SlideShare a Scribd company logo

Sql injection

Download as PPTX, PDF
Nuruzzaman Milon
Nuruzzaman Milon

This document discusses SQL injection attacks and how to prevent them. It describes different types of SQL injection like blind SQL injection and union-based injection. It provides examples of vulnerable code and how attackers can exploit it. Finally, it recommends best practices for prevention, including using parameterized queries, stored procedures, input validation, and secure configuration.

Technology
1 of 31
 SQL Injection › Blind SQL Injection  Vulnerable Code  Exploit › Classic Login Page Vulnerability › Error Based Injection(SQL Server) › Union Based Injection › Injection SQL Command › Running CMD Command › Blind Injection Attack
 How to Prevent › Parameterized Query › Use of Stored Procedure › Escaping All User Supplied Input › Additional Defenses(Configuration)  Latest Privilege  Isolate the Web Server  Turning off Error Reporting  PHP Configuration
 A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.  A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/ Update/ Delete), execute administration operations on the database (such as shutdown the DBMS).
 SQL Injection recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.  SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.  SQL injection is one of the oldest attacks against web applications.
 Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead.  This makes exploiting a potential SQL Injection attack more difficult but not impossible.  An attacker can still steal data by asking a series of True and False questions through SQL statements.
 SQL Injection happens when a developer accepts user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.  This can allow an attacker to not only steal data from your database, but also modify and delete it.  Attackers commonly insert single quotes into a URL's query string, or into a forms input field to test for SQL Injection.  Every code that uses user inputs to generate SQL queries without sanitization is vulnerable to SQL injections.
 SQL Injection is very common with PHP and ASP applications due to the prevalence of older functional interfaces.  Due to the nature of programmatic interfaces available, Java EE and ASP.NET applications are less likely to have easily exploited SQL injections.  SQL injection bugs is very various so it is very difficult to identify the actual procedure of preventing SQL injection.
 The attacker attempts to elicit exception conditions and anomalous behavior from the Web application by manipulating the identified inputs. › Special Characters › White Space › SQL Keywords › Oversized request
 Any unexpected reaction from the Web application is noted and investigated by the attackers. › Scripting Error Message  possibly with snippets of code › Server Errors  Error 500/ Error 513 › Half Loader Page › Timed out Server Request
 Attackers often try following inputs to determine if web application has sql injection bug or not. › ' › or 1=1 › or 1=1— › " or 1=1— › or 1=1--' › or 'a'='a › " or "a"="a › ') or ('a'='a
 Here is a login SQL query- › var sql = "select * from users where username = '" + username + "' and password = '" + password + "'";  In a normal login when user inputs are followings: › Username: John › Password: 1234  The query string is: › select * from users where username = 'John' and password = '1234'
 But if user manipulates input like the followings: › Username: John › Password: i_dont_know' or 'x'='x  Then the query becomes: › select * from users where username = 'John' and password = 'i_dont_know' or 'x'='x‘  So 'where clause' is true for every row of table and user can login without knowing password!
 If the user specifies the following: › Username: '; drop table users--  The 'users' table will be deleted, denying access to the application for all users. › The '--' character sequence is the 'single line comment' sequence in Transact-SQL. › The ';' character denotes the end of one query and the beginning of another. › The '--' at the end of the username field is required in order for this particular query to terminate without error.
 The attacker could log on as any user, given that they know the users name, using the following input: › Username: admin‘--  The attacker could log in as the first user in the 'users' table, with the following input: › Username: ' or 1=1--  the attacker can log in as an entirely fictional user with the following input: › Username: ' union select 1, 'fictional_user', 'some_password', 1 --
 This is the most common attack on Microsoft SQL Server.  This kind of attack is based on 'error message' received from server.  Error messages that are returned from the application, the attackers can determine the determine the entire structure of the database or can get any value that can be read only by a user of that application.
 The UNION operator is used to combine the result-set of two or more SELECT statements.  In this kind of injection attacker tries to inject a union operator to the query to change the result to read information.  Union based attacks look like this: › Username: junk' union select 1,2,3,4,... --  Notice that each SELECT statement within the UNION must have the same number of columns.
 Attacker can inject sql commands if the data base supports stacked queries.  In most of data bases it is possible to executing more than one query in one transaction by using semicolon ( ;).  Following example show how to create a table named foo which has a single column line by injecting stacked query: › Username: ' create table foo (line varchar(1000))--
 This can only work on Microsoft SQL Server.  Attacker can use stored procedures to do things like executing commands.  xp_cmdshell is a built-in extended stored procedure that allows the execution of arbitrary command lines. For example: › Username: '; exec master..xp_cmdshell 'dir‘--
 Some of MS-SQL Extended stored procedures are listed below: › xp_cmdshell - execute shell commands › xp_enumgroups - enumerate NT user groups › xp_logininfo - current login info › xp_grantlogin - grant login rights › xp_getnetname - returns WINS server name › xp_regdeletekey - registry manipulation › xp_msver - SQL server version info
 An attacker may verify whether a sent request returned True or False in a few ways: › (in)visible content: Having a simple page, which displays article with given ID as the parameter, the attacker may perform a couple of simple tests if a page is vulnerable to SQL Injection attack. › Example URL:  http://newspaper.com/items.php?id=2 › Sends the following query to the database:  SELECT title, description, body FROM items WHERE ID = 2
› Timing Attack: A Timing Attack depends upon injecting the following MySQL query:  SELECT IF(expression, true, false) › Using some time-taking operation e.g. BENCHMARK(), will delay server responses if the expression is True.  BENCHMARK(5000000,ENCODE('MSG','by 5 seconds')) › This will execute 5000000 times the ENCODE function.
 Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later.  This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.  Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
 Language specific recommendations: › Java EE – use PreparedStatement() with bind variables › .NET – use parameterized queries like SqlCommand() or OleDbCommand() with bind variables › PHP – use PDO with strongly typed parameterized queries (using bindParam()) › Hibernate - use createQuery() with bind variables (called named parameters in Hibernate)
 Stored procedures have the same effect as the use of prepared statements when implemented safely.  They require the developer to define the SQL code first, and then pass in the parameters after.  The difference between prepared statements and stored procedures is that the SQL code for a stored procedure is defined and stored in the database itself, and then called from the application.
 This is a technique to escape user input before putting it in a query.  This is a very useful method because this can be applied with almost no effect on the structure of the code.  This actually removes some special characters from the input data that are highly vulnerable to the DBMS such as- * , ` ( ) - -- ;
 Least Privilege › Web applications should not use one connection for all transactions to the database. Because if a SQL Injection bug has been exploited, it can grant most access to the attacker.  Isolate the Webserver › Design the network infrastructure to assume that attackers will have full administrator access to the machine, and then attempt to limit how that can be leveraged to compromise other things.
 Turning off error reporting › The default error reporting for some frameworks includes developer debugging information, and this cannot be shown to outside users.  PHP Configuration › PHP Configuration has a direct bearing on the severity of attacks. › many “security” options in PHP are set incorrectly by default and give a false sense of security.
Sql injection

