SlideShare a Scribd company logo

Sql Injection

Download as PPTX, PDF
Aju Thomas
Aju Thomas

Overiew on SQL Injection. Different Types of SQL injection. How it can be detected and methods to prevent SQL Injection. How it can be implemented using Kalii Linux commands

Engineering
1 of 17
SQL INJECTION AJU MATHEW THOMAS 1
What is SQL Injection • A technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database. • Basic objective is to pull the database information existing behind a webserver that will contain information about the website like username,passwords, admin details , and other relevant information related to a website etc. • It’s an exploit that a hacker use to gather information from a database 2
Overview – Cont. • Hackers can use SQL injection to add,modify, and delete records in the database • Gives an adversary complete control over the web application database. • It can any affect any web application that uses an SQL database such as my SQL , Oracle , SQL server etc. • Considered as one of the most prevalent and most dangerous web application vulnerabilities. • It is also listed as one of the top ten web application vulnerabilities in OWASP Top Ten 3
4
Injection Mechanism • Injection mechanism are mainly of two types (i) First order injection (ii) Second order injection • First order injection  (i) Injection through user inputs (ii) Injection through cookies (iii) Injection through server variables. • First order injection  Processes the input and causes the attacker’s injected SQL query to execute • Second order injection  Stores the user input for future use and responds to the request. When attacker submits a second request , The application retrieves the stored input and processes it causing the attacker’s injected SQL query to execute 5
History of SQLI • SQL injection was first discovered in 1998 • Jeff Forristal was one of the first people to ever document SQL injection • Few Exploits recorded in the past: (1) CVE-2019-1010248 – Synetics GmBH I-doit 1.12 and earlier was affected by SQL injection. Impact was unauthenticated access to My SQL database. Component was a web login form. The attack vector is : Sending a malicious HTTP POST request. (2) CVE-2019-1010259 –Saltstack Salt 2018.3 ,2019.2 – An attacker could escalate privileges on My SQL server deployed by cloud server. It leads to RCE. 6
History of SQLI Attacks • SQLI attacks are predominant since its inception and there have been a lot of attacks that happened in the past due to SQLI which impacted a huge loss to many of the organizations. • Starbucks Attack Aug 2019 – A critical SQL injection vulnerability existed on a Starbucks enterprise database that may have exposed internal financial and accounting records. The vulnerability was discovered through a vulnerability discovery program run by Hackerone on the behalf of Starbucks. The vulnerability can give access to taxes, receipts, payroll data and all other information held on an exposed accounting database. 7
History of SQLI Attacks(Cont.) • Sony Music Attacks May 2011 - A group of hackers performed SQL injection attack techniques to expose sensitive user records on Sony Music Japan and also on Sony BMG Greece on May 21 2011. • There were two PHP pages that were vulnerable to SQL Injection on Sony Music Japan Site • Data leaked from the attack on Sony BMG Greece included username,real names ,and email addresses of users registered on the Sony Music.gr site. This attack appears to have used an automated SQL injection tool to find the flaw. • The database information that was published from Sony Music Japan did not contain names, passwords or other personally identifiable information. 8
History of SQLI Attacks(Cont.) • An SQL injection attack was used to steal the personal details of 156,959 customers from British telecommunications company TalkTalk's servers, exploiting a vulnerability in a legacy web portal 9
Types of SQL Injections • SQL injections typically fall under three categories (i) In-band SQLi(Classic) , Inferential SQLi(Blind) and Out of band SQLi. • In-band SQLi  Attacker uses same channel of communication to launch their attacks and to gather results. The two subvariants are : o Error based SQLi – Performs actions that cause the database to produce error messages. The attacker can potentially use the data provided by these error messages to gather information about the structure of the databse oUnion based SQLi – uses UNION sql operator which fuses multiple select statements generated by the database to get a single HTTP Response 10
Types of SQL Injections • Blind SQLi  Used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. • The vulnerability page may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. • Out of band SQLi  Can use this attack only when certain features are enabled on the database server used by the web application.Out of band SQLi is performed when the attacker can’t use the same channel to launch attack and gather information or when a server is too slow or unstable for these actions to be performed. 11
Detection of SQL Injection • Detection is an important component of mitigating the risk of SQL injection attack. • A WAF (Web Application Firewall) can detect and block basic SQL injection attacks. • IDS(Both network and host-based) can be tuned to detect SQL injection attacks. • Network based IDSes can monitor all connections to your database server and can flag suspicious activity. • Hosted based IDS can monitor web server logs and alert when something strange happens. 12
Prevention of SQL Injection Attacks • Sanitize database inputs. Any input to the web application database should be considered untrustworthy and should be dealt accordingly. • Developers must follow the principle of white listing the input validation • Use ‘prepared’ statements with parameterized queries, and to escape all user supplied input. • Limit the account privileges of the database user. Also give the web application the minimum privileges it needs to run. • Stored procedures can also make SQLI a lot harder. 13
SQL injection Attacks using SQL MAP • SQL Map  An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • PHP ID vulnerability  PHP ID vulnerability in websites are more prone to SQL injection attacks. Search engines like google can index websites that can contain the following line “php?id=1” in the URL. Attackers can make use of this vulnerability to perform SQLI attacks • Type the following the line in google search  “inurl: php?id=1”. It will list out all URLs that contains the above phrase. • A website can checked for SQLI vulnerability by appending a ‘ symbol at the end of the URL. If the content changes then it indicates that it is prone to SQL injection attacks 14
Working of sqlmap • Open ‘sqlmap’ in Terminal and type the command “sqlmap –h to see the list of options which are available • Type the command  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –dbs • Here u  URL of the website • dbs  To list out all the available databases related to the website • To get the tables  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 -D pha –tables • To get the columns  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –D pha –T cp_user --columns 15
Bibliography 1) https://portswigger.net/daily-swig/sql-injection-flaw-opened-doorway-to-starbucks- accounting-database 2) https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work- and-how-to-prevent-them.html 3) https://www.eweek.com/blogs/security-watch/sony-woes-continue-with-sql-injection- attacks 4) CEH module V9 on SQL Injection 5) Hackersploit – SQL Injection https://www.youtube.com/watch?v=3ZFblGx5v94 6) https://www.vice.com/en_us/article/aekzez/the-history-of-sql-injection-the-hack-that-will- never-go-away 7) SQL Injection for Beginners - https://www.youtube.com/watch?v=oWHKIiRGjtQ 8) https://www.cvedetails.com/vulnerability-list/opsqli-1/sql-injection.html 9) www.sqlmap.org 10) https://www.imperva.com/learn/application-security/sql-injection-sqli 11) https://en.wikipedia.org/wiki/SQL_injection 16
THANK YOU 17

