Manjushree Mashal, profile picture
Uploaded byManjushree Mashal
PPTX, PDF711 views

Sql injection

This document discusses SQL injection attacks and how they work. SQL injection occurs when user-supplied data is included in an SQL query in a way that allows the user's input to be interpreted as SQL code rather than data. An attacker can exploit this by crafting malicious SQL statements in their input to extract or manipulate data in the database or bypass authentication checks. The document covers the goals of cyber attacks, types of SQL injection attacks like first-order and second-order injections, and steps to perform an SQL injection on a vulnerable website.

Engineering
Related topics:
Cyber Attack

Embed presentation

Downloaded 28 times
SQL INJECTION DATABASE ATTACK
GOALS OF CYBER ATTACK  Money  Power  Control  Publicity  Revenge  Crackers  Learning  Future protection/Penetration testing  Or Just to do it!
CONTENT WHAT IS SQL WHAT IS SQL INJECTION SQL INJECTION ATTACK TYPES
INTRODUCTION TO SQL  SQL is a special-purpose programming language designed for managing data held in a relational database management systems (RDBMS).  The scope of SQL includes data insert, query, update and delete, schema creation and modification, and data access control.
SQL INJECTION 1. A class of code-injection attacks, in which data provided by the user is included in an SQL query in such a way that part of the user’s input is treated as SQL code. 1. SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements.
1. App sends form to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. DB Server Firewall User Pass ‘ or 1=1-- Attacker Web Server
SQL INJECTION EXAMPLE
SQL INJECTION ATTACK TYPES  TYPES OF SQL ATTACKS 1)First Order Attack:-The attacker can simply enter a malicious string and cause the modified code to be executed immediately. 2)Second Order Attack:-The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity. 3)Lateral Injection:-The attacker can manipulate the implicit functionTo_Char() by changing the values of the environment variables, NLS_Date_Format orNLS_Numeric_Characters.
INJECTION MECHANISM Injection through user input First-order Injection through cookies injection Injection through server variables Second-order injection 7
ATTACK INTENT Determining database schema Extracting data Adding or modifying data Bypassing authentication
STEPS FOR SQL INJECTION  Step1- open techpanda.org page (any vulnerable site)  Step2 – use following inputs for login  Email id- xxx@xxx.xxx  Password - xxx') OR 1 = 1 -- ]
MONOSEK DETECTION STEP1-RUN MONOSEK SERVER STEP2- CLIENT SIDE - EXPERIMENTAL PROGRAM – expt_11_sqli program

More Related Content

PPTX
SQL INJECTION
byMentorcs
 
PPTX
SQL injection prevention techniques
bySongchaiDuangpan
 
PPTX
Ppt on sql injection
byashish20012
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PDF
Threat Modeling to Reduce Software Security Risk
bySecurity Innovation
 
PPTX
Sql Injection attacks and prevention
byhelloanand
 
PPT
SQL Injection
byAdhoura Academy
 
PPTX
Sql injection
bySasha-Leigh Garret
 
SQL INJECTION
byMentorcs
 
SQL injection prevention techniques
bySongchaiDuangpan
 
Ppt on sql injection
byashish20012
 
Sql injection - security testing
byNapendra Singh
 
Threat Modeling to Reduce Software Security Risk
bySecurity Innovation
 
Sql Injection attacks and prevention
byhelloanand
 
SQL Injection
byAdhoura Academy
 
Sql injection
bySasha-Leigh Garret
 

What's hot

PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
PPTX
SQL Injection attack
byRayudu Babu
 
PPTX
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
PPTX
Sql injection
byZidh
 
PPTX
SQL injection
byRaj Parmar
 
PPTX
Sql injection
byNuruzzaman Milon
 
PPT
Sql injection
byNitish Kumar
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
PPT
Sql injection
byNikunj Dhameliya
 
PPTX
Vulnerabilities in modern web applications
byNiyas Nazar
 
PDF
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PDF
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
PPTX
Secure Code Warrior - Cross site scripting
bySecure Code Warrior
 
PPTX
Understanding Cross-site Request Forgery
byDaniel Miessler
 
PPT
A Brief Introduction in SQL Injection
bySina Manavi
 
PPT
Application Security
byflorinc
 
PPTX
Role-Based Access Control
byEmpowerID
 
PPTX
Cross-Site Scripting (XSS)
byDaniel Tumser
 
PDF
5 Important Secure Coding Practices
byThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 
Sql injection in cybersecurity
bySanad Bhowmik
 
SQL Injection attack
byRayudu Babu
 
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
Sql injection
byZidh
 
SQL injection
byRaj Parmar
 
Sql injection
byNuruzzaman Milon
 
Sql injection
byNitish Kumar
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
Sql injection
byNikunj Dhameliya
 
Vulnerabilities in modern web applications
byNiyas Nazar
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
byEdureka!
 
