ST
Uploaded bySuraj Tiwari
PPTX, PDF85 views

Sql injection

SQL injection is a web security vulnerability that allows attackers to interfere with or gain access to a database through a web application. It occurs when user input is not validated for SQL keywords and special characters that could modify the intended SQL queries. Attackers can use SQL injection to read sensitive data from the database, modify database contents, or even execute administrative operations. Proper input validation and output encoding can help prevent SQL injection attacks.

Embed presentation

Download to read offline
SQL INJECTION Suraj Tiwari
What is Sql Injection ?. SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS). Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
How sql injection work. In order to run malicious SQL queries against a database server, an attacker must first find an input within the web application that is included inside of an SQL query. In order for an SQL Injection attack to take place, the vulnerable website needs to directly include user input within an SQL statement. An attacker can then insert a payload that will be included as part of the SQL query and run against the database server. Simple example: A simple example of an SQL Injection payload could be something as simple as setting the password field to password’ OR 1=1
Pseudo-code # Define POST variables uname = request.POST['username'] passwd = request.POST['password'] # SQL query vulnerable to SQLi sql = “SELECT id FROM users WHERE username=’” + uname + “’ AND password=’” + passwd + “’” # Execute the SQL statement database.execute(sql) This would result in the following SQL query being run against the database server. SELECT id FROM users WHERE username=’username’ AND password=’password’ OR 1=1’
Comment base An attacker can also comment out the rest of the SQL statement to control the execution of the SQL query further. -- MySQL, MSSQL, Oracle, PostgreSQL, SQLite ' OR '1'='1' -- ' OR '1'='1' /* -- MySQL ' OR '1'='1' # -- Access (using null characters) ' OR '1'='1' %00 ' OR '1'='1' %16
Types of sql Injection Sql Injection Types Escape Charatcter Incorrect Type handling Blind Sql Injection Condition al Response Second order Sql Injection
Incorrectly filtered escape characters This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into an SQL statement. This results in the potential manipulation of the statements performed on the database by the end-user of the application. The following line of code illustrates this vulnerability: statement = "SELECT * FROM users WHERE name = '" + userName + "';"
Incorrect type handling This form of SQL injection occurs when a user-supplied field is not strongly typed or is not checked for type constraints. This could take place when a numeric field is to be used in a SQL statement, but the programmer makes no checks to validate that the user supplied input is numeric. For example: statement := "SELECT * FROM userinfo WHERE id =" + a_variable + ";" will drop (delete) the "users" table from the database, since the SQL becomes: SELECT * FROM userinfo WHERE id=1; DROP TABLE users;
Blind sql Injection Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack has traditionally been considered time-intensive because a new statement needed to be crafted for each bit recovered, and depending on its structure, the attack may consist of many unsuccessful requests. Recent advancements have allowed each request to recover multiple bits, with no unsuccessful requests, allowing for more consistent and efficient extraction.] There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established.
Conditional response One type of blind SQL injection forces the database to evaluate a logical statement on an ordinary application screen. As an example, a book review website uses a query string to determine which book review to display Example: the URL http://books.example.com/showReview.php?ID=5 would cause the server to run the query SELECT * FROM bookreviews WHERE ID = 'Value(ID)';
Second order sql Injection Second order SQL injection occurs when submitted values contain malicious commands that are stored rather than executed immediately. In some cases, the application may correctly encode an SQL statement and store it as valid SQL. Then, another part of that application without controls to protect against SQL injection might execute that stored SQL statement. This attack requires more knowledge of how submitted values are later used. Automated web application security scanners would not easily detect this type of SQL injection and may need to be manually instructed where to check for evidence that it is being attempted
Some common examples SELECT ItemName, ItemDescription FROM Items WHERE ItemNumber = 999 OR 1=1 This will show you all the recorde which is save in field ItemName and ItemDescription SELECT ItemName, ItemDescription FROM Items WHERE ItemNumber = 999; DROP TABLE USERS This will drop all the records of table users table
Sql Prevention and Mitigation There are several effective ways to prevent SQLI attacks from taking place, as well as protecting against them, should they occur. The first step is input validation (a.k.a. sanitization), which is the practice of writing code that can identify illegitimate user inputs.
Sql Prevention and Mitigation While input validation should always be considered best practice, it is rarely a foolproof solution. The reality is that, in most cases, it is simply not feasible to map out all legal and illegal inputs—at least not without causing a large amount of false positives, which interfere with user experience and an application’s functionality. Modern web application firewalls are also often integrated with other security solutions. From these, a WAF can receive additional information that further augments its security capabilities.
THANK YOU

