SlideShare uma empresa Scribd logo

Sql Injection Adv Owasp

Transferir como PPT, PDF
Aung Khant
Aung Khant
Tecnologia
1 de 93
Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
What is SQL? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL is a Standard - but... ,[object Object],[object Object],[object Object]
SQL Database Tables ,[object Object],[object Object],[object Object],dthompson dthompson Thompson Daniel 3 qwerty adamt Taylor Adam 2 hello jsmith Smith John 1 Password Login LastName Name userID
SQL Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Manipulation Language (DML) ,[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Definition Language (DDL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Metadata ,[object Object],[object Object],[object Object],[object Object],[object Object]
What is SQL Injection? ,[object Object]
How common is it? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vulnerable Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How does SQL Injection work? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting through Strings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The power of ' ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
If it were numeric? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting Numeric Fields ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection Characters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology
SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
Discovery of Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
2) Information Gathering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
a) Exploring Output Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting information through Error Messages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
b) Understanding the Query ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SELECT Statement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
UPDATE statement ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining a SELECT Query Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Is it a stored procedure? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Tricky Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
c) Determine Database Engine Type ,[object Object],[object Object],[object Object],[object Object],[object Object]
Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
d) Finding out user privilege level ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DB Administrators ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Discover DB structure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Enumerating table columns in different DBs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
All tables and columns in one query ,[object Object]
Database Enumeration ,[object Object],[object Object],[object Object],[object Object],[object Object]
System Tables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Password grabbing ,[object Object],[object Object],[object Object],[object Object]
Create DB Accounts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Grabbing MS SQL Server Hashes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What do we do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting SQL Hashes ,[object Object],[object Object]
Extract hashes through error messages ,[object Object],[object Object],[object Object],[object Object],[object Object]
Brute forcing Passwords ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transfer DB structure and data ,[object Object],[object Object],[object Object],[object Object],[object Object]
Create Identical DB Structure ,[object Object],[object Object],[object Object]
Transfer DB ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
Interacting with the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MS SQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Architecture ,[object Object],[object Object],[object Object],Web Server Web Page Access Database Server Injected SQL Execution! Application Server Input Validation Flaw
Assessing Network Connectivity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Gathering IP information through reverse lookups ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance Full Query ,[object Object],[object Object],[object Object],[object Object],[object Object]
6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Jumping to the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using ActiveX Automation Scripts ,[object Object],[object Object]
Retrieving VNC Password from Registry ,[object Object],[object Object]
7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Hopping into other DB Servers ,[object Object],[object Object],[object Object],[object Object]
Linked Servers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Executing through stored procedures remotely ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Uploading files through reverse connection ,[object Object],[object Object],[object Object],[object Object]
Uploading files through SQL Injection ,[object Object],[object Object],[object Object]
Example of SQL injection file uploading ,[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion Techniques
Evasion Techniques ,[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion and Circumvention ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL Input Validation Circumvention using Char() ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using white spaces ,[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using comments ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using string concatenation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS and Input Validation Evasion using variables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Defending Against SQL Injection
SQL Injection Defense ,[object Object],[object Object],[object Object],[object Object],[object Object]
Strong Design ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input Validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Harden the Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detection and Dissuasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Links ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Advanced SQL Injection Victor Chapela [email_address]

Recomendados

Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
Sq linjection
Sq linjectionSq linjection
Sq linjectionMahesh Gupta (DBATAG) - SQL Server Consultant
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
References
References References
References Mohammed
 
TSQL Coding Guidelines
TSQL Coding GuidelinesTSQL Coding Guidelines
TSQL Coding GuidelinesChris Adkin
 
Declarative Development Using Annotations In PHP
Declarative Development Using Annotations In PHPDeclarative Development Using Annotations In PHP
Declarative Development Using Annotations In PHPStephan Schmidt
 
Database development coding standards
Database development coding standardsDatabase development coding standards
Database development coding standardsAlessandro Baratella
 
working with PHP & DB's
working with PHP & DB'sworking with PHP & DB's
working with PHP & DB'sHi-Tech College
 

Recomendados

Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
Sq linjection
Sq linjectionSq linjection
Sq linjectionMahesh Gupta (DBATAG) - SQL Server Consultant
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicJW CyberNerd
 
References
References References
References Mohammed
 
TSQL Coding Guidelines
TSQL Coding GuidelinesTSQL Coding Guidelines
TSQL Coding GuidelinesChris Adkin
 
Declarative Development Using Annotations In PHP
Declarative Development Using Annotations In PHPDeclarative Development Using Annotations In PHP
Declarative Development Using Annotations In PHPStephan Schmidt
 
Database development coding standards
Database development coding standardsDatabase development coding standards
Database development coding standardsAlessandro Baratella
 
working with PHP & DB's
working with PHP & DB'sworking with PHP & DB's
working with PHP & DB'sHi-Tech College
 
Play Template Engine Based On Scala
Play Template Engine Based On ScalaPlay Template Engine Based On Scala
Play Template Engine Based On ScalaKnoldus Inc.
 