Recommended

How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template InjectionVandana Verma
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 

Recommended

How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
Basics of Server Side Template Injection
Basics of Server Side Template InjectionBasics of Server Side Template Injection
Basics of Server Side Template InjectionVandana Verma
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOWASP Delhi
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Sql injection
Sql injectionSql injection
Sql injectionManjushree Mashal
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationshipn|u - The Open Security Community
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides Amit Dubey
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
 
Code injection
Code injectionCode injection
Code injectionGayatri Patel
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxprasadGade6
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 

More Related Content

What's hot

SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides Amit Dubey
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingNetsparker
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksRaghav Bisht
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Hossam .M Hamed
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 

What's hot (20)

SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Server-side template injection- Slides
Server-side template injection- Slides Server-side template injection- Slides
Server-side template injection- Slides
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Directory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion AttacksDirectory Traversal & File Inclusion Attacks
Directory Traversal & File Inclusion Attacks
 
Code injection
Code injectionCode injection
Code injection
 
Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop Privilege escalation from 1 to 0 Workshop
Privilege escalation from 1 to 0 Workshop
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 

Similar to Sql Injection

cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxprasadGade6
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET Journal
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application SecurityPrateek Jain
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx0567Padma
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackImperva
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxsiti829412
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Web security
Web securityWeb security
Web securitydogangcr
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsInsecureLab
 