More Related Content

PPTX
SQL injection implementation and prevention
byRejaul Islam Royel
 
PPTX
SQL Injection attack
byRayudu Babu
 
PPTX
SQL INJECTION
byMentorcs
 
PDF
Sql Injection and XSS
byMike Crabb
 
DOCX
Types of sql injection attacks
byRespa Peter
 
PPT
Sql injection
byPallavi Biswas
 
ODT
Sql injection
byAshok Kumar
 
PDF
SQL Injection
byMagno Logan
 
SQL injection implementation and prevention
byRejaul Islam Royel
 
SQL Injection attack
byRayudu Babu
 
SQL INJECTION
byMentorcs
 
Sql Injection and XSS
byMike Crabb
 
Types of sql injection attacks
byRespa Peter
 
Sql injection
byPallavi Biswas
 
Sql injection
byAshok Kumar
 
SQL Injection
byMagno Logan
 

What's hot

PPTX
Sql injection - security testing
byNapendra Singh
 
PPTX
Sql injection attack
byRaghav Bisht
 
PPTX
Ppt on sql injection
byashish20012
 
PDF
Sql injection
bySafwan Hashmi
 
PPT
Sql injection
byNikunj Dhameliya
 
PDF
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
byEdureka!
 
PPTX
seminar report on Sql injection
byJawhar Ali
 
PPTX
SQL Injections (Part 1)
byn|u - The Open Security Community
 
PDF
How to identify and prevent SQL injection
byEguardian Global Services
 
PPT
Sql injection
byNitish Kumar
 
PPTX
SQL INJECTION
byAnoop T
 
PDF
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
PPTX
Sql injection
byZidh
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PPTX
Sql injection
bySasha-Leigh Garret
 
PDF
XSS And SQL Injection Vulnerabilities
byMindfire Solutions
 
PDF
Sql
byIJASCSE
 
PPSX
Web application security
bywww.netgains.org
 
PDF
Seminar2015Bilic_Nicole
byNicole Bili?
 
PDF
Practical Approach towards SQLi ppt
byAhamed Saleem
 
Sql injection - security testing
byNapendra Singh
 
Sql injection attack
byRaghav Bisht
 
Ppt on sql injection
byashish20012
 
Sql injection
bySafwan Hashmi
 
Sql injection
byNikunj Dhameliya
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
byEdureka!
 
seminar report on Sql injection
byJawhar Ali
 
SQL Injections (Part 1)
byn|u - The Open Security Community
 
How to identify and prevent SQL injection
byEguardian Global Services
 
Sql injection
byNitish Kumar
 
SQL INJECTION
byAnoop T
 
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
Sql injection
byZidh
 
Sql injections - with example
byPrateek Chauhan
 
Sql injection
bySasha-Leigh Garret
 
XSS And SQL Injection Vulnerabilities
byMindfire Solutions
 
Sql
byIJASCSE
 
Web application security
bywww.netgains.org
 
Seminar2015Bilic_Nicole
byNicole Bili?
 
Practical Approach towards SQLi ppt
byAhamed Saleem
 

Similar to Sql injection

PDF
A METHOD OF DETECTING SQL INJECTION ATTACK TO SECURE WEB APPLICATIONS
bysamueljackson3773
 
PPTX
SQL injection
byRaj Parmar
 
PPTX
SQL Injection.jpg.pptx
bydawitTerefe5
 
PDF
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
PDF
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
DOCX
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
PPTX
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
PPTX
Sql injection
byIlan Mindel
 
PPTX
Sql Injection
bypenetration Tester
 
PDF
Blind sql injection
byKagi Adrian Zinelli
 
PPTX
Sql Injection
byAju Thomas
 
PPTX
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
PDF
Op2423922398
byIJERA Editor
 
PDF
Ijcatr04041018
byEditor IJCATR
 
PDF
Ijcet 06 10_005
byIAEME Publication
 
PPTX
cybersecurity and sql injection for students
byVeenaShree20
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PDF
Blind sql injection
byKagi Adrian Zinelli
 
PPTX
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 
A METHOD OF DETECTING SQL INJECTION ATTACK TO SECURE WEB APPLICATIONS
bysamueljackson3773
 
SQL injection
byRaj Parmar
 
SQL Injection.jpg.pptx
bydawitTerefe5
 
sql injection login bypass sqli-191017162412.pdf
bybankservicehyd
 
IRJET- Detection of SQL Injection using Machine Learning : A Survey
byIRJET Journal
 
Understanding SQL Injection_ A Guide to Website Security.docx
byOscp Training
 
SQL Injection Introduction and Prevention
byMohammed Fazuluddin
 
Sql injection
byIlan Mindel
 
Sql Injection
bypenetration Tester
 
Blind sql injection
byKagi Adrian Zinelli
 
Sql Injection
byAju Thomas
 
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
Op2423922398
byIJERA Editor
 