Xml
XmlXml
XmlAbhishek Kesharwani
 
Php
PhpPhp
PhpTohid Kovadiya
 
Speeding up queries with semi joins and anti-joins
Speeding up queries with semi joins and anti-joinsSpeeding up queries with semi joins and anti-joins
Speeding up queries with semi joins and anti-joinsKaing Menglieng
 
PDF Localization
PDF LocalizationPDF Localization
PDF LocalizationSuite Solutions
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Stephan Schmidt
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHPStephan Schmidt
 
Oracle Data redaction - GUOB - OTN TOUR LA - 2015
Oracle Data redaction - GUOB - OTN TOUR LA - 2015Oracle Data redaction - GUOB - OTN TOUR LA - 2015
Oracle Data redaction - GUOB - OTN TOUR LA - 2015Alex Zaballa
 
Schemadoc
SchemadocSchemadoc
SchemadocKarwin Software Solutions LLC
 
Component and Event-Driven Architectures in PHP
Component and Event-Driven Architectures in PHPComponent and Event-Driven Architectures in PHP
Component and Event-Driven Architectures in PHPStephan Schmidt
 
An introduction to SQLAlchemy
An introduction to SQLAlchemyAn introduction to SQLAlchemy
An introduction to SQLAlchemymengukagan
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
Ot performance webinar
Ot performance webinarOt performance webinar
Ot performance webinarSuite Solutions
 
Designing an ExtJS user login panel
Designing an ExtJS user login panelDesigning an ExtJS user login panel
Designing an ExtJS user login panelArun Prasad
 
( 13 ) Office 2007 Coding With Excel And Excel Services
( 13 ) Office 2007 Coding With Excel And Excel Services( 13 ) Office 2007 Coding With Excel And Excel Services
( 13 ) Office 2007 Coding With Excel And Excel ServicesLiquidHub
 
C:\Users\User\Desktop\Eclipse Infocenter
C:\Users\User\Desktop\Eclipse InfocenterC:\Users\User\Desktop\Eclipse Infocenter
C:\Users\User\Desktop\Eclipse InfocenterSuite Solutions
 
Apachepoitutorial
ApachepoitutorialApachepoitutorial
ApachepoitutorialSrikrishna k
 
Practical Object Oriented Models In Sql
Practical Object Oriented Models In SqlPractical Object Oriented Models In Sql
Practical Object Oriented Models In SqlKarwin Software Solutions LLC
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionAhmed AbdelSatar
 
Pobs cleanup-steps-nauman
Pobs cleanup-steps-naumanPobs cleanup-steps-nauman
Pobs cleanup-steps-naumanNauman R
 
Worm Technical Advisory
Worm Technical AdvisoryWorm Technical Advisory
Worm Technical AdvisoryAung Khant
 
Web App Footprints Discovery
Web App Footprints DiscoveryWeb App Footprints Discovery
Web App Footprints DiscoveryAung Khant
 

Mais conteúdo relacionado

Mais procurados

Play Template Engine Based On Scala
Play Template Engine Based On ScalaPlay Template Engine Based On Scala
Play Template Engine Based On ScalaKnoldus Inc.
 
Speeding up queries with semi joins and anti-joins
Speeding up queries with semi joins and anti-joinsSpeeding up queries with semi joins and anti-joins
Speeding up queries with semi joins and anti-joinsKaing Menglieng
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Stephan Schmidt
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHPStephan Schmidt
 
Oracle Data redaction - GUOB - OTN TOUR LA - 2015
Oracle Data redaction - GUOB - OTN TOUR LA - 2015Oracle Data redaction - GUOB - OTN TOUR LA - 2015
Oracle Data redaction - GUOB - OTN TOUR LA - 2015Alex Zaballa
 
Component and Event-Driven Architectures in PHP
Component and Event-Driven Architectures in PHPComponent and Event-Driven Architectures in PHP
Component and Event-Driven Architectures in PHPStephan Schmidt
 
An introduction to SQLAlchemy
An introduction to SQLAlchemyAn introduction to SQLAlchemy
An introduction to SQLAlchemymengukagan
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
Designing an ExtJS user login panel
Designing an ExtJS user login panelDesigning an ExtJS user login panel
Designing an ExtJS user login panelArun Prasad
 
( 13 ) Office 2007 Coding With Excel And Excel Services
( 13 ) Office 2007 Coding With Excel And Excel Services( 13 ) Office 2007 Coding With Excel And Excel Services
( 13 ) Office 2007 Coding With Excel And Excel ServicesLiquidHub
 
C:\Users\User\Desktop\Eclipse Infocenter
C:\Users\User\Desktop\Eclipse InfocenterC:\Users\User\Desktop\Eclipse Infocenter
C:\Users\User\Desktop\Eclipse InfocenterSuite Solutions
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionAhmed AbdelSatar
 
Pobs cleanup-steps-nauman
Pobs cleanup-steps-naumanPobs cleanup-steps-nauman
Pobs cleanup-steps-naumanNauman R
 

Mais procurados (20)

Play Template Engine Based On Scala
Play Template Engine Based On ScalaPlay Template Engine Based On Scala
Play Template Engine Based On Scala
 
Xml
XmlXml
Xml
 
Php
PhpPhp
Php
 
Speeding up queries with semi joins and anti-joins
Speeding up queries with semi joins and anti-joinsSpeeding up queries with semi joins and anti-joins
Speeding up queries with semi joins and anti-joins
 
PDF Localization
PDF LocalizationPDF Localization
PDF Localization
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4
 
XML Transformations With PHP
XML Transformations With PHPXML Transformations With PHP
XML Transformations With PHP
 
Oracle Data redaction - GUOB - OTN TOUR LA - 2015
Oