SlideShare a Scribd company logo

Sql injection

Download as PPT, PDF
N
Nikunj Dhameliya

This presentation include sql injection intro,type,example,prevention techniques etc....

Software
1 of 27
Topic :- SQL Injection Prepared by: Nikunj Dhameliya(115375) Student @ gvp ORACLE
Topics 1. What are injection attacks? 2. How SQL Injection Works 3. Exploiting SQL Injection Bugs 4. Prevent SQL Injection 5. Other Injection Attacks
Injection  Injection attacks trick an application into including unintended commands in the data send to an interpreter.  Interpreters  Interpret strings as commands.  Ex: SQL, shell (cmd.exe, bash)  Key Idea  Input data from the application is executed as code by the interpreter.
SQL Injection 1. App sends form to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. Web Server Attacker DB Server Firewall User Pass ‘ or 1=1-- Form
SQL Injection Attack #1 Unauthorized Access Attempt: password = ’ or1=1 -- SQL statement becomes: select count(* ) from use rs where use rnam e = ‘use r’ and passwo rd = ‘’ or1=1 -- Checks if password is empty OR 1=1, which is always true, permitting access.
SQL Injection Attack #2 Database Modification Attack: password = foo’; delete fromtable use rs where use rnam e like ‘% DB executes two SQL statements: select count(* ) fromuse rs where use rnam e = ‘use r’ and passwo rd = ‘fo o ’ delete fromtable use rs where use rnam e like ‘%’
Finding SQL Injection Bugs Submit a single quote as input. • If an error results, app is vulnerable. • If no error, check for any output changes. Submit two single quotes. • Databases use ’’ to represent literal ’ • If error disappears, app is vulnerable. Try string or numeric operators.  Oracle: ’||’FOO  MS-SQL: ‘+’FOO  MySQL: ’-’FOO  2-2  81+19  49-ASCII(1)
Injecting into SELECT Most common SQL entry point. SELECT columns FROM table WHERE expression ORDER BY expression Places where user input is inserted: WHERE expression ORDER BY expression Table or column names
Injecting into INSERT Creates a new data row in a table. INSERT INTO table (col1, col2, ...) VALUES (val1, val2, ...) Requirements Number of values must match # columns. Types of values must match column types. Technique: add values until no error. foo’)-- foo’, 1)-- foo’, 1, 1)--
Injecting into UPDATE Modifies one or more rows of data. UPDATE table SET col1=val1, col2=val2, ... WHERE expression Places where input is inserted SET clause WHERE clause Be careful with WHERE clause ’ OR 1=1 will change all rows
UNION Combines SELECTs into one result. SELECT cols FROM table WHERE expr UNION SELECT cols2 FROM table2 WHERE expr2 Allows attacker to read any table foo’ UNION SELECT number FROM cc-- Requirements Results must have same number and type of cols. Attacker needs to know name of other table. DB returns results with column names of 1st query.
More Examples (1)  Application authentication bypass using SQL injection.  Suppose a web form takes userID and password as input.  The application receives a user ID and a password and authenticate the user by checking the existence of the user in the USER table and matching the data in the PWD column.  Assume that the application is not validating what the user types into these two fields and the SQL statement is created by string concatenation.
More Example (2)  The following code could be an example of such bad practice: sqlString = “select USERID from USER where USERID = `” & userId & “` and PWD = `” & pwd & “`” result = GetQueryResult(sqlString) If(result = “”) then userHasBeenAuthenticated = False Else userHasBeenAuthenticated = True End If
More Example (3)  User ID: ` OR ``=`  Password: `OR ``=`  In this case the sqlString used to create the result set would be as follows: select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` TRUE TRUE  Which would certainly set the userHasBenAuthenticated variable to true.
More Example (4) User ID: ` OR ``=`` -- Password: abc Because anything after the -- will be ignore, the injection will work even without any specific injection into the password predicate.
More Example (5) User ID: ` ; DROP TABLE USER ; -- Password: `OR ``=` select USERID from USER where USERID = `` ; DROP TABLE USER ; -- ` and PWD = ``OR ``=`` I will not try to get any information, I just wan to bring the application down.
Impact of SQL Injection 1. Leakage of sensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
The Cause: String Building Building a SQL command string with user input in any language is dangerous. • String concatenation with variables. • String format functions like sprintf(). • String templating with variable replacement.
Mitigating SQL Injection Ineffective Mitigations Blacklists Stored Procedures Partially Effective Mitigations Whitelists Prepared Queries
Blacklists Filter out or Sanitize known bad SQL meta- characters, such as single quotes. Problems: 1. Numeric parameters don’t use quotes. 2. URL escaped metacharacters. 3. Unicode encoded metacharacters. Though it's easy to point out some dangerous characters, it's harder to point to all of them.
Stored Procedures Stored Procedures build strings too: CREATE PROCEDURE dbo.doQuery(@id nchar(128)) AS DECLARE @query nchar(256) SELECT @query = ‘SELECT cc FROM cust WHERE id=‘’’ + @id + ‘’’’ EXEC @query RETURN it's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection. It's only proper binding with prepare/execute or direct SQL statements with bound variables that provide protection.
Whitelist Reject input that doesn’t match your list of safe characters to accept.  Identify what is good, not what is bad.  Reject input instead of attempting to repair.  Still have to deal with single quotes when required, such as in names.
Prepared Queries  bound parameters, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form. Later, this prepared query is "executed" with a list of parameters. Example in Perl: $sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;"); $sth->execute($email); $email is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks.
Prepared Queries  bound parameters in Java Insecure version Statement s = connection.createStatement(); ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = " + formField); // *boom* Secure version PreparedStatement ps = connection.prepareStatement( "SELECT email FROM member WHERE name = ?"); ps.setString(1, formField); ResultSet rs = ps.executeQuery(); There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once), but this is minor compared to the enormous security benefits. This is probably the single most important step one can take to secure a web application.
Other Injection Types  Shell injection.  Scripting language injection.  File inclusion.  XML injection.  XPath injection.  LDAP injection.  SMTP injection.
SQL injection Conclusion  SQL injection is technique for exploiting applications that use relational databases as their back end.  All databases can be a target of SQL injection and all are vulnerable to this technique.  SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries.  The vulnerability is in the application layer outside of the database, and the moment that the application has a connection into the database.
Thank You !