Recommended

Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
Sql injection
Sql injectionSql injection
Sql injection
Sasha-Leigh Garret
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 

Recommended

Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
Sql injection
Sql injectionSql injection
Sql injection
Sasha-Leigh Garret
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
Herman Duarte
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
Akansha Kesharwani
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
Edureka!
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Sayed Ahmad Naweed
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Input Validation
Input ValidationInput Validation
Input Validation
primeteacher32
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Road -map of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationshipRoad -map of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationship
Nuruzzaman Milon
 
টেলিমেডিসিন কি
টেলিমেডিসিন কিটেলিমেডিসিন কি
টেলিমেডিসিন কিNuruzzaman Milon
 

More Related Content

What's hot

Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
Herman Duarte
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
Akansha Kesharwani
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
Edureka!
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Sayed Ahmad Naweed
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
Megha Sahu
 
Input Validation
Input ValidationInput Validation
Input Validation
primeteacher32
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
Mohammed A. Imran
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 

What's hot (20)

Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
Broken access controls
Broken access controlsBroken access controls
Broken access controls
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Input Validation
Input ValidationInput Validation
Input Validation
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 

Viewers also liked

Road -map of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationshipRoad -map of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationship
Nuruzzaman Milon
 
টেলিমেডিসিন কি
টেলিমেডিসিন কিটেলিমেডিসিন কি
টেলিমেডিসিন কিNuruzzaman Milon
 
Paypal
PaypalPaypal
Paypal
Nuruzzaman Milon
 
Energy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart DevicesEnergy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart Devices
Nuruzzaman Milon
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
Bernardo Damele A. G.
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
amiable_indian
 
Artificial intelligence- Logic Agents
Artificial intelligence- Logic AgentsArtificial intelligence- Logic Agents
Artificial intelligence- Logic Agents
Nuruzzaman Milon
 

Viewers also liked (8)

Road -map of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationshipRoad -map of Teledermatology for doctor-patient-citizen relationship
Road -map of Teledermatology for doctor-patient-citizen relationship
 
