BS
Uploaded byBlueinfy Solutions
4,186 views

SQL injection basics

This document discusses SQL injection vulnerabilities and techniques for exploiting them. It explains how user-supplied parameters can be manipulated to alter SQL queries and access unauthorized data or execute stored procedures. Some methods covered include adding SQL syntax like OR 1=1 to return all rows, using semicolons to concatenate queries, and prematurely terminating queries with characters like single quotes. The document also provides examples of forcing SQL errors to identify vulnerabilities and tips for retrieving excessive data or invoking stored procedures during an SQL injection attack.

Embed presentation

SQL Injections and basics
SQL Query Poisoning • Parameters from the URL or input fields get used in SQL queries. • An instance of Input Validation attacks. • Data can be altered to extend the SQL query. – e.g. http://server/query.asp?item=3+OR+1=1 • Execution of stored procedures. • May even lead to back-end database server compromise.
Identify candidate parameters • Determine what parameters seem to be passed to the database. • Usually some selection criteria. • Results have a uniform template, but varying data content.
Force SQL errors • Insert meta-characters around or within the parameters. • Range testing - BOF or EOF. • Changing the data type. • Premature query termination: – quotation marks - ‘ or “ – trailing hyphens -- • Look for error messages generated from the database.
SQL Query Poisoning • Insecure code (ASP): roduct_id = request.querystring(“ID”) onn.Open uery = "select * from items where product_id = " & product_id et result = conn.execute(query)
SQL Query Poisoning • How the query gets assembled http://192.168.7.120/details.asp?id=http://192.168.7.120/details.asp?id= 33 select * from items where product_id =select * from items where product_id = 33 DB
Identifying SQL errors • Try and force error messages from database servers. • Gives us an idea how the SQL query is being created and used. • Tamper the input parameter. – Change data type – Premature termination by ‘ “ etc… • If the SQL query fails, we have a candidate for SQL injection.
Identifying SQL errors • Identify which resources contain SQL interfaces. • Identify the offending parameters which cause the SQL queries to break. • Root cause of all SQL query poisoning is lack of input sanitization. • Strip off meta-characters.
http://192.168.7.120/details.asp?id= Identifying SQL errors • Forcing SQL errors. • Ideal for identifying database interfaces! ‘3 select * from items where product_id = ‘3 DB
Identifying SQL errors • Premature SQL query termination: We now have an SQL injection point.
Identifying SQL errors Example: PHP + MySQL error message
Identifying SQL errors Example: ColdFusion + SQL Server error msg
Extend SQL queries • Add valid SQL clauses to extend the SQL query. • “OR 1=1” – return all rows. • “;SELECT …” – multiple queries. • “;EXEC …” – stored procedures.
Retrieve all rows • Retrieve excessive data http://192.168.7.120/details.asp?id= 3+OR+1=1 select * from items where product_id = 3 OR 1=1 DB
Executing Stored Procedures • SQL Injection attacks can be extended beyond excessive data retrieval. • Stored procedures, if known, and accessible, can also be invoked. – For example Microsoft SQL Server’s extended stored procedures. • Use the SQL “EXEC” statement.
EXEC master..xp_cmdshell ‘dir’ Executing Stored Procedures • How the query gets assembled: http://192.168.7.120/details.asp?id= 3%01EXEC+master..xp_cmdshell+’dir’ select * from items where product_id = 3 DB
Executing Stored Procedures • Viewing the results of execution:
Conclusion