Recommended

Sql injection
Sql injectionSql injection
Sql injectionZidh
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 

Recommended

Sql injection
Sql injectionSql injection
Sql injectionZidh
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecuritySanad Bhowmik
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Sql injection
Sql injectionSql injection
Sql injectionNuruzzaman Milon
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionSayed Ahmad Naweed
 
Sql injection
Sql injectionSql injection
Sql injectionPallavi Biswas
 
Sql injection
Sql injectionSql injection
Sql injectionSasha-Leigh Garret
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionAsish Kumar Rath
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
Social Media and Small Business
Social Media and Small BusinessSocial Media and Small Business
Social Media and Small BusinessStrategyWorks
 
Man-in-the-Middle in ARP/DNS Poisoning Phishing site
Man-in-the-Middle in ARP/DNS Poisoning Phishing siteMan-in-the-Middle in ARP/DNS Poisoning Phishing site
Man-in-the-Middle in ARP/DNS Poisoning Phishing siteWillyFooFoo
 

More Related Content

What's hot

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 

What's hot (20)

SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 

Viewers also liked

Social Media and Small Business
Social Media and Small BusinessSocial Media and Small Business
Social Media and Small BusinessStrategyWorks
 
Man-in-the-Middle in ARP/DNS Poisoning Phishing site
Man-in-the-Middle in ARP/DNS Poisoning Phishing siteMan-in-the-Middle in ARP/DNS Poisoning Phishing site
Man-in-the-Middle in ARP/DNS Poisoning Phishing siteWillyFooFoo
 
impact of social networking sites on business
impact of social networking sites on businessimpact of social networking sites on business
impact of social networking sites on businessnitish_singh
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
Security Threats In Business Using Social Networking Sites.
Security Threats In Business Using Social Networking Sites.Security Threats In Business Using Social Networking Sites.
Security Threats In Business Using Social Networking Sites.Tasheen Sheikh
 
The impact of social media
The impact of social mediaThe impact of social media
The impact of social mediaememdesign
 
The effect-of-social-networking-sites
The effect-of-social-networking-sitesThe effect-of-social-networking-sites
The effect-of-social-networking-sitesRam Patil
 

Viewers also liked (7)

Social Media and Small Business
Social Media and Small BusinessSocial Media and Small Business
Social Media and Small Business
 
Man-in-the-Middle in ARP/DNS Poisoning Phishing site
Man-in-the-Middle in ARP/DNS Poisoning Phishing siteMan-in-the-Middle in ARP/DNS Poisoning Phishing site
Man-in-the-Middle in ARP/DNS Poisoning Phishing site
 
impact of social networking sites on business
impact of social networking sites on businessimpact of social networking sites on business
impact of social networking sites on business
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Security Threats In Business Using Social Networking Sites.
Security Threats In Business Using Social Networking Sites.Security Threats In Business Using Social Networking Sites.
Security Threats In Business Using Social Networking Sites.
 
The impact of social media
The impact of social mediaThe impact of social media
The impact of social media
 
The effect-of-social-networking-sites
The effect-of-social-networking-sitesThe effect-of-social-networking-sites
The effect-of-social-networking-sites
 

Similar to Sql injection

Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17Eoin Keary
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sqlKaustav Sengupta
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampFelipe Prado
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionAhmed AbdelSatar
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersChema Alonso
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlChema Alonso
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLkobaitari
 

Similar to Sql injection (20)

Sql injection
Sql injectionSql injection
Sql injection
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
Greensql2007
Greensql2007Greensql2007
Greensql2007
 
Code injection and green sql
Code injection and green sqlCode injection and green sql
Code injection and green sql
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lampDEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
 
Asp
AspAsp
Asp
 
Web application security
Web application securityWeb application security
Web application security
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)Sql
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
2nd-Order-SQLi-Josh
2nd-Order-SQLi-Josh2nd-Order-SQLi-Josh
2nd-Order-SQLi-Josh
 
SQL Injection in JAVA
SQL Injection in JAVASQL Injection in JAVA
SQL Injection in JAVA
 
Sq li
Sq liSq li
Sq li
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQL
 

Recently uploaded

WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benonimasabamasaba
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in sowetomasabamasaba
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplatePresentation.STUDIO
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxalwaysnagaraju26
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...masabamasaba
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...masabamasaba
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...masabamasaba
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park masabamasaba
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburgmasabamasaba
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...masabamasaba
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024VictoriaMetrics
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnAmarnathKambale
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrainmasabamasaba
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...masabamasaba
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2
 

Recently uploaded (20)

WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni%in Benoni+277-882-255-28 abortion pills for sale in Benoni
%in Benoni+277-882-255-28 abortion pills for sale in Benoni
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
WSO2Con2024 - From Blueprint to Brilliance: WSO2's Guide to API-First Enginee...
 
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
WSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - KanchanaWSO2Con2024 - Hello Choreo Presentation - Kanchana
WSO2Con2024 - Hello Choreo Presentation - Kanchana
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
WSO2CON 2024 - Cloud Native Middleware: Domain-Driven Design, Cell-Based Arch...
 
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learnVTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Toronto Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AIWSO2CON 2024 Slides - Unlocking Value with AI
WSO2CON 2024 Slides - Unlocking Value with AI
 

