Survey
 
SQL injection implementation and prevention
SQL injection implementation and prevention SQL injection implementation and prevention
SQL injection implementation and prevention
 
OER UNIT 5 Audit
OER UNIT 5 AuditOER UNIT 5 Audit
OER UNIT 5 Audit
 

Similar to Sql Injection

IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET Journal
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
Web application security
Web application securityWeb application security
Web application security
www.netgains.org
 
Sql injection
Sql injectionSql injection
Sql injection
The Avi Sharma
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
PetraVukmirovic
 
E017131924
E017131924E017131924
E017131924
IOSR Journals
 
Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)
R Islam
 
SQL INJECTIONS.pptx
SQL INJECTIONS.pptxSQL INJECTIONS.pptx
SQL INJECTIONS.pptx
JayeshYadav53
 
Introduction to SQL Injections
Introduction to SQL InjectionsIntroduction to SQL Injections
Introduction to SQL Injections
Haim Michael
 
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
IRJET Journal
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
Editor IJCATR
 
Web security
Web securityWeb security
Web security
dogangcr
 
Database security issues
Database security issuesDatabase security issues
Database security issues
n|u - The Open Security Community
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL Injection
Vortana Say
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
prasadGade6
 
Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML Database
IOSR Journals
 
A Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection AttackA Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection Attack
IRJET Journal
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-SiteSQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
ijtsrd
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 

Similar to Sql Injection (20)

IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
Web application security
Web application securityWeb application security
Web application security
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
 
E017131924
E017131924E017131924
E017131924
 
Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)Ethical hacking (sql injection and butter overflow)
Ethical hacking (sql injection and butter overflow)
 
SQL INJECTIONS.pptx
SQL INJECTIONS.pptxSQL INJECTIONS.pptx
SQL INJECTIONS.pptx
 
Introduction to SQL Injections
Introduction to SQL InjectionsIntroduction to SQL Injections
Introduction to SQL Injections
 
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
SQL Injection and HTTP Flood DDOS Attack Detection and Classification Based o...
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
 
Web security
Web securityWeb security
Web security
 
Database security issues
Database security issuesDatabase security issues
Database security issues
 
Web Security: SQL Injection
Web Security: SQL InjectionWeb Security: SQL Injection
Web Security: SQL Injection
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
 
Prevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML DatabasePrevention of SQL Injection Attacks having XML Database
Prevention of SQL Injection Attacks having XML Database
 
A Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection AttackA Study on Detection and Prevention of SQL Injection Attack
A Study on Detection and Prevention of SQL Injection Attack
 
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-SiteSQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
SQL Injection Attack Detection and Prevention Techniques to Secure Web-Site
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
SQL injection
SQL injectionSQL injection
SQL injection
 

More from Lakshika Rasanjali

Cloud Computing.pptx
Cloud Computing.pptxCloud Computing.pptx
Cloud Computing.pptx
Lakshika Rasanjali
 
Network Layer
Network LayerNetwork Layer
Network Layer
Lakshika Rasanjali
 
Teachers management system
Teachers management systemTeachers management system
Teachers management system
Lakshika Rasanjali
 
Graphics for adjecency matrices
Graphics for adjecency matricesGraphics for adjecency matrices
Graphics for adjecency matrices
Lakshika Rasanjali
 
Vehicle Emission Testing System 2
Vehicle Emission Testing System 2Vehicle Emission Testing System 2
Vehicle Emission Testing System 2
Lakshika Rasanjali
 
Google I/O
Google I/O Google I/O
Google I/O
Lakshika Rasanjali
 
Vehicle Emission Testing System
Vehicle Emission Testing SystemVehicle Emission Testing System
Vehicle Emission Testing System
Lakshika Rasanjali
 
Question/Answers & Query Dialogue
Question/Answers & Query DialogueQuestion/Answers & Query Dialogue
Question/Answers & Query Dialogue
Lakshika Rasanjali
 

More from Lakshika Rasanjali (8)

Cloud Computing.pptx
Cloud Computing.pptxCloud Computing.pptx
Cloud Computing.pptx
 
Network Layer
Network LayerNetwork Layer
Network Layer
 
Teachers management system
Teachers management systemTeachers management system
Teachers management system
 
Graphics for adjecency matrices
Graphics for adjecency matricesGraphics for adjecency matrices
Graphics for adjecency matrices
 
Vehicle Emission Testing System 2
Vehicle Emission Testing System 2Vehicle Emission Testing System 2
Vehicle Emission Testing System 2
 
Google I/O
Google I/O Google I/O
Google I/O
 
Vehicle Emission Testing System
Vehicle Emission Testing SystemVehicle Emission Testing System
Vehicle Emission Testing System
 