More Related Content

PPTX
Web application attack Presentation
byKhoa Nguyen
 
PPT
XPATH, LDAP and Path Traversal Injection
byBlueinfy Solutions
 
PPT
HTTP protocol and Streams Security
byBlueinfy Solutions
 
PDF
Hack proof your ASP NET Applications
bySarvesh Kushwaha
 
PPTX
Sql Injection attacks and prevention
byhelloanand
 
PPS
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
byClubHack
 
PPTX
Web hacking series part 3
byAditya Kamat
 
PPT
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
byShreeraj Shah
 
Web application attack Presentation
byKhoa Nguyen
 
XPATH, LDAP and Path Traversal Injection
byBlueinfy Solutions
 
HTTP protocol and Streams Security
byBlueinfy Solutions
 
Hack proof your ASP NET Applications
bySarvesh Kushwaha
 
Sql Injection attacks and prevention
byhelloanand
 
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
byClubHack
 
Web hacking series part 3
byAditya Kamat
 
Web 2.0 Application Kung-Fu - Securing Ajax & Web Services
byShreeraj Shah
 

What's hot

PPTX
Vulnerabilities on Various Data Processing Levels
byPositive Hack Days
 
PDF
Object Oriented Programming with Laravel - Session 4
byShahrzad Peyman
 
PDF
Common Web Application Attacks
byAhmed Sherif
 
PPTX
Unicode
byRonan Dunne, CEH, SSCP
 
PPTX
Error codes & custom 404s
byRonan Dunne, CEH, SSCP
 
PDF
RESTful Web Services
byChristopher Bartling
 
PDF
Object Oriented Programming with Laravel - Session 5
byShahrzad Peyman
 
PPTX
ASP.NET Mvc 4 web api
byTiago Knoch
 
PPTX
Overview of RESTful web services
bynbuddharaju
 
PPTX
40+ tips to use Postman more efficiently
bypostmanclient
 
PPT
Secure code practices
byHina Rawal
 
PPTX
ApacheCon North America 2018: Creating Spark Data Sources
byJayesh Thakrar
 
PPTX
SQL injection prevention techniques
bySongchaiDuangpan
 
PPTX
Web Hacking Series Part 1
byAditya Kamat
 
PDF
Solr Architecture
byRamez Al-Fayez
 
PPTX
Introducing asp
byaspnet123
 
PPTX
Postman Collection Format v2.0 (pre-draft)
byPostman
 
PPTX
Web Hacking Series Part 4
byAditya Kamat
 
PDF
CORS and (in)security
byn|u - The Open Security Community
 
PPTX
ASP.NET WEB API
byThang Chung
 
Vulnerabilities on Various Data Processing Levels
byPositive Hack Days
 
Object Oriented Programming with Laravel - Session 4
byShahrzad Peyman
 
Common Web Application Attacks
byAhmed Sherif
 
Unicode
byRonan Dunne, CEH, SSCP
 
Error codes & custom 404s
byRonan Dunne, CEH, SSCP
 
RESTful Web Services
byChristopher Bartling
 
Object Oriented Programming with Laravel - Session 5
byShahrzad Peyman
 
ASP.NET Mvc 4 web api
byTiago Knoch
 
Overview of RESTful web services
bynbuddharaju
 
40+ tips to use Postman more efficiently
bypostmanclient
 
Secure code practices
byHina Rawal
 
ApacheCon North America 2018: Creating Spark Data Sources
byJayesh Thakrar
 
SQL injection prevention techniques
bySongchaiDuangpan
 
Web Hacking Series Part 1
byAditya Kamat
 
Solr Architecture
byRamez Al-Fayez
 
Introducing asp
byaspnet123
 
Postman Collection Format v2.0 (pre-draft)
byPostman
 
Web Hacking Series Part 4
byAditya Kamat
 
CORS and (in)security
byn|u - The Open Security Community
 
ASP.NET WEB API
byThang Chung
 

Similar to SQL injection basics

PPTX
SQL injection
byAkash Panchal
 
PPTX
Hack through Injections
byNazar Tymoshyk, CEH, Ph.D.
 