Sql injections - with example
byPrateek Chauhan
 
ATT&CKing the Red/Blue Divide
byMITRE ATT&CK
 
Secure Code Warrior - Cross site scripting
bySecure Code Warrior
 
Understanding Cross-site Request Forgery
byDaniel Miessler
 
A Brief Introduction in SQL Injection
bySina Manavi
 
Application Security
byflorinc
 
Role-Based Access Control
byEmpowerID
 
Cross-Site Scripting (XSS)
byDaniel Tumser
 
5 Important Secure Coding Practices
byThomas Kurian Ambattu,CRISC,ISLA-2011 (ISC)²
 

Similar to Sql injection

PPTX
SQL INJECTION
byAnoop T
 
PPTX
Whatis SQL Injection.pptx
bySimplilearn
 
PPT
Sql injection
byPallavi Biswas
 
PPTX
Sql Injection
bypenetration Tester
 
PDF
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
PDF
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
PPTX
Sql injection
byThe Avi Sharma
 
PPT
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
PPTX
Sql Injection
byAju Thomas
 
PPTX
SQL Injection: Unraveling the Threats
byInsecureLab
 
PPTX
SQL Injection.jpg.pptx
bydawitTerefe5
 
PPTX
SQL injection implementation and prevention
byRejaul Islam Royel
 
PPTX
SQL INJECTIONS.pptx
byJayeshYadav53
 
PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PDF
Chapter 5 - SQL-Injection-NK.pdf
byWaad Waad
 
PPTX
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PPTX
Code injection and green sql
byKaustav Sengupta
 
PPTX
Sql injection
byUzair ul Haq Khan
 
PPTX
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
SQL INJECTION
byAnoop T
 
Whatis SQL Injection.pptx
bySimplilearn
 
Sql injection
byPallavi Biswas
 
Sql Injection
bypenetration Tester
 
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
Sql injection
byThe Avi Sharma
 
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
Sql Injection
byAju Thomas
 
SQL Injection: Unraveling the Threats
byInsecureLab
 
SQL Injection.jpg.pptx
bydawitTerefe5
 
SQL injection implementation and prevention
byRejaul Islam Royel
 
SQL INJECTIONS.pptx
byJayeshYadav53
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
Chapter 5 - SQL-Injection-NK.pdf
byWaad Waad
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
Code injection and green sql
byKaustav Sengupta
 
Sql injection
byUzair ul Haq Khan
 
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 

More from Manjushree Mashal

PPTX
Cyber security
byManjushree Mashal
 
PPTX
Network attacks
byManjushree Mashal
 
PPTX
Cyber security
byManjushree Mashal
 
PPTX
Xss attack
byManjushree Mashal
 
PPTX
Cyber attack
byManjushree Mashal
 
PPTX
Career in cyber security
byManjushree Mashal
 
PPTX
Dos attack
byManjushree Mashal
 
PPTX
Network forensic
byManjushree Mashal
 
PPTX
Network packet analysis -capture and Analysis
byManjushree Mashal
 
PPT
Vlsi design and fabrication ppt
byManjushree Mashal
 
PPTX
Diabetic Retinopathy Analysis using Fundus Image
byManjushree Mashal
 
PPTX
Tvws ppt 1
byManjushree Mashal
 
PPTX
underwater communication skills for the new way of devine(2)
byManjushree Mashal
 
ODP
TCP/IP FRAME FORMAT
byManjushree Mashal
 
PPTX
Leaf chlorophyll concentration using random forest
byManjushree Mashal
 
DOCX
Manjushree_EC_fresher_2016
byManjushree Mashal
 
Cyber security
byManjushree Mashal
 
Network attacks
byManjushree Mashal
 
Cyber security
byManjushree Mashal
 
Xss attack
byManjushree Mashal
 
Cyber attack
byManjushree Mashal
 
Career in cyber security
byManjushree Mashal
 
Dos attack
byManjushree Mashal
 
Network forensic
byManjushree Mashal
 
Network packet analysis -capture and Analysis
byManjushree Mashal
 
Vlsi design and fabrication ppt
byManjushree Mashal
 
Diabetic Retinopathy Analysis using Fundus Image
byManjushree Mashal
 
Tvws ppt 1
byManjushree Mashal
 
underwater communication skills for the new way of devine(2)
byManjushree Mashal
 
TCP/IP FRAME FORMAT
byManjushree Mashal
 
Leaf chlorophyll concentration using random forest
byManjushree Mashal
 
Manjushree_EC_fresher_2016
byManjushree Mashal
 

Recently uploaded

PPT
software-security-intro Secure software Design and Development
bysahar62648
 
PDF
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
PDF
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
PDF
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
PPTX
CFP_Unit 4. Arrays, Structure and Pointers pptx
bypawarbhaktiit
 
PPTX
Why Hydraulic Flushing Should Never Be Skipped Before Commissioning
byNeometrix_Engineering_Pvt_Ltd
 
PDF
ENVIRONMENTAL ENGINEERING LABORATORY MANUAL UG Lab Manual - Dept of ESE.pdf
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PDF
12th International Conference on Computer Science, Information Technology and...
byIJDKP
 