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.pptKaukau9
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptxSimplilearn
 

Similar to Sql Injection (20)

cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptxcgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
IRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & MitigationIRJET - SQL Injection: Attack & Mitigation
IRJET - SQL Injection: Attack & Mitigation
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
SQL INJECTIONS.pptx
SQL INJECTIONS.pptxSQL INJECTIONS.pptx
SQL INJECTIONS.pptx
 
Web and Mobile Application Security
Web and Mobile Application SecurityWeb and Mobile Application Security
Web and Mobile Application Security
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
 
Lessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! HackLessons Learned From the Yahoo! Hack
Lessons Learned From the Yahoo! Hack
 
DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptx
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Web security
Web securityWeb security
Web security
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the Threats
 
Jonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdfJonathan Singer - Wheezing The Juice.pdf
Jonathan Singer - Wheezing The Juice.pdf
 
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
30ITSecurityThreatsVulnerabilitiesandCountermeasuresV1.ppt
 
Whatis SQL Injection.pptx
Whatis SQL Injection.pptxWhatis SQL Injection.pptx
Whatis SQL Injection.pptx
 
Codeinjection
CodeinjectionCodeinjection
Codeinjection
 

Recently uploaded

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performancesivaprakash250
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGSIVASHANKAR N
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 

Recently uploaded (20)

UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 

Sql Injection

  • 2. What is SQL Injection • A technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution by a backend database. • Basic objective is to pull the database information existing behind a webserver that will contain information about the website like username,passwords, admin details , and other relevant information related to a website etc. • It’s an exploit that a hacker use to gather information from a database 2
  • 3. Overview – Cont. • Hackers can use SQL injection to add,modify, and delete records in the database • Gives an adversary complete control over the web application database. • It can any affect any web application that uses an SQL database such as my SQL , Oracle , SQL server etc. • Considered as one of the most prevalent and most dangerous web application vulnerabilities. • It is also listed as one of the top ten web application vulnerabilities in OWASP Top Ten 3
  • 4. 4
  • 5. Injection Mechanism • Injection mechanism are mainly of two types (i) First order injection (ii) Second order injection • First order injection  (i) Injection through user inputs (ii) Injection through cookies (iii) Injection through server variables. • First order injection  Processes the input and causes the attacker’s injected SQL query to execute • Second order injection  Stores the user input for future use and responds to the request. When attacker submits a second request , The application retrieves the stored input and processes it causing the attacker’s injected SQL query to execute 5
  • 6. History of SQLI • SQL injection was first discovered in 1998 • Jeff Forristal was one of the first people to ever document SQL injection • Few Exploits recorded in the past: (1) CVE-2019-1010248 – Synetics GmBH I-doit 1.12 and earlier was affected by SQL injection. Impact was unauthenticated access to My SQL database. Component was a web login form. The attack vector is : Sending a malicious HTTP POST request. (2) CVE-2019-1010259 –Saltstack Salt 2018.3 ,2019.2 – An attacker could escalate privileges on My SQL server deployed by cloud server. It leads to RCE. 6
  • 7. History of SQLI Attacks • SQLI attacks are predominant since its inception and there have been a lot of attacks that happened in the past due to SQLI which impacted a huge loss to many of the organizations. • Starbucks Attack Aug 2019 – A critical SQL injection vulnerability existed on a Starbucks enterprise database that may have exposed internal financial and accounting records. The vulnerability was discovered through a vulnerability discovery program run by Hackerone on the behalf of Starbucks. The vulnerability can give access to taxes, receipts, payroll data and all other information held on an exposed accounting database. 7
  • 8. History of SQLI Attacks(Cont.) • Sony Music Attacks May 2011 - A group of hackers performed SQL injection attack techniques to expose sensitive user records on Sony Music Japan and also on Sony BMG Greece on May 21 2011. • There were two PHP pages that were vulnerable to SQL Injection on Sony Music Japan Site • Data leaked from the attack on Sony BMG Greece included username,real names ,and email addresses of users registered on the Sony Music.gr site. This attack appears to have used an automated SQL injection tool to find the flaw. • The database information that was published from Sony Music Japan did not contain names, passwords or other personally identifiable information. 8
  • 9. History of SQLI Attacks(Cont.) • An SQL injection attack was used to steal the personal details of 156,959 customers from British telecommunications company TalkTalk's servers, exploiting a vulnerability in a legacy web portal 9
  • 10. Types of SQL Injections • SQL injections typically fall under three categories (i) In-band SQLi(Classic) , Inferential SQLi(Blind) and Out of band SQLi. • In-band SQLi  Attacker uses same channel of communication to launch their attacks and to gather results. The two subvariants are : o Error based SQLi – Performs actions that cause the database to produce error messages. The attacker can potentially use the data provided by these error messages to gather information about the structure of the databse oUnion based SQLi – uses UNION sql operator which fuses multiple select statements generated by the database to get a single HTTP Response 10
  • 11. Types of SQL Injections • Blind SQLi  Used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. • The vulnerability page may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. • Out of band SQLi  Can use this attack only when certain features are enabled on the database server used by the web application.Out of band SQLi is performed when the attacker can’t use the same channel to launch attack and gather information or when a server is too slow or unstable for these actions to be performed. 11
  • 12. Detection of SQL Injection • Detection is an important component of mitigating the risk of SQL injection attack. • A WAF (Web Application Firewall) can detect and block basic SQL injection attacks. • IDS(Both network and host-based) can be tuned to detect SQL injection attacks. • Network based IDSes can monitor all connections to your database server and can flag suspicious activity. • Hosted based IDS can monitor web server logs and alert when something strange happens. 12
  • 13. Prevention of SQL Injection Attacks • Sanitize database inputs. Any input to the web application database should be considered untrustworthy and should be dealt accordingly. • Developers must follow the principle of white listing the input validation • Use ‘prepared’ statements with parameterized queries, and to escape all user supplied input. • Limit the account privileges of the database user. Also give the web application the minimum privileges it needs to run. • Stored procedures can also make SQLI a lot harder. 13
  • 14. SQL injection Attacks using SQL MAP • SQL Map  An open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. • PHP ID vulnerability  PHP ID vulnerability in websites are more prone to SQL injection attacks. Search engines like google can index websites that can contain the following line “php?id=1” in the URL. Attackers can make use of this vulnerability to perform SQLI attacks • Type the following the line in google search  “inurl: php?id=1”. It will list out all URLs that contains the above phrase. • A website can checked for SQLI vulnerability by appending a ‘ symbol at the end of the URL. If the content changes then it indicates that it is prone to SQL injection attacks 14
  • 15. Working of sqlmap • Open ‘sqlmap’ in Terminal and type the command “sqlmap –h to see the list of options which are available • Type the command  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –dbs • Here u  URL of the website • dbs  To list out all the available databases related to the website • To get the tables  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 -D pha –tables • To get the columns  sqlmap –u http://www.pha.org.pk/sro_list.php?catid=1 –D pha –T cp_user --columns 15
  • 16. Bibliography 1) https://portswigger.net/daily-swig/sql-injection-flaw-opened-doorway-to-starbucks- accounting-database 2) https://www.csoonline.com/article/3257429/what-is-sql-injection-how-sqli-attacks-work- and-how-to-prevent-them.html 3) https://www.eweek.com/blogs/security-watch/sony-woes-continue-with-sql-injection- attacks 4) CEH module V9 on SQL Injection 5) Hackersploit – SQL Injection https://www.youtube.com/watch?v=3ZFblGx5v94 6) https://www.vice.com/en_us/article/aekzez/the-history-of-sql-injection-the-hack-that-will- never-go-away 7) SQL Injection for Beginners - https://www.youtube.com/watch?v=oWHKIiRGjtQ 8) https://www.cvedetails.com/vulnerability-list/opsqli-1/sql-injection.html 9) www.sqlmap.org 10) https://www.imperva.com/learn/application-security/sql-injection-sqli 11) https://en.wikipedia.org/wiki/SQL_injection 16