Yusuf Amro, profile picture
Uploaded byYusuf Amro
PPTX, PDF467 views

Sql Injection at Hashemite University

The document discusses SQL injection and how to use the Damn Vulnerable Web Application (DVWA) project to practice security skills. It defines SQL injection as executing SQL statements through user inputs to extract information from or attack databases. The document demonstrates how an attacker can use SQL injection to retrieve all user passwords by passing a malicious SQL statement through the username field. It then introduces the DVWA project as a legal environment for security professionals and developers to test their skills and understanding of securing web applications by introducing vulnerabilities. The document concludes by summarizing what was learned about SQL injection and how to use DVWA for skills development.

Embed presentation

Downloaded 15 times
The Hashemite University Prince Al-Hussein Bin Abdullah II Faculty for Information Technology Sql Injection with Yusuf Ali Network Security By Dr. Ashraf Aljammal
What we will learn ? 4)Howtousedvwatodevelopourskills? 3)Whatisdvwaproject. 2)HowtoattackusingSQLinjection? 1)WhatisSQLInjection.
Sql Injection
How to hack a website using Sql injection ?
The Vulnerable is execution of inputs without scan it. Inputs like username maybe a sql statement! Which executed at Database of server by Hackers. 1) Normal password : karcobia $sql = “select * from users where pass=$password”; 2) Attacker's password : abc. or 1=1 $sql = “select * from users where pass=$password”.or 1=1;
As we can see here we got all users and passwords in the Database!
Hacker can execute any sql statement like Admin privileges! Result
dvwa Project http://www.dvwa.co.uk/ Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, It also helps web developers better understand the process of securing server and web app or can also be use to teach students ethical hacking and pretesting. - See more at: http://www.hackw0rm.net/2013/02/how-to-create- penentration-lab-in.html#sthash.AXAhpGPY.dpuf
Let’s Try it!
SQL Injection Gather information of database : 1 ) Version of Database 2 ) User of Database 3 ) Database name 4 ) Tables in Schema information 5 ) mysql Table information 6 ) Users and Passwords 7 ) Decrypt Hash Passwords
How to ensure that your password hash in not in the MD5 huge databases?
What we learned ? What is Sql Injection. How to attack using sql injection? What is dvwa project. How to use dvwa to develop your skills?
Thank you for your time and attention! Contact info: Email: Yusuf.alquran@gmail.com Twitter: @YusufAmro Junior GIS Web and Mobile Application Developer JoGulf Spatial Data Systems

More Related Content

PDF
How to identify and prevent SQL injection
byEguardian Global Services
 
PPTX
Owasp top 10 vulnerabilities
byOWASP Delhi
 
PPTX
security misconfigurations
byMegha Sahu
 
PDF
XSS And SQL Injection Vulnerabilities
byMindfire Solutions
 
PDF
ATM Malware: Understanding the threat
byCysinfo Cyber Security Community
 
PPTX
Reversing malware analysis training part1 lab setup guide
byCysinfo Cyber Security Community
 
PDF
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
PPTX
Cyber crime an eye opener 144 te 2 t-7
byGargee Hiray
 
How to identify and prevent SQL injection
byEguardian Global Services
 
Owasp top 10 vulnerabilities
byOWASP Delhi
 
security misconfigurations
byMegha Sahu
 
XSS And SQL Injection Vulnerabilities
byMindfire Solutions
 
ATM Malware: Understanding the threat
byCysinfo Cyber Security Community
 
Reversing malware analysis training part1 lab setup guide
byCysinfo Cyber Security Community
 
A5-Security misconfiguration-OWASP 2013
bySorina Chirilă
 
Cyber crime an eye opener 144 te 2 t-7
byGargee Hiray
 

What's hot

PDF
Owasp top 10 web application security hazards - Part 1
byAbhinav Sejpal
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PPTX
Pentesting Android Apps
byAbdelhamid Limami
 
PPT
Sql injection
byPallavi Biswas
 
PDF
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
byAll Things Open
 
PPTX
A5: Security Misconfiguration
byTariq Islam
 
PPTX
Owasp top 10 security threats
byVishal Kumar
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
PDF
How to find Zero day vulnerabilities
byMohammed A. Imran
 
PPTX
Sql injection & command injection
byLahore Garrison University
 
PDF
Session11-NoSQL InjectionPHP Injection
byzakieh alizadeh
 
PDF
Browser Exploit Framework
byn|u - The Open Security Community
 
PPTX
Reversing malware analysis training part2 introduction to windows internals
byCysinfo Cyber Security Community
 
PDF
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
byGrand Parade Poland
 
PPTX
Web security
bydogangcr
 
PPTX
ASP.NET security vulnerabilities
byAleksandar Bozinovski
 
PPT
Protecting Your Web Site From SQL Injection & XSS
byskyhawk133
 
PPTX
Secure Programming In Php
byAkash Mahajan
 
PDF
Is My App Secure ?
byHerman Duarte
 
PPTX
Reversing malware analysis trainingpart9 advanced malware analysis
byCysinfo Cyber Security Community
 
Owasp top 10 web application security hazards - Part 1
byAbhinav Sejpal
 
Sql injections - with example
byPrateek Chauhan
 
Pentesting Android Apps
byAbdelhamid Limami
 
Sql injection
byPallavi Biswas
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
byAll Things Open
 