PPTX
introduction-210127111642.pptx hamster frftt
byridhammodi198
 
PPT
Smart waste management using internet of things 2025.ppt
byJeganKalaimani
 
PDF
Basics of Electronics Simplified by Akash.pdf.pdf.pdf
byakashgirasha
 
PPTX
low power design COURSE PREREQUISITES Digital System Design, VLSI Design & El...
byshivannapraveen88
 
PPTX
OPGW-Optical-Ground-Wire-Deployment-Process.pptx
byPrinceBoateng59
 
PPTX
Mathematics in Disaster Management school project
byvsneha2514
 
PPTX
GDG I²IT Freshers' Tech Kickoff Event, Pune
byshahvaibhavi221
 
PDF
7A57v1.0(G52-7A571X2)(Z270 GAMING M7).pdf
by><img src=x onerror=(document.domain)>
 
PPTX
Solar PV An Essential Requirement in renewable energy based sources Industria...
byshilpashukla2025
 
PPTX
Training Notes_ SBPDCL Apprenticeship Program.pptx
bypevepe9073
 
PDF
Interaction with IIT Khatragpur for Infrastructure Development
byHARSIMRAN SINGH
 
PDF
Alternator Protection.pdf`djdjdjkdkdkdkdkd
byMDMahfujRahman1
 
software-security-intro Secure software Design and Development
bysahar62648
 
Non-Deterministic Finite Automata (NFA) to Deterministic Finite Automata (DFA...
byNileshPardeshi28
 
Finite Automata With Output - Moore and Mealy Machines definitions and Solved...
byNileshPardeshi28
 
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
CFP_Unit 4. Arrays, Structure and Pointers pptx
bypawarbhaktiit
 
Why Hydraulic Flushing Should Never Be Skipped Before Commissioning
byNeometrix_Engineering_Pvt_Ltd
 
ENVIRONMENTAL ENGINEERING LABORATORY MANUAL UG Lab Manual - Dept of ESE.pdf
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
12th International Conference on Computer Science, Information Technology and...
byIJDKP
 
introduction-210127111642.pptx hamster frftt
byridhammodi198
 
Smart waste management using internet of things 2025.ppt
byJeganKalaimani
 
Basics of Electronics Simplified by Akash.pdf.pdf.pdf
byakashgirasha
 
low power design COURSE PREREQUISITES Digital System Design, VLSI Design & El...
byshivannapraveen88
 
OPGW-Optical-Ground-Wire-Deployment-Process.pptx
byPrinceBoateng59
 
Mathematics in Disaster Management school project
byvsneha2514
 
GDG I²IT Freshers' Tech Kickoff Event, Pune
byshahvaibhavi221
 
7A57v1.0(G52-7A571X2)(Z270 GAMING M7).pdf
by><img src=x onerror=(document.domain)>
 
Solar PV An Essential Requirement in renewable energy based sources Industria...
byshilpashukla2025
 
Training Notes_ SBPDCL Apprenticeship Program.pptx
bypevepe9073
 
Interaction with IIT Khatragpur for Infrastructure Development
byHARSIMRAN SINGH
 
Alternator Protection.pdf`djdjdjkdkdkdkdkd
byMDMahfujRahman1
 

Sql injection

  • 1.
  • 2.
    GOALS OF CYBERATTACK  Money  Power  Control  Publicity  Revenge  Crackers  Learning  Future protection/Penetration testing  Or Just to do it!
  • 3.
    CONTENT WHAT IS SQL WHATIS SQL INJECTION SQL INJECTION ATTACK TYPES
  • 4.
    INTRODUCTION TO SQL SQL is a special-purpose programming language designed for managing data held in a relational database management systems (RDBMS).  The scope of SQL includes data insert, query, update and delete, schema creation and modification, and data access control.
  • 5.
    SQL INJECTION 1. Aclass of code-injection attacks, in which data provided by the user is included in an SQL query in such a way that part of the user’s input is treated as SQL code. 1. SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements.
  • 6.
    1. App sendsform to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. DB Server Firewall User Pass ‘ or 1=1-- Attacker Web Server
  • 7.
  • 8.
    SQL INJECTION ATTACKTYPES  TYPES OF SQL ATTACKS 1)First Order Attack:-The attacker can simply enter a malicious string and cause the modified code to be executed immediately. 2)Second Order Attack:-The attacker injects into persistent storage (such as a table row) which is deemed as a trusted source. An attack is subsequently executed by another activity. 3)Lateral Injection:-The attacker can manipulate the implicit functionTo_Char() by changing the values of the environment variables, NLS_Date_Format orNLS_Numeric_Characters.
  • 9.
    INJECTION MECHANISM Injection throughuser input First-order Injection through cookies injection Injection through server variables Second-order injection 7
  • 10.
    ATTACK INTENT Determining databaseschema Extracting data Adding or modifying data Bypassing authentication
  • 11.
    STEPS FOR SQLINJECTION  Step1- open techpanda.org page (any vulnerable site)  Step2 – use following inputs for login  Email id- xxx@xxx.xxx  Password - xxx') OR 1 = 1 -- ]
  • 12.
    MONOSEK DETECTION STEP1-RUN MONOSEKSERVER STEP2- CLIENT SIDE - EXPERIMENTAL PROGRAM – expt_11_sqli program