Ijcatr04041018
byEditor IJCATR
 
Ijcet 06 10_005
byIAEME Publication
 
cybersecurity and sql injection for students
byVeenaShree20
 
SQL INJECTION
byZiaullah Khan
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
Blind sql injection
byKagi Adrian Zinelli
 
SQL Injection Sql Injection Typesagdsgdsgdsgbdshfdshbfdshbfdshbfdhsh
byRAKIBULISLAM529074
 

Recently uploaded

PPTX
Prepositions of Place : English Grammar Presentation
byPintoo Dhillon
 
PPTX
How to Create a Search Panel in Odoo 18
byCeline George
 
PDF
BỘ 20 ĐỀ THI GIẢ LẬP MỨC ĐỘ 9+ KỲ THI TỐT NGHIỆP TRUNG HỌC PHỔ THÔNG NĂM 2026...
byNguyen Thanh Tu Collection
 
PDF
PROBLEM SLOVING AND PYTHON PROGRAMMING Unit 1.pdf
byA R SIVANESH M.E., (Ph.D)
 
PPTX
CHAPTER NO. 05 DIURETICS PHARMACOGNOSY.pptx
byGanu Gavade
 
PPTX
Chapter No. 5 Anti- Hypertensive Pharmacognosy-2.pptx
byGanu Gavade
 
PDF
Q3_ LE_PEH8_Lesson 5_Week 6-8.pdfhhshhxy
byMaryLeah3
 
PPTX
How to Configure Discount Code in Odoo 18 Sales
byCeline George
 
PPTX
No Storage Needed! Odoo Cross-Docking
byCeline George
 
PPTX
English 8 Q3 Wk8.pptx opinion editorial article( Writing , Revising, Editing...
byjacquelyncastre03
 
PPTX
Inter School Quiz Competition Final.pptx
bySourav Kr Podder
 
PPTX
GRADE-1-Q3-MATH-WEEK-6.pptx_202633333333
byKennethGraceAngeles1
 
PPTX
Pharmaceutical organic chemistry II :unit V - Cycloalkanes
byPOOJA KARVANDE
 
PPTX
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
PPTX
Mixing Pharmaceutical Engineering .pptxx
byShraddha Bandgar
 
PDF
Application of ICT Lecture 7 Ethical Considerations in Use of ICT Platforms a...
byKhalil Khan Marwat
 
PDF
Application of Information and Communication Technology Content.pdf
byKhalil Khan Marwat
 
PPTX
Structure Editorial Grade 8 Lesson (Opinion Editorial)
byJessaMaeCabangon1
 
PPTX
English 8 Q3 Wk6.pptx prewriting opinion editorial article
byjacquelyncastre03
 
PDF
Profiling, Placement, Pathways, and Pedagogies.pdf
byRHEAMARIMLA2
 
Prepositions of Place : English Grammar Presentation
byPintoo Dhillon
 
How to Create a Search Panel in Odoo 18
byCeline George
 
BỘ 20 ĐỀ THI GIẢ LẬP MỨC ĐỘ 9+ KỲ THI TỐT NGHIỆP TRUNG HỌC PHỔ THÔNG NĂM 2026...
byNguyen Thanh Tu Collection
 
PROBLEM SLOVING AND PYTHON PROGRAMMING Unit 1.pdf
byA R SIVANESH M.E., (Ph.D)
 
CHAPTER NO. 05 DIURETICS PHARMACOGNOSY.pptx
byGanu Gavade
 
Chapter No. 5 Anti- Hypertensive Pharmacognosy-2.pptx
byGanu Gavade
 
Q3_ LE_PEH8_Lesson 5_Week 6-8.pdfhhshhxy
byMaryLeah3
 
How to Configure Discount Code in Odoo 18 Sales
byCeline George
 
No Storage Needed! Odoo Cross-Docking
byCeline George
 
English 8 Q3 Wk8.pptx opinion editorial article( Writing , Revising, Editing...
byjacquelyncastre03
 
Inter School Quiz Competition Final.pptx
bySourav Kr Podder
 
GRADE-1-Q3-MATH-WEEK-6.pptx_202633333333
byKennethGraceAngeles1
 
Pharmaceutical organic chemistry II :unit V - Cycloalkanes
byPOOJA KARVANDE
 
What is Epiphany? A Visual introduction to this amazing liturgical season
bySteve Thomason
 
Mixing Pharmaceutical Engineering .pptxx
byShraddha Bandgar
 
Application of ICT Lecture 7 Ethical Considerations in Use of ICT Platforms a...
byKhalil Khan Marwat
 
Application of Information and Communication Technology Content.pdf
byKhalil Khan Marwat
 
