Download as PDF, PPTX
![Information Leakage
http://edgis-security.org/
• Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x1A2B3C4D)
[Microsoft ][ODBC SQL Server Driver][SQL Server]Unclosed
quotation mark before the character string ‘ and password = “,
/login.asp,line 30
• Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x1A2B3C4D)
[Microsoft ][ODBC SQL Server Driver][SQL Server]Unclosed
quotation mark before the character string ‘ and password = ‘123“’,
/login.asp,line 30
• User String Validation on Error
Handling](https://image.slidesharecdn.com/sqlinjectiondosslideshare-140608215411-phpapp01/85/SQL-Injection-and-DoS-6-320.jpg)
![Information Leakage (cont’d)
http://edgis-security.org/
• UNION Poisoning
SELECT * FROM records WHERE user=‘[user input]
‘ union all select name, xtype, 0, 0 from sysobjects --
SELECT * FROM records WHERE user=‘[user input]
‘ union all select <column> from <schema.columns>, 0, 0, 0 --](https://image.slidesharecdn.com/sqlinjectiondosslideshare-140608215411-phpapp01/85/SQL-Injection-and-DoS-7-320.jpg)
Uploaded byEmil Tan
SQL Injection and DoS
The document outlines SQL injection and denial-of-service (DoS) attacks, detailing demonstration examples and effective countermeasures. It discusses common vulnerabilities in web applications and emphasizes the importance of validation, preparedness, and various security configurations. Additionally, it presents specific types of DoS attacks, such as Slowloris and LOC, and recommends proactive security measures to mitigate risks.
More Related Content
Similar to SQL Injection and DoS
SQL Injection and DoS
- 1. Edgis Workshop SQL Injection& DoS Emil Tan & Han http://edgis-security.org September, 2011
- 2. Agenda • SQL Injection –Demonstrations – Countermeasures • What is DoS? – Demonstrations – Countermeasures
- 3. SQL Interface http://edgis-security.org/ INSERT INTOCreditRecords (Name, CardNum) VALUES (‘” & Request.Form(“Username”) & “’, ’” & Request.Form(“CreditCard”) & “’) INSERT INTO CreditRecords (Name, CardNum) VALUES (‘Alice’, ‘123-456-789’)
- 4. SQL Injection http://edgis-security.org/ INSERT INTOCreditRecords (Name, CardNum) VALUES (‘Eve’, ‘1’); EXEC xp_cmdshell ‘del *.*’ -- ‘)
- 5. http://edgis-security.org/ SQL Injection (cont’d) Exploitof a Mom http://xkcd.com/327/
- 6. Information Leakage http://edgis-security.org/ • ErrorType: Microsoft OLE DB Provider for ODBC Drivers (0x1A2B3C4D) [Microsoft ][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ‘ and password = “, /login.asp,line 30 • Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x1A2B3C4D) [Microsoft ][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ‘ and password = ‘123“’, /login.asp,line 30 • User String Validation on Error Handling
- 7. Information Leakage (cont’d) http://edgis-security.org/ •UNION Poisoning SELECT * FROM records WHERE user=‘[user input] ‘ union all select name, xtype, 0, 0 from sysobjects -- SELECT * FROM records WHERE user=‘[user input] ‘ union all select <column> from <schema.columns>, 0, 0, 0 --
- 8.
- 9.
- 10. SQL Injection (Demonstration) •OWASP Insecure Web App Project http://edgis-security.org/
- 11. Countermeasures http://edgis-security.org/ • Validate, Validate,Validate – Client-Side, Server-Side • Prepared Statement
- 12. Denial-of-Service • Confidentiality, Integrity,Availability • Classic Examples – Ping of Death – SYN Flood Attack – LAND Attack – Tear Drop Attack – Smurf Attack • Distributed Denial-of-Service (DDoS) http://edgis-security.org/
- 13. Slowloris • Written byRobert “RSnake” Hansen • Notable Use – Iran Presidential Election 2009 – Th3j35t3r against WikiLeaks & Terrorist Web Sites • How it Works? – Hold connections open by sending partial HTTP requests – Send subsequent headers at regular intervals to keep the sockets from closing – Full TCP connection but partial HTTP request (SYN flood over HTTP) http://edgis-security.org/
- 14. Slowloris (cont’d) • Awesomeness –Attack amplifies on multi-threaded Web servers – No logs will be written until request is completed – “HTTP 400: Bad Request Error” message will be logged after the attack stops – Web service will resume once attack is terminated http://edgis-security.org/
- 15. LOC (Low OrbitIon Cannon) • Written by Praetox Technologies • Notable Use – 4Chan organized “refresh” attacks – DoS Scientology – #OpPayback • How it Works? – Overwhelm server with TCP, UDP, & HTTP – HiveMind Mode (i.e. DDoS Mode) http://edgis-security.org/
- 16.
- 17. Countermeasures • Increase themax no. of clients the web server allow • Limit the no. of connections a single IP address is allowed to make • Imposing restrictions on the minimum transfer speed on connection is allowed to have • Restricting the length of time a client is allowed to stay connected http://edgis-security.org/
- 18. Countermeasures (cont’d) • HTTPReady •Apache Modules – mod_limitipconn, mod_qos, mod_evasive, mod_security, mod_noloris, mod_antiloris • Reverse Proxies • Firewall • Load Balancers • CloudFare http://edgis-security.org/
- 19. End Note • Securityis more than patching your machine – Configuration are equally important • Be proactive in looking for vulnerabilities http://edgis-security.org/