Question/Answers & Query Dialogue
Question/Answers & Query DialogueQuestion/Answers & Query Dialogue
Question/Answers & Query Dialogue
 

Recently uploaded

ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
PECB
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
HajraNaeem15
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
mulvey2
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
imrankhan141184
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Denish Jangid
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
giancarloi8888
 
Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
PsychoTech Services
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
Nicholas Montgomery
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
Krassimira Luka
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
deepaannamalai16
 
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptLevel 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Henry Hollis
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
TechSoup
 
Nutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour TrainingNutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour Training
melliereed
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
danielkiash986
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
S. Raj Kumar
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
EduSkills OECD
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 

Recently uploaded (20)

ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...
 
How to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptxHow to deliver Powerpoint Presentations.pptx
How to deliver Powerpoint Presentations.pptx
 
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptxC1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
C1 Rubenstein AP HuG xxxxxxxxxxxxxx.pptx
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
Traditional Musical Instruments of Arunachal Pradesh and Uttar Pradesh - RAYH...
 
Chapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptxChapter wise All Notes of First year Basic Civil Engineering.pptx
Chapter wise All Notes of First year Basic Civil Engineering.pptx
 
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdfREASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
REASIGNACION 2024 UGEL CHUPACA 2024 UGEL CHUPACA.pdf
 
Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...Gender and Mental Health - Counselling and Family Therapy Applications and In...
Gender and Mental Health - Counselling and Family Therapy Applications and In...
 
writing about opinions about Australia the movie
writing about opinions about Australia the moviewriting about opinions about Australia the movie
writing about opinions about Australia the movie
 
Temple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation resultsTemple of Asclepius in Thrace. Excavation results
Temple of Asclepius in Thrace. Excavation results
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
Standardized tool for Intelligence test.
Standardized tool for Intelligence test.Standardized tool for Intelligence test.
Standardized tool for Intelligence test.
 
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptLevel 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
 
Nutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour TrainingNutrition Inc FY 2024, 4 - Hour Training
Nutrition Inc FY 2024, 4 - Hour Training
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
 
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching AptitudeUGC NET Exam Paper 1- Unit 1:Teaching Aptitude
UGC NET Exam Paper 1- Unit 1:Teaching Aptitude
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxBeyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 

Sql Injection

  • 1. 1 / GROUP – 01 SQL INJECTION
  • 2. 2 / Topics….●What is SQL injection (SQLi) ? ●What is the impact of a successful SQL injection attack ? ●How SQL injection works? ●SQL injection examples ●Retrieving hidden data ●Subverting application login ●Retrieving data from other database tables ●Examining the database ●Blind SQL vulnerabilities ●How to detect SQL injection vulnerabilities ●SQL injection in different parts of the query ●Second-order SQL injection ●Database-specific factors
  • 3. 3 / What is SQL injection (SQLi)? ●SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. 2015ICT08
  • 4. 4 / What is the impact of a successful SQL injection attack? ●Unauthorized access to sensitive data, such as –Passwords –Credit card details –Personal user information ●Leading to Reputational damage and Regulatory fines. ●Leading to a long-term compromise that can go unnoticed for an extended period. 2015ICT08
  • 5. 5 / How SQL injection works? 1) App sends form to user 2) Attacker submits form with SQL exploit data 3) Application builds string with exploit data 4) Application sends SQL query to database 5) Database executes query, including exploit, sends data back to application 6) Application returns data to user 2015ICT41
  • 7. 7 / SQL injection examples ●Retrieve hidden data, where you can modify an SQL query to return additional results. ●Subverting application logic, where you can change a query to interfere with the application’s logic. ●UNION attacks, where you can retrieve data from different database tables. ●Examining the database, where you can extract information about the version and structure of the database. ●Blind SQL injection, where the result of a query you control are not returned in the application’s responses. 2015ICT41
  • 8. 8 / Retrieving hidden data ●https://insecure-website.com/products?category=Gifts –SELECT * FROM products WHERE category=’Gifts’ AND released=1; –Attacker can construct an attack like : ●http://insecure-website.com/product?category=Gifts’-- –SELECT * FROM products WHERE category=’Gifts’--’ AND released=1; ●All products are displayed, including unreleased products. ●http://insecure-website.com/product?category=Gifts’+OR+1=1-- –SELECT * FROM products WHERE category=’Gifts’ OR 1=1--’ AND released=1; ●All items will return. 2015ICT85
  • 9. 9 / Subverting application logic ●Username – Admin, Password – Admin –SELECT * from users WHERE username=’Admin’ AND password=’Admin’; ●Attacker can login as any user without password : ●SELECT * FROM users WHERE username=’Admin’--’ AND password=‘ ’; ●Returns the user whose username is Admin and successfully logs the attacker in as that user. 2015ICT85
  • 10. 10/ Retrieving data from other database tables ●This is done using UNION keyword, which lets you execute an additional SELECT query and append the results to the query. ●For example, If an application executes the following query containing the user input ‘Gifts’ –SELECT name,description FROM products WHERE category=’Gifts’; ●then an attacker can submit the input: –UNION SELECT username,password FROM users-- ●Return all usernames and passwords along with the names and descriptions of products. 2015ICT48
  • 11. 11/ SQL injection UNION attacks ●When an application is vulnerable to SQL injection and the results of the query are returned within the application’s responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in an SQL injection UNION attack. –SELECT a,b FROM table1 UNION SELECT c,d FROM table2; ●For a UNION query to work, 2 key requirements must be met : –The individual queries must return the same number of columns. –The data types in each columns must be compatible between the individual queries. 2015ICT48
  • 12. 12/ Examining the database ●It is generally useful to obtain some information can often pave the way for further exploitation ●Can query the version details for the database. The way that this is done depends on the database type, so you can infer the database type from whichever technique works. –For example, on Oracle you can execute: – SELECT * FROM v$version ●Can also determine what database tables exist, and which columns they contain. –For example, on most databases you can execute the following query to list the tables: –SELECT * FROM information_schema.tables 2015ICT42
  • 13. 13/ Blind SQL vulnerabilities ●Blind SQL injection is a type of SQL injection attack that asks the database true or false questions and determines the answer based on the applications responses. ●Techniques can be used to exploit blind SQL injection vulnerabilities: –You can change the logic of the query –You can conditionally trigger a time delay in the processing of the query –You can trigger an out-of-band network interaction 2015ICT42
  • 14. 14/ How to detect SQL injection vulnerabilities ●SQL injection can be detected manually by using a systematic set of tests against every entry point in the application. ● This typically involves: –Submitting the single quote character ‘ and looking for errors or other anomalies. –Submitting some SQL-specific syntax that evaluates to the base (original) value of the entry point, and to a different value, and looking for systematic differences in the resulting application responses. –Submitting Boolean condition such as OR 1=1 and OR 1=2, and looking for differences in the application’s responses. –Submitting payloads designed to trigger time delays when executed within an SQL query, and looking for differences in the time taken to respond. –Submitting OAST payloads designed to trigger an out-of-band network interaction when executed within an SQL query, and monitoring for any resulting interactions. 2015ICT01
  • 15. 15/ SQL injection in different parts of the query ●In UPDATE statement, within the updated values or the WHERE clause ●In INSERT statement, within the inserted values ●In SELECT statement, within the table or column name ●In SELECT statement, within the ORDER BY clause 2015ICT79
  • 16. 16/ Second-order SQL injection ●In second-order SQL injection(also known as stored SQL injection),the application takes user input from an HTTP request and stores for future use. ●This is usually done by placing the input into a database, but no vulnerability arises at the point where the data is stored. ●When handling a different HTTP request, the application retrieves the stored data and incorporates it into SQL query in an unsafe way. ●When the data is later processed, it is deemed to be safe, since it was previously placed into the database safely. 2015ICT79
  • 17. 17/ Database specific factors ●Some Core Features of the SQL language are implemented in the same way across popular database platforms, and so many ways of detecting and exploiting SQL injection vulnerabilities work identically on different type database. ●There also many differences between common databases. These mean that some techniques for detecting and exploiting SQL injection work differently on different platforms. ●Example –Syntax for string Concentration. –Comments. –Batched. 2015ICT59
  • 18. 18/ How to prevent SQL injection ●Most instances of sql injection can be prevented by using parameterized queries instead of string concatenation with in the query. ●The following code vulnerable to SQL injection because the user input is concatenated directly in to the query. ●String query= “SELECT * FROM products WHERE category =' "+ input +“ ' " ; ●Statement statement =connection.createStatement() ; ●ResultSet resultSet =statement.executeQuery(query); ●This is the way that prevents the user input from interfering with the query structure. ●PreparedStatement statement = connection.prepareStatement("SELECT *FROM products Where category = ?“ ); 2015ICT02
  • 19. 19/ ●Parameterized queries can be used for any situation where untrusted input appears as data within the query, Including the WHERE clause and values in an INSERT OR UPDATE statement. ●They can’t be used to handle untrusted input in other parts of the query such as table or column names ,or the order by clause. ●Parameterized query to be effective in preventing SQL injection the String that is used in the query must always be a hard-coded constant, and must never contain any variable data from any origin. 2015ICT02