This document provides an introduction to SQL injection basics. It defines SQL injection as executing a SQL query or statement by injecting it into a user input field. The document outlines why SQL injection is studied, provides a sample database structure, and describes generic SQL queries and operators like UNION and ORDER BY. It also categorizes different types of SQL injection and attacks. The remainder of the document previews upcoming topics on blind SQL injection, data extraction techniques, and prevention.

1. SQL Injection Part 1 - BASICSWasimHalani(WaSHaL)

2. ./whoamiStudentFallibleNOT a SQL expert“Do not take anything I say as fact. I have been wrong before and I will be wrong again.” - Nullthreat

3. OWASP Top 10A1 – Injection FlawsInjection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.Simpler definition, anyone? 

4. SQL InjectionSQL = Structured Query LanguageExecute a SQL query/statement or syntax by injecting it in an user input field on the web application

5. Why study it?BarracudaHBGary/ HBGary FederalAppinonlineAppinlabsNIITMysql.com

6. Our Sample DBuser_db

7. Generic SQL - SelectSQL> select * from userdb where username=‘xxxx’ and password=‘yyyy’;returns all columns from table ‘userdb’ and every row which have given username and passwordSQL> select role from userdb where username=‘zzzz’;returns only column ‘role’ where username matches

8. UNION OperatorCombine results of two or more SELECT statementsSELECT username,password from user_db UNION SELECT username,password from admin_dbSELECT username,password from user_db UNION ALL SELECT username,password from admin_db

9. ORDER BY ClauseSort results of SELECT query by a specific columnnumber column name

10. Misc.INSERTUPDATEDELETEALTERDROP

11. Categories of SQL InjectionIn-bandErrorUnionOut-bandDnsPingInferential (Blind)SleepWaitforRef: www.toorcon.org/tcx/9_McCray.pdf

12. SQL Injection Attacks

13. Vulnerable Code

14. Vanilla Injection‘ or 1=1 --a‘ or ‘a’=‘a

15. Finding # of Columns1234....100

16. Finding # of Columns - 2

17. Injecting Queries (UNION)Ref: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

18. ToolsNetsparker (Pro/Community)HavijSQLMapSQLNinja

19. Coming Up…Blind SQLManual Extraction of Data using SQLi+BurpPreventing SQL Injections

20. Questions?*wasimhalani@gmail.com@washalsechttp://securitythoughts.wordpress.com/*Conditions Apply