Uploaded byHrRajon2
PPT, PDF125 views

SQl Injection.ppt

This presentation introduces SQL injection, a code injection technique that exploits security vulnerabilities in user input handlers to target databases. It provides examples of real-world SQL injection attacks, such as the theft of 130 million credit card numbers. The presentation demonstrates how SQL comments, logic statements, and multiple statements can be abused to perform unauthorized actions like dropping tables or updating passwords. It recommends server-side validation of user input and limiting database access to help prevent SQL injection attacks.

Embed presentation

Download to read offline
Welcome to my presentation SQL Injection VIDEO LINK:
 Name: Md. Harun-Or-Rashid  ID: 193-15-2966  Section: PC- A VIDEO LINK:
What is SQL Injection?  Code Injection Technique  Exploits Security Vulnerability  Targets User Input Handlers
Real World Examples  On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack.  In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
Important Syntax COMMENTS: -- Example: SELECT * FROM `table` --selects everything LOGIC: ‘a’=‘a’ Example: SELECT * FROM `table` WHERE ‘a’=‘a’ MULTI STATEMENTS: S1; S2 Example: SELECT * FROM `table`; DROP TABLE `table`;
Example Website
Example Website rajon2966 cse2966 SELECT * FROM `login` WHERE `user`=‘rajon2966’ AND `pass`=‘cse2966’
Login Database Table user pass rajon2966 cse2966 What Could Go Wrong??
Example Hack ’ OR ‘a’=‘a ’ OR ‘a’=‘a SELECT * FROM `login` WHERE `user`=‘’ OR ‘a’=‘a’ AND `pass`=‘’ OR ‘a’=‘a’
It Gets Worse! ’; DROP TABLE `login`; -- SELECT * FROM `login` WHERE `user`=‘’; DROP TABLE `login`; --’ AND `pass`=‘’
All Queries are Possible SELECT * FROM `login` WHERE `user`=‘’; INSERT INTO `login` ('user','pass') VALUES ('haxor','whatever');--’ AND `pass`=‘’ SELECT * FROM `login` WHERE `user`=‘’; UPDATE `login` SET `pass`=‘pass123’ WHERE `user`=‘timbo317’;--’ AND `pass`=‘’
Prevention  Logic to allow only numbers / letters in username and password.  How should you enforce the constraint? SERVER SIDE.  ‘ESCAPE’ bad characters. ’ becomes ’  READ ONLY database access.  Remember this is NOT just for login areas! NOT just for websites!!
Thank You

More Related Content

PPTX
SQL INJECTION
byAnoop T
 
PDF
Chapter 5 - SQL-Injection-NK.pdf
byWaad Waad
 
PPTX
Ppt on sql injection
byashish20012
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PDF
Sql injection
bySafwan Hashmi
 
PPTX
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
PDF
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
SQL INJECTION
byAnoop T
 
Chapter 5 - SQL-Injection-NK.pdf
byWaad Waad
 
Ppt on sql injection
byashish20012
 
Sql injection - security testing
byNapendra Singh
 
Sql injection
bySafwan Hashmi
 
Google Dorks and SQL Injection
byMudassir Hassan Khan
 
Sql injection bypassing hand book blackrose
byNoaman Aziz
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 

Similar to SQl Injection.ppt

PPTX
Sql injection
byZidh
 
PPTX
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
PDF
Sql injection course made by Cristian Alexandrescu
byCristian Alexandrescu
 
PPT
Sql injections
byManish Kushwaha
 
PPTX
Sql injection
byUzair ul Haq Khan
 
PPTX
Sql injection
byThe Avi Sharma
 
PDF
SQL Injection Tutorial
byMagno Logan
 
PDF
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
PPTX
SQL INJECTION
byZiaullah Khan
 
PPTX
Intro to SQL Injection
byhon1nbo
 
PPT
Advanced sql injection 1
byKarunakar Singh Thakur
 
PDF
Sq linjection
byMahesh Gupta (DBATAG) - SQL Server Consultant
 
PPTX
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
PPT
Sql Injection
bySanjeev Kumar Jaiswal
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PPTX
Sql injection
byManjushree Mashal
 
PPTX
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
PPT
Sql injection
byNitish Kumar
 
PDF
sql-inj_attack.pdf
byssuser07cf8b
 
PDF
Full MSSQL Injection PWNage
byPrathan Phongthiproek
 
Sql injection
byZidh
 
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
Sql injection course made by Cristian Alexandrescu
byCristian Alexandrescu
 
Sql injections
byManish Kushwaha
 
Sql injection
byUzair ul Haq Khan
 
Sql injection
byThe Avi Sharma
 
SQL Injection Tutorial
byMagno Logan
 
Sql Injection - Vulnerability and Security
bySandip Chaudhari
 
SQL INJECTION
byZiaullah Khan
 
Intro to SQL Injection
byhon1nbo
 
Advanced sql injection 1
byKarunakar Singh Thakur
 
Sq linjection
byMahesh Gupta (DBATAG) - SQL Server Consultant
 
Sql injections (Basic bypass authentication)
byRavindra Singh Rathore
 
Sql Injection
bySanjeev Kumar Jaiswal
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
Sql injection
byManjushree Mashal
 
cgbhjjjjjjjnmmmkmmmmmmkkkkkkTutorial5.pptx
byprasadGade6
 
Sql injection
byNitish Kumar
 
sql-inj_attack.pdf
byssuser07cf8b
 
Full MSSQL Injection PWNage
byPrathan Phongthiproek
 

More from HrRajon2

PPTX
Measure of Central Tendency .pptx
byHrRajon2
 
PPTX
Logic Gate.pptx
byHrRajon2
 
PPTX
NetworkTopology.pptx
byHrRajon2
 
PPTX
Shortest Path.pptx
byHrRajon2
 
PPTX
 Etiquette, Personal Behavior and Professionalism .pptx
byHrRajon2
 
PPTX
Minimum Spanning Tree.pptx
byHrRajon2
 
Measure of Central Tendency .pptx
byHrRajon2
 
Logic Gate.pptx
byHrRajon2
 
NetworkTopology.pptx
byHrRajon2
 
Shortest Path.pptx
byHrRajon2
 
 Etiquette, Personal Behavior and Professionalism .pptx
byHrRajon2
 
Minimum Spanning Tree.pptx
byHrRajon2
 

Recently uploaded

PDF
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PDF
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
PDF
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
PDF
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PDF
JCB_3CX_SPECS (24 págs) companywrench.com .pdf
byAquilesOyarzn1
 
PDF
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
PDF
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 
Taxonomy Alignment for SDG Tagging - ASHA Case Study
byEnterprise Knowledge
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
Why AI Girlfriends Are the Future of Digital Companionship
byAi Angels
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Chapter 3 Cryptography and encryption techniques.pdf
byGetnet Tigabie Askale -(GM)
 
2026_01_28 - OpenMetadata Community Meeting.pdf
byOpenMetadata
 
Real-Time AI at Scale Masterclass - Challenges of AI at Scale
byScyllaDB
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
Certified AI-Empowered SAFe 6 Scrum Master.pdf
byMarc Entsminger SPC6, RTE, SSM, SA, SDP
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
JCB_3CX_SPECS (24 págs) companywrench.com .pdf
byAquilesOyarzn1
 
7 Essential Types of Penetration Testing Services Every Business Should Under...
bypandeydevika621
 
The Enterprise Web3 Landscape - a view from Kaleido based on the past 10 year...
byPeter Broadhurst
 

SQl Injection.ppt

  • 1.
    Welcome to my presentation SQLInjection VIDEO LINK:
  • 2.
     Name: Md.Harun-Or-Rashid  ID: 193-15-2966  Section: PC- A VIDEO LINK:
  • 3.
    What is SQLInjection?  Code Injection Technique  Exploits Security Vulnerability  Targets User Input Handlers
  • 4.
    Real World Examples On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack.  In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
  • 5.
    Important Syntax COMMENTS: -- Example:SELECT * FROM `table` --selects everything LOGIC: ‘a’=‘a’ Example: SELECT * FROM `table` WHERE ‘a’=‘a’ MULTI STATEMENTS: S1; S2 Example: SELECT * FROM `table`; DROP TABLE `table`;
  • 6.
  • 8.
    Example Website rajon2966 cse2966 SELECT *FROM `login` WHERE `user`=‘rajon2966’ AND `pass`=‘cse2966’
  • 9.
    Login Database Table userpass rajon2966 cse2966 What Could Go Wrong??
  • 10.
    Example Hack ’ OR‘a’=‘a ’ OR ‘a’=‘a SELECT * FROM `login` WHERE `user`=‘’ OR ‘a’=‘a’ AND `pass`=‘’ OR ‘a’=‘a’
  • 11.
    It Gets Worse! ’;DROP TABLE `login`; -- SELECT * FROM `login` WHERE `user`=‘’; DROP TABLE `login`; --’ AND `pass`=‘’
  • 12.
    All Queries arePossible SELECT * FROM `login` WHERE `user`=‘’; INSERT INTO `login` ('user','pass') VALUES ('haxor','whatever');--’ AND `pass`=‘’ SELECT * FROM `login` WHERE `user`=‘’; UPDATE `login` SET `pass`=‘pass123’ WHERE `user`=‘timbo317’;--’ AND `pass`=‘’
  • 13.
    Prevention  Logic toallow only numbers / letters in username and password.  How should you enforce the constraint? SERVER SIDE.  ‘ESCAPE’ bad characters. ’ becomes ’  READ ONLY database access.  Remember this is NOT just for login areas! NOT just for websites!!
  • 14.