Structure Editorial Grade 8 Lesson (Opinion Editorial)
byJessaMaeCabangon1
 
English 8 Q3 Wk6.pptx prewriting opinion editorial article
byjacquelyncastre03
 
Profiling, Placement, Pathways, and Pedagogies.pdf
byRHEAMARIMLA2
 

Sql injection

  • 1.
  • 2.
    What is SqlInjection ?. SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS). Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
  • 3.
    How sql injectionwork. In order to run malicious SQL queries against a database server, an attacker must first find an input within the web application that is included inside of an SQL query. In order for an SQL Injection attack to take place, the vulnerable website needs to directly include user input within an SQL statement. An attacker can then insert a payload that will be included as part of the SQL query and run against the database server. Simple example: A simple example of an SQL Injection payload could be something as simple as setting the password field to password’ OR 1=1
  • 4.
    Pseudo-code # Define POSTvariables uname = request.POST['username'] passwd = request.POST['password'] # SQL query vulnerable to SQLi sql = “SELECT id FROM users WHERE username=’” + uname + “’ AND password=’” + passwd + “’” # Execute the SQL statement database.execute(sql) This would result in the following SQL query being run against the database server. SELECT id FROM users WHERE username=’username’ AND password=’password’ OR 1=1’
  • 5.
    Comment base An attackercan also comment out the rest of the SQL statement to control the execution of the SQL query further. -- MySQL, MSSQL, Oracle, PostgreSQL, SQLite ' OR '1'='1' -- ' OR '1'='1' /* -- MySQL ' OR '1'='1' # -- Access (using null characters) ' OR '1'='1' %00 ' OR '1'='1' %16
  • 6.
    Types of sqlInjection Sql Injection Types Escape Charatcter Incorrect Type handling Blind Sql Injection Condition al Response Second order Sql Injection
  • 7.
    Incorrectly filtered escapecharacters This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into an SQL statement. This results in the potential manipulation of the statements performed on the database by the end-user of the application. The following line of code illustrates this vulnerability: statement = "SELECT * FROM users WHERE name = '" + userName + "';"
  • 8.
    Incorrect type handling Thisform of SQL injection occurs when a user-supplied field is not strongly typed or is not checked for type constraints. This could take place when a numeric field is to be used in a SQL statement, but the programmer makes no checks to validate that the user supplied input is numeric. For example: statement := "SELECT * FROM userinfo WHERE id =" + a_variable + ";" will drop (delete) the "users" table from the database, since the SQL becomes: SELECT * FROM userinfo WHERE id=1; DROP TABLE users;
  • 9.
    Blind sql Injection BlindSQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack has traditionally been considered time-intensive because a new statement needed to be crafted for each bit recovered, and depending on its structure, the attack may consist of many unsuccessful requests. Recent advancements have allowed each request to recover multiple bits, with no unsuccessful requests, allowing for more consistent and efficient extraction.] There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established.
  • 10.
    Conditional response One typeof blind SQL injection forces the database to evaluate a logical statement on an ordinary application screen. As an example, a book review website uses a query string to determine which book review to display Example: the URL http://books.example.com/showReview.php?ID=5 would cause the server to run the query SELECT * FROM bookreviews WHERE ID = 'Value(ID)';
  • 11.
    Second order sqlInjection Second order SQL injection occurs when submitted values contain malicious commands that are stored rather than executed immediately. In some cases, the application may correctly encode an SQL statement and store it as valid SQL. Then, another part of that application without controls to protect against SQL injection might execute that stored SQL statement. This attack requires more knowledge of how submitted values are later used. Automated web application security scanners would not easily detect this type of SQL injection and may need to be manually instructed where to check for evidence that it is being attempted
  • 12.
    Some common examples SELECTItemName, ItemDescription FROM Items WHERE ItemNumber = 999 OR 1=1 This will show you all the recorde which is save in field ItemName and ItemDescription SELECT ItemName, ItemDescription FROM Items WHERE ItemNumber = 999; DROP TABLE USERS This will drop all the records of table users table
  • 13.
    Sql Prevention andMitigation There are several effective ways to prevent SQLI attacks from taking place, as well as protecting against them, should they occur. The first step is input validation (a.k.a. sanitization), which is the practice of writing code that can identify illegitimate user inputs.
  • 14.
    Sql Prevention andMitigation While input validation should always be considered best practice, it is rarely a foolproof solution. The reality is that, in most cases, it is simply not feasible to map out all legal and illegal inputs—at least not without causing a large amount of false positives, which interfere with user experience and an application’s functionality. Modern web application firewalls are also often integrated with other security solutions. From these, a WAF can receive additional information that further augments its security capabilities.
  • 15.