A5: Security Misconfiguration
byTariq Islam
 
Owasp top 10 security threats
byVishal Kumar
 
Ch08 Microsoft Operating System Vulnerabilities
byphanleson
 
How to find Zero day vulnerabilities
byMohammed A. Imran
 
Sql injection & command injection
byLahore Garrison University
 
Session11-NoSQL InjectionPHP Injection
byzakieh alizadeh
 
Browser Exploit Framework
byn|u - The Open Security Community
 
Reversing malware analysis training part2 introduction to windows internals
byCysinfo Cyber Security Community
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
byGrand Parade Poland
 
Web security
bydogangcr
 
ASP.NET security vulnerabilities
byAleksandar Bozinovski
 
Protecting Your Web Site From SQL Injection & XSS
byskyhawk133
 
Secure Programming In Php
byAkash Mahajan
 
Is My App Secure ?
byHerman Duarte
 
Reversing malware analysis trainingpart9 advanced malware analysis
byCysinfo Cyber Security Community
 

Similar to Sql Injection at Hashemite University

PDF
Sql Injection and XSS
byMike Crabb
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PPTX
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
PPT
SQLSecurity.ppt
byCNSHacking
 
PPT
SQLSecurity.ppt
byLokeshK66
 
PDF
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
PPT
Sql security
bySafwan Hashmi
 
PDF
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
bySam Bowne
 
PPTX
References
byMohammed
 
PDF
SQL Injection
byAbhinav Nair
 
PPTX
Oracle database threats - LAOUC Webinar
byOsama Mustafa
 
PDF
Sql injection manish file
byyukta888
 
PPT
Advanced SQL Injection
byamiable_indian
 
PDF
sql-inj_attack.pdf
byssuser07cf8b
 
PPT
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
PDF
SQL Injection Tutorial
byMagno Logan
 
PDF
The practice of web application penetration testing
by_U2_
 
PPTX
References - sql injection
byMohammed
 
PDF
LogLogic SQL Server Hacking DBs April09
byMark Ginnebaugh
 
PPT
Sql Injection Adv Owasp
byAung Khant
 
Sql Injection and XSS
byMike Crabb
 
Sql injection - security testing
byNapendra Singh
 
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
SQLSecurity.ppt
byCNSHacking
 
SQLSecurity.ppt
byLokeshK66
 
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
Sql security
bySafwan Hashmi
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
bySam Bowne
 
References
byMohammed
 
SQL Injection
byAbhinav Nair
 
Oracle database threats - LAOUC Webinar
byOsama Mustafa
 
Sql injection manish file
byyukta888
 
Advanced SQL Injection
byamiable_indian
 
sql-inj_attack.pdf
byssuser07cf8b
 
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
SQL Injection Tutorial
byMagno Logan
 
The practice of web application penetration testing
by_U2_
 
References - sql injection
byMohammed
 
LogLogic SQL Server Hacking DBs April09
byMark Ginnebaugh
 
Sql Injection Adv Owasp
byAung Khant
 

Recently uploaded

PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
PDF
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
PDF
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
PDF
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Agentic Automation for Testers – A Hands-On Deep Dive
byUiPathCommunity
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
The Landscape of Computer Software Development Companies
byYash Singh
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Session 1 - Solving Semi-Structured Documents with Document Understanding
byDianaGray10
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
eResource Scheduler Enterprise Resource Management and Scheduling Software.pdf
byeResource Scheduler
 
AI and Computer Architecture: 200 Years Together
byDmitry Zinoviev
 
The Ultimate Guide to Problem Management Dashboards for IT Teams.pdf
byomnex systems
 
Ransomware_Resilience_Strategic_Playbook.pdf
byAfonso Henrique Rodrigues Alves
 

Sql Injection at Hashemite University

  • 1.
    The Hashemite University PrinceAl-Hussein Bin Abdullah II Faculty for Information Technology Sql Injection with Yusuf Ali Network Security By Dr. Ashraf Aljammal
  • 2.
    What we willlearn ? 4)Howtousedvwatodevelopourskills? 3)Whatisdvwaproject. 2)HowtoattackusingSQLinjection? 1)WhatisSQLInjection.
  • 3.
  • 4.
    How to hacka website using Sql injection ?
  • 5.
    The Vulnerable isexecution of inputs without scan it. Inputs like username maybe a sql statement! Which executed at Database of server by Hackers. 1) Normal password : karcobia $sql = “select * from users where pass=$password”; 2) Attacker's password : abc. or 1=1 $sql = “select * from users where pass=$password”.or 1=1;
  • 6.
    As we cansee here we got all users and passwords in the Database!
  • 7.
    Hacker can executeany sql statement like Admin privileges! Result
  • 8.
    dvwa Project http://www.dvwa.co.uk/ Damn VulnerableWeb App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, It also helps web developers better understand the process of securing server and web app or can also be use to teach students ethical hacking and pretesting. - See more at: http://www.hackw0rm.net/2013/02/how-to-create- penentration-lab-in.html#sthash.AXAhpGPY.dpuf
  • 9.
  • 10.
    SQL Injection Gather informationof database : 1 ) Version of Database 2 ) User of Database 3 ) Database name 4 ) Tables in Schema information 5 ) mysql Table information 6 ) Users and Passwords 7 ) Decrypt Hash Passwords
  • 11.
    How to ensurethat your password hash in not in the MD5 huge databases?
  • 12.
    What we learned? What is Sql Injection. How to attack using sql injection? What is dvwa project. How to use dvwa to develop your skills?
  • 14.
    Thank you foryour time and attention! Contact info: Email: Yusuf.alquran@gmail.com Twitter: @YusufAmro Junior GIS Web and Mobile Application Developer JoGulf Spatial Data Systems