PPT
Sql injection
byNitish Kumar
 
PPT
Sql injection attacks
bychaitanya Lotankar
 
PPTX
03. sql and other injection module v17
byEoin Keary
 
PPSX
Web application security
bywww.netgains.org
 
PDF
Chapter 14 sql injection
bynewbie2019
 
PPT
Sql injection attacks
byNitish Kumar
 
PPTX
Sql injection
byMehul Boghra
 
PPTX
Sql injection
byNuruzzaman Milon
 
PPT
Sql injection attacks
byKumar
 
PPT
Advanced SQL Injection
byamiable_indian
 
PPT
Sql Injection Adv Owasp
byAung Khant
 
PPTX
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
PPT
8 sql injection
bydrewz lin
 
PPTX
Sql injection
byIlan Mindel
 
PPTX
Code injection and green sql
byKaustav Sengupta
 
PPTX
Greensql2007
byKaustav Sengupta
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PDF
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 
SQL injection
byAkash Panchal
 
Hack through Injections
byNazar Tymoshyk, CEH, Ph.D.
 
Sql injection
byNitish Kumar
 
Sql injection attacks
bychaitanya Lotankar
 
03. sql and other injection module v17
byEoin Keary
 
Web application security
bywww.netgains.org
 
Chapter 14 sql injection
bynewbie2019
 
Sql injection attacks
byNitish Kumar
 
Sql injection
byMehul Boghra
 
Sql injection
byNuruzzaman Milon
 
Sql injection attacks
byKumar
 
Advanced SQL Injection
byamiable_indian
 
Sql Injection Adv Owasp
byAung Khant
 
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
8 sql injection
bydrewz lin
 
Sql injection
byIlan Mindel
 
Code injection and green sql
byKaustav Sengupta
 
Greensql2007
byKaustav Sengupta
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
SQL Injection Attack Guide for ethical hacking
byAyan Live Rourkela
 

More from Blueinfy Solutions

PDF
Mobile Application Scan and Testing
byBlueinfy Solutions
 
PDF
Mobile security chess board - attacks & defense
byBlueinfy Solutions
 
PPT
Mobile code mining for discovery and exploits nullcongoa2013
byBlueinfy Solutions
 
PPT
iOS Application Security Testing
byBlueinfy Solutions
 
PPT
Html5 on mobile
byBlueinfy Solutions
 
PPT
Android secure coding
byBlueinfy Solutions
 
PPT
Android attacks
byBlueinfy Solutions
 
PPT
Automation In Android & iOS Application Review
byBlueinfy Solutions
 
PPT
Web Services Hacking and Security
byBlueinfy Solutions
 
PPT
Source Code Analysis with SAST
byBlueinfy Solutions
 
PPT
HTML5 hacking
byBlueinfy Solutions
 
PDF
CSRF, ClickJacking & Open Redirect
byBlueinfy Solutions
 
PPT
XSS - Attacks & Defense
byBlueinfy Solutions
 
PPT
Defending against Injections
byBlueinfy Solutions
 
PPT
Blind SQL Injection
byBlueinfy Solutions
 
PPT
Application fuzzing
byBlueinfy Solutions
 
PPT
Applciation footprinting, discovery and enumeration
byBlueinfy Solutions
 
PPT
Assessment methodology and approach
byBlueinfy Solutions
 
PPT
Advanced applications-architecture-threats
byBlueinfy Solutions
 
Mobile Application Scan and Testing
byBlueinfy Solutions
 
Mobile security chess board - attacks & defense
byBlueinfy Solutions
 
Mobile code mining for discovery and exploits nullcongoa2013
byBlueinfy Solutions
 