টেলিমেডিসিন কি
টেলিমেডিসিন কিটেলিমেডিসিন কি
টেলিমেডিসিন কি
 
Paypal
PaypalPaypal
Paypal
 
Energy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart DevicesEnergy Efficient OS fo Android Powered Smart Devices
Energy Efficient OS fo Android Powered Smart Devices
 
টাইমস(Times)
টাইমস(Times)টাইমস(Times)
টাইমস(Times)
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
Artificial intelligence- Logic Agents
Artificial intelligence- Logic AgentsArtificial intelligence- Logic Agents
Artificial intelligence- Logic Agents
 

Similar to Sql injection

Web application security
Web application securityWeb application security
Web application security
www.netgains.org
 
ieee
ieeeieee
ieee
Radheshyam Dhakad
 
E017131924
E017131924E017131924
E017131924
IOSR Journals
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
IOSR Journals
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
robin_bene
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
Noaman Aziz
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
newbie2019
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
Kevin Kline
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
Kaustav Sengupta
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
Kaustav Sengupta
 
Sql injection
Sql injectionSql injection
Sql injection
Suraj Tiwari
 
Sql
SqlSql
Sql
IJASCSE
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Ivan Ortega
 
SQL Injection in JAVA
SQL Injection in JAVASQL Injection in JAVA
SQL Injection in JAVA
Hossein Yavari
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
Eoin Keary
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
Rayudu Babu
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Grand Parade Poland
 

Similar to Sql injection (20)

Web application security
Web application securityWeb application security
Web application security
 
ieee
ieeeieee
ieee
 
E017131924
E017131924E017131924
E017131924
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackrose
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Sql injection
Sql injectionSql injection
Sql injection
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql
SqlSql
Sql
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
 
SQL Injection in JAVA
SQL Injection in JAVASQL Injection in JAVA
SQL Injection in JAVA
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
 

