SlideShare uma empresa Scribd logo

Advanced SQL Injection

A
amiable_indian

Victor Chapela

Tecnologia
1 de 93
Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
What is SQL? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL is a Standard - but... ,[object Object],[object Object],[object Object]
SQL Database Tables ,[object Object],[object Object],[object Object],dthompson dthompson Thompson Daniel 3 qwerty adamt Taylor Adam 2 hello jsmith Smith John 1 Password Login LastName Name userID
SQL Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Manipulation Language (DML) ,[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Definition Language (DDL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Metadata ,[object Object],[object Object],[object Object],[object Object],[object Object]
What is SQL Injection? ,[object Object]
How common is it? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vulnerable Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How does SQL Injection work? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting through Strings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The power of ' ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
If it were numeric? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting Numeric Fields ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection Characters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology
SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
Discovery of Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
2) Information Gathering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
a) Exploring Output Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting information through Error Messages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
b) Understanding the Query ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SELECT Statement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
UPDATE statement ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining a SELECT Query Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Is it a stored procedure? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Tricky Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
c) Determine Database Engine Type ,[object Object],[object Object],[object Object],[object Object],[object Object]
Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
d) Finding out user privilege level ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DB Administrators ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Discover DB structure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Enumerating table columns in different DBs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
All tables and columns in one query ,[object Object]
Database Enumeration ,[object Object],[object Object],[object Object],[object Object],[object Object]
System Tables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Password grabbing ,[object Object],[object Object],[object Object],[object Object]
Create DB Accounts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Grabbing MS SQL Server Hashes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What do we do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting SQL Hashes ,[object Object],[object Object]
Extract hashes through error messages ,[object Object],[object Object],[object Object],[object Object],[object Object]
Brute forcing Passwords ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transfer DB structure and data ,[object Object],[object Object],[object Object],[object Object],[object Object]
Create Identical DB Structure ,[object Object],[object Object],[object Object]
Transfer DB ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
Interacting with the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MS SQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Architecture ,[object Object],[object Object],[object Object],Web Server Web Page Access Database Server Injected SQL Execution! Application Server Input Validation Flaw
Assessing Network Connectivity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Gathering IP information through reverse lookups ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance Full Query ,[object Object],[object Object],[object Object],[object Object],[object Object]
6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Jumping to the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using ActiveX Automation Scripts ,[object Object],[object Object]
Retrieving VNC Password from Registry ,[object Object],[object Object]
7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Hopping into other DB Servers ,[object Object],[object Object],[object Object],[object Object]
Linked Servers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Executing through stored procedures remotely ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Uploading files through reverse connection ,[object Object],[object Object],[object Object],[object Object]
Uploading files through SQL Injection ,[object Object],[object Object],[object Object]
Example of SQL injection file uploading ,[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion Techniques
Evasion Techniques ,[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion and Circumvention ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL Input Validation Circumvention using Char() ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using white spaces ,[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using comments ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using string concatenation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS and Input Validation Evasion using variables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Defending Against SQL Injection
SQL Injection Defense ,[object Object],[object Object],[object Object],[object Object],[object Object]
Strong Design ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input Validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Harden the Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detection and Dissuasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Links ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Advanced SQL Injection Victor Chapela [email_address]

Recomendados

Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
amiable_indian
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
Herman Duarte
 

Recomendados

Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
amiable_indian
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
Herman Duarte
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads Up
Mindfire Solutions
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
Michael Hendrickx
 
Michael Bayer Introduction to SQLAlchemy @ Postgres Open
Michael Bayer Introduction to SQLAlchemy @ Postgres OpenMichael Bayer Introduction to SQLAlchemy @ Postgres Open
Michael Bayer Introduction to SQLAlchemy @ Postgres Open
PostgresOpen
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
bugcrowd
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
Daniel Garcia (a.k.a cr0hn)
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
フラットなPHPからフレームワークへ
フラットなPHPからフレームワークへフラットなPHPからフレームワークへ
フラットなPHPからフレームワークへ
Masao Maeda
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
Rodolfo Assis (Brute)
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
Vishal Kumar
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
Bernardo Damele A. G.
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 

Mais conteúdo relacionado

Mais procurados

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Michael Bayer Introduction to SQLAlchemy @ Postgres Open
Michael Bayer Introduction to SQLAlchemy @ Postgres OpenMichael Bayer Introduction to SQLAlchemy @ Postgres Open
Michael Bayer Introduction to SQLAlchemy @ Postgres Open
PostgresOpen
 

Mais procurados (20)

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
 
SQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads UpSQLMAP Tool Usage - A Heads Up
SQLMAP Tool Usage - A Heads Up
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Owasp Top 10 A1: Injection
Owasp Top 10 A1: InjectionOwasp Top 10 A1: Injection
Owasp Top 10 A1: Injection
 
Michael Bayer Introduction to SQLAlchemy @ Postgres Open
Michael Bayer Introduction to SQLAlchemy @ Postgres OpenMichael Bayer Introduction to SQLAlchemy @ Postgres Open
Michael Bayer Introduction to SQLAlchemy @ Postgres Open
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
How to Shot Web - Jason Haddix at DEFCON 23 - See it Live: Details in Descrip...
 
Security in NodeJS applications
Security in NodeJS applicationsSecurity in NodeJS applications
Security in NodeJS applications
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
フラットなPHPからフレームワークへ
フラットなPHPからフレームワークへフラットなPHPからフレームワークへ
フラットなPHPからフレームワークへ
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 

Destaque

Advanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variablesAdvanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variables
DefCamp
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
Imperva
 

Destaque (17)

SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
Sql injection
Sql injectionSql injection
Sql injection
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL injection exploitation internals
SQL injection exploitation internalsSQL injection exploitation internals
SQL injection exploitation internals
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Advanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variablesAdvanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variables
 
MySQL For Oracle Developers
MySQL For Oracle DevelopersMySQL For Oracle Developers
MySQL For Oracle Developers
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
 
External XML Entities
External XML EntitiesExternal XML Entities
External XML Entities
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
 
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
 

Semelhante a Advanced SQL Injection

Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
ssuserde23af
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
badhanbd
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programming
Rushdi Shams
 

Semelhante a Advanced SQL Injection (20)

Advanced sql injection 2
Advanced sql injection 2Advanced sql injection 2
Advanced sql injection 2
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
 
PHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQLPHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQL
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
Advanced sql injection 1
Advanced sql injection 1Advanced sql injection 1
Advanced sql injection 1
 
Asp
AspAsp
Asp
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Oracle notes
Oracle notesOracle notes
Oracle notes
 
ORACLE PL SQL
ORACLE PL SQLORACLE PL SQL
ORACLE PL SQL
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programming
 
working with PHP & DB's
working with PHP & DB'sworking with PHP & DB's
working with PHP & DB's
 
References - sql injection
References - sql injection References - sql injection
References - sql injection
 
References
References References
References
 
Sql injection
Sql injectionSql injection
Sql injection
 
Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql tutorial
Sql tutorialSql tutorial
Sql tutorial
 

Mais de amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
amiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
 

Mais de amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 

Último

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

Advanced SQL Injection

  • 1. Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 19. SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
  • 20. 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 21.
  • 22. 2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
  • 35. More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
  • 36.
  • 37.
  • 38. 3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. 4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. 5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64. 6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 65.
  • 66.
  • 67.
  • 68. 7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93. Advanced SQL Injection Victor Chapela [email_address]