iOS Application Security Testing
byBlueinfy Solutions
 
Html5 on mobile
byBlueinfy Solutions
 
Android secure coding
byBlueinfy Solutions
 
Android attacks
byBlueinfy Solutions
 
Automation In Android & iOS Application Review
byBlueinfy Solutions
 
Web Services Hacking and Security
byBlueinfy Solutions
 
Source Code Analysis with SAST
byBlueinfy Solutions
 
HTML5 hacking
byBlueinfy Solutions
 
CSRF, ClickJacking & Open Redirect
byBlueinfy Solutions
 
XSS - Attacks & Defense
byBlueinfy Solutions
 
Defending against Injections
byBlueinfy Solutions
 
Blind SQL Injection
byBlueinfy Solutions
 
Application fuzzing
byBlueinfy Solutions
 
Applciation footprinting, discovery and enumeration
byBlueinfy Solutions
 
Assessment methodology and approach
byBlueinfy Solutions
 
Advanced applications-architecture-threats
byBlueinfy Solutions
 

Recently uploaded

PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PDF
Chapter 6 Authentication and Access Control.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PPTX
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
final.pdf
byomarbishtawi04
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
HOW TO OVERCOME THE THREATS OF ARTIFICIAL INTELLIGENCE AGAINST HUMANITY.pdf
byFaga1939
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
Chapter 6 Authentication and Access Control.pdf
byGetnet Tigabie Askale -(GM)
 
Workflow and decision Automation with Flowable
bychakib ch
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
Introducing VisualSim 2610 The Next Leap in System Level Modeling
byDeepak Shankar
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
final.pdf
byomarbishtawi04
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 

SQL injection basics

  • 1.
  • 2.
    SQL Query Poisoning •Parameters from the URL or input fields get used in SQL queries. • An instance of Input Validation attacks. • Data can be altered to extend the SQL query. – e.g. http://server/query.asp?item=3+OR+1=1 • Execution of stored procedures. • May even lead to back-end database server compromise.
  • 3.
    Identify candidate parameters •Determine what parameters seem to be passed to the database. • Usually some selection criteria. • Results have a uniform template, but varying data content.
  • 4.
    Force SQL errors •Insert meta-characters around or within the parameters. • Range testing - BOF or EOF. • Changing the data type. • Premature query termination: – quotation marks - ‘ or “ – trailing hyphens -- • Look for error messages generated from the database.
  • 5.
    SQL Query Poisoning •Insecure code (ASP): roduct_id = request.querystring(“ID”) onn.Open uery = "select * from items where product_id = " & product_id et result = conn.execute(query)
  • 6.
    SQL Query Poisoning •How the query gets assembled http://192.168.7.120/details.asp?id=http://192.168.7.120/details.asp?id= 33 select * from items where product_id =select * from items where product_id = 33 DB
  • 7.
    Identifying SQL errors •Try and force error messages from database servers. • Gives us an idea how the SQL query is being created and used. • Tamper the input parameter. – Change data type – Premature termination by ‘ “ etc… • If the SQL query fails, we have a candidate for SQL injection.
  • 8.
    Identifying SQL errors •Identify which resources contain SQL interfaces. • Identify the offending parameters which cause the SQL queries to break. • Root cause of all SQL query poisoning is lack of input sanitization. • Strip off meta-characters.
  • 9.
    http://192.168.7.120/details.asp?id= Identifying SQL errors •Forcing SQL errors. • Ideal for identifying database interfaces! ‘3 select * from items where product_id = ‘3 DB
  • 10.
    Identifying SQL errors •Premature SQL query termination: We now have an SQL injection point.
  • 11.
    Identifying SQL errors Example:PHP + MySQL error message
  • 12.
    Identifying SQL errors Example:ColdFusion + SQL Server error msg
  • 13.
    Extend SQL queries •Add valid SQL clauses to extend the SQL query. • “OR 1=1” – return all rows. • “;SELECT …” – multiple queries. • “;EXEC …” – stored procedures.
  • 14.
    Retrieve all rows •Retrieve excessive data http://192.168.7.120/details.asp?id= 3+OR+1=1 select * from items where product_id = 3 OR 1=1 DB
  • 15.
    Executing Stored Procedures •SQL Injection attacks can be extended beyond excessive data retrieval. • Stored procedures, if known, and accessible, can also be invoked. – For example Microsoft SQL Server’s extended stored procedures. • Use the SQL “EXEC” statement.
  • 16.
    EXEC master..xp_cmdshell ‘dir’ ExecutingStored Procedures • How the query gets assembled: http://192.168.7.120/details.asp?id= 3%01EXEC+master..xp_cmdshell+’dir’ select * from items where product_id = 3 DB
  • 17.
    Executing Stored Procedures •Viewing the results of execution:
  • 18.