Sql injection

  • 1. Topic :- SQL Injection Prepared by: Nikunj Dhameliya(115375) Student @ gvp ORACLE
  • 2. Topics 1. What are injection attacks? 2. How SQL Injection Works 3. Exploiting SQL Injection Bugs 4. Prevent SQL Injection 5. Other Injection Attacks
  • 3. Injection  Injection attacks trick an application into including unintended commands in the data send to an interpreter.  Interpreters  Interpret strings as commands.  Ex: SQL, shell (cmd.exe, bash)  Key Idea  Input data from the application is executed as code by the interpreter.
  • 4. SQL Injection 1. App sends form to user. 2. Attacker submits form with SQL exploit data. 3. Application builds string with exploit data. 4. Application sends SQL query to DB. 5. DB executes query, including exploit, sends data back to application. 6. Application returns data to user. Web Server Attacker DB Server Firewall User Pass ‘ or 1=1-- Form
  • 5. SQL Injection Attack #1 Unauthorized Access Attempt: password = ’ or1=1 -- SQL statement becomes: select count(* ) from use rs where use rnam e = ‘use r’ and passwo rd = ‘’ or1=1 -- Checks if password is empty OR 1=1, which is always true, permitting access.
  • 6. SQL Injection Attack #2 Database Modification Attack: password = foo’; delete fromtable use rs where use rnam e like ‘% DB executes two SQL statements: select count(* ) fromuse rs where use rnam e = ‘use r’ and passwo rd = ‘fo o ’ delete fromtable use rs where use rnam e like ‘%’
  • 7. Finding SQL Injection Bugs Submit a single quote as input. • If an error results, app is vulnerable. • If no error, check for any output changes. Submit two single quotes. • Databases use ’’ to represent literal ’ • If error disappears, app is vulnerable. Try string or numeric operators.  Oracle: ’||’FOO  MS-SQL: ‘+’FOO  MySQL: ’-’FOO  2-2  81+19  49-ASCII(1)
  • 8. Injecting into SELECT Most common SQL entry point. SELECT columns FROM table WHERE expression ORDER BY expression Places where user input is inserted: WHERE expression ORDER BY expression Table or column names
  • 9. Injecting into INSERT Creates a new data row in a table. INSERT INTO table (col1, col2, ...) VALUES (val1, val2, ...) Requirements Number of values must match # columns. Types of values must match column types. Technique: add values until no error. foo’)-- foo’, 1)-- foo’, 1, 1)--
  • 10. Injecting into UPDATE Modifies one or more rows of data. UPDATE table SET col1=val1, col2=val2, ... WHERE expression Places where input is inserted SET clause WHERE clause Be careful with WHERE clause ’ OR 1=1 will change all rows
  • 11. UNION Combines SELECTs into one result. SELECT cols FROM table WHERE expr UNION SELECT cols2 FROM table2 WHERE expr2 Allows attacker to read any table foo’ UNION SELECT number FROM cc-- Requirements Results must have same number and type of cols. Attacker needs to know name of other table. DB returns results with column names of 1st query.
  • 12. More Examples (1)  Application authentication bypass using SQL injection.  Suppose a web form takes userID and password as input.  The application receives a user ID and a password and authenticate the user by checking the existence of the user in the USER table and matching the data in the PWD column.  Assume that the application is not validating what the user types into these two fields and the SQL statement is created by string concatenation.
  • 13. More Example (2)  The following code could be an example of such bad practice: sqlString = “select USERID from USER where USERID = `” & userId & “` and PWD = `” & pwd & “`” result = GetQueryResult(sqlString) If(result = “”) then userHasBeenAuthenticated = False Else userHasBeenAuthenticated = True End If
  • 14. More Example (3)  User ID: ` OR ``=`  Password: `OR ``=`  In this case the sqlString used to create the result set would be as follows: select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` select USERID from USER where USERID = ``OR``=``and PWD = `` OR``=`` TRUE TRUE  Which would certainly set the userHasBenAuthenticated variable to true.
  • 15. More Example (4) User ID: ` OR ``=`` -- Password: abc Because anything after the -- will be ignore, the injection will work even without any specific injection into the password predicate.
  • 16. More Example (5) User ID: ` ; DROP TABLE USER ; -- Password: `OR ``=` select USERID from USER where USERID = `` ; DROP TABLE USER ; -- ` and PWD = ``OR ``=`` I will not try to get any information, I just wan to bring the application down.
  • 17. Impact of SQL Injection 1. Leakage of sensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
  • 18. The Cause: String Building Building a SQL command string with user input in any language is dangerous. • String concatenation with variables. • String format functions like sprintf(). • String templating with variable replacement.
  • 19. Mitigating SQL Injection Ineffective Mitigations Blacklists Stored Procedures Partially Effective Mitigations Whitelists Prepared Queries
  • 20. Blacklists Filter out or Sanitize known bad SQL meta- characters, such as single quotes. Problems: 1. Numeric parameters don’t use quotes. 2. URL escaped metacharacters. 3. Unicode encoded metacharacters. Though it's easy to point out some dangerous characters, it's harder to point to all of them.
  • 21. Stored Procedures Stored Procedures build strings too: CREATE PROCEDURE dbo.doQuery(@id nchar(128)) AS DECLARE @query nchar(256) SELECT @query = ‘SELECT cc FROM cust WHERE id=‘’’ + @id + ‘’’’ EXEC @query RETURN it's always possible to write a stored procedure that itself constructs a query dynamically: this provides no protection against SQL Injection. It's only proper binding with prepare/execute or direct SQL statements with bound variables that provide protection.
  • 22. Whitelist Reject input that doesn’t match your list of safe characters to accept.  Identify what is good, not what is bad.  Reject input instead of attempting to repair.  Still have to deal with single quotes when required, such as in names.
  • 23. Prepared Queries  bound parameters, which are supported by essentially all database programming interfaces. In this technique, an SQL statement string is created with placeholders - a question mark for each parameter - and it's compiled ("prepared", in SQL parlance) into an internal form. Later, this prepared query is "executed" with a list of parameters. Example in Perl: $sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;"); $sth->execute($email); $email is the data obtained from the user's form, and it is passed as positional parameter #1 (the first question mark), and at no point do the contents of this variable have anything to do with SQL statement parsing. Quotes, semicolons, backslashes, SQL comment notation - none of this has any impact, because it's "just data". There simply is nothing to subvert, so the application is be largely immune to SQL injection attacks.
  • 24. Prepared Queries  bound parameters in Java Insecure version Statement s = connection.createStatement(); ResultSet rs = s.executeQuery("SELECT email FROM member WHERE name = " + formField); // *boom* Secure version PreparedStatement ps = connection.prepareStatement( "SELECT email FROM member WHERE name = ?"); ps.setString(1, formField); ResultSet rs = ps.executeQuery(); There also may be some performance benefits if this prepared query is reused multiple times (it only has to be parsed once), but this is minor compared to the enormous security benefits. This is probably the single most important step one can take to secure a web application.
  • 25. Other Injection Types  Shell injection.  Scripting language injection.  File inclusion.  XML injection.  XPath injection.  LDAP injection.  SMTP injection.
  • 26. SQL injection Conclusion  SQL injection is technique for exploiting applications that use relational databases as their back end.  All databases can be a target of SQL injection and all are vulnerable to this technique.  SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries.  The vulnerability is in the application layer outside of the database, and the moment that the application has a connection into the database.

Editor's Notes

  1. Principle of Least Privilege likely violated as web server user needs privileges to do all operators permitted on users, including deleting them.