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 

Sql injection

  • 1.
  • 2.  SQL Injection › Blind SQL Injection  Vulnerable Code  Exploit › Classic Login Page Vulnerability › Error Based Injection(SQL Server) › Union Based Injection › Injection SQL Command › Running CMD Command › Blind Injection Attack
  • 3.  How to Prevent › Parameterized Query › Use of Stored Procedure › Escaping All User Supplied Input › Additional Defenses(Configuration)  Latest Privilege  Isolate the Web Server  Turning off Error Reporting  PHP Configuration
  • 4.  A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.  A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/ Update/ Delete), execute administration operations on the database (such as shutdown the DBMS).
  • 5.  SQL Injection recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.  SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.  SQL injection is one of the oldest attacks against web applications.
  • 6.  Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application rather then getting a useful error message they get a generic page specified by the developer instead.  This makes exploiting a potential SQL Injection attack more difficult but not impossible.  An attacker can still steal data by asking a series of True and False questions through SQL statements.
  • 7.  SQL Injection happens when a developer accepts user input that is directly placed into a SQL statement and doesn't properly filter out dangerous characters.  This can allow an attacker to not only steal data from your database, but also modify and delete it.  Attackers commonly insert single quotes into a URL's query string, or into a forms input field to test for SQL Injection.  Every code that uses user inputs to generate SQL queries without sanitization is vulnerable to SQL injections.
  • 8.
  • 9.  SQL Injection is very common with PHP and ASP applications due to the prevalence of older functional interfaces.  Due to the nature of programmatic interfaces available, Java EE and ASP.NET applications are less likely to have easily exploited SQL injections.  SQL injection bugs is very various so it is very difficult to identify the actual procedure of preventing SQL injection.
  • 10.  The attacker attempts to elicit exception conditions and anomalous behavior from the Web application by manipulating the identified inputs. › Special Characters › White Space › SQL Keywords › Oversized request
  • 11.  Any unexpected reaction from the Web application is noted and investigated by the attackers. › Scripting Error Message  possibly with snippets of code › Server Errors  Error 500/ Error 513 › Half Loader Page › Timed out Server Request
  • 12.  Attackers often try following inputs to determine if web application has sql injection bug or not. › ' › or 1=1 › or 1=1— › " or 1=1— › or 1=1--' › or 'a'='a › " or "a"="a › ') or ('a'='a
  • 13.  Here is a login SQL query- › var sql = "select * from users where username = '" + username + "' and password = '" + password + "'";  In a normal login when user inputs are followings: › Username: John › Password: 1234  The query string is: › select * from users where username = 'John' and password = '1234'
  • 14.  But if user manipulates input like the followings: › Username: John › Password: i_dont_know' or 'x'='x  Then the query becomes: › select * from users where username = 'John' and password = 'i_dont_know' or 'x'='x‘  So 'where clause' is true for every row of table and user can login without knowing password!
  • 15.  If the user specifies the following: › Username: '; drop table users--  The 'users' table will be deleted, denying access to the application for all users. › The '--' character sequence is the 'single line comment' sequence in Transact-SQL. › The ';' character denotes the end of one query and the beginning of another. › The '--' at the end of the username field is required in order for this particular query to terminate without error.
  • 16.  The attacker could log on as any user, given that they know the users name, using the following input: › Username: admin‘--  The attacker could log in as the first user in the 'users' table, with the following input: › Username: ' or 1=1--  the attacker can log in as an entirely fictional user with the following input: › Username: ' union select 1, 'fictional_user', 'some_password', 1 --
  • 17.  This is the most common attack on Microsoft SQL Server.  This kind of attack is based on 'error message' received from server.  Error messages that are returned from the application, the attackers can determine the determine the entire structure of the database or can get any value that can be read only by a user of that application.
  • 18.  The UNION operator is used to combine the result-set of two or more SELECT statements.  In this kind of injection attacker tries to inject a union operator to the query to change the result to read information.  Union based attacks look like this: › Username: junk' union select 1,2,3,4,... --  Notice that each SELECT statement within the UNION must have the same number of columns.
  • 19.  Attacker can inject sql commands if the data base supports stacked queries.  In most of data bases it is possible to executing more than one query in one transaction by using semicolon ( ;).  Following example show how to create a table named foo which has a single column line by injecting stacked query: › Username: ' create table foo (line varchar(1000))--
  • 20.  This can only work on Microsoft SQL Server.  Attacker can use stored procedures to do things like executing commands.  xp_cmdshell is a built-in extended stored procedure that allows the execution of arbitrary command lines. For example: › Username: '; exec master..xp_cmdshell 'dir‘--
  • 21.  Some of MS-SQL Extended stored procedures are listed below: › xp_cmdshell - execute shell commands › xp_enumgroups - enumerate NT user groups › xp_logininfo - current login info › xp_grantlogin - grant login rights › xp_getnetname - returns WINS server name › xp_regdeletekey - registry manipulation › xp_msver - SQL server version info
  • 22.  An attacker may verify whether a sent request returned True or False in a few ways: › (in)visible content: Having a simple page, which displays article with given ID as the parameter, the attacker may perform a couple of simple tests if a page is vulnerable to SQL Injection attack. › Example URL:  http://newspaper.com/items.php?id=2 › Sends the following query to the database:  SELECT title, description, body FROM items WHERE ID = 2
  • 23. › Timing Attack: A Timing Attack depends upon injecting the following MySQL query:  SELECT IF(expression, true, false) › Using some time-taking operation e.g. BENCHMARK(), will delay server responses if the expression is True.  BENCHMARK(5000000,ENCODE('MSG','by 5 seconds')) › This will execute 5000000 times the ENCODE function.
  • 24.  Parameterized queries force the developer to first define all the SQL code, and then pass in each parameter to the query later.  This coding style allows the database to distinguish between code and data, regardless of what user input is supplied.  Prepared statements ensure that an attacker is not able to change the intent of a query, even if SQL commands are inserted by an attacker.
  • 25.  Language specific recommendations: › Java EE – use PreparedStatement() with bind variables › .NET – use parameterized queries like SqlCommand() or OleDbCommand() with bind variables › PHP – use PDO with strongly typed parameterized queries (using bindParam()) › Hibernate - use createQuery() with bind variables (called named parameters in Hibernate)
  • 26.
  • 27.  Stored procedures have the same effect as the use of prepared statements when implemented safely.  They require the developer to define the SQL code first, and then pass in the parameters after.  The difference between prepared statements and stored procedures is that the SQL code for a stored procedure is defined and stored in the database itself, and then called from the application.
  • 28.  This is a technique to escape user input before putting it in a query.  This is a very useful method because this can be applied with almost no effect on the structure of the code.  This actually removes some special characters from the input data that are highly vulnerable to the DBMS such as- * , ` ( ) - -- ;
  • 29.  Least Privilege › Web applications should not use one connection for all transactions to the database. Because if a SQL Injection bug has been exploited, it can grant most access to the attacker.  Isolate the Webserver › Design the network infrastructure to assume that attackers will have full administrator access to the machine, and then attempt to limit how that can be leveraged to compromise other things.
  • 30.  Turning off error reporting › The default error reporting for some frameworks includes developer debugging information, and this cannot be shown to outside users.  PHP Configuration › PHP Configuration has a direct bearing on the severity of attacks. › many “security” options in PHP are set incorrectly by default and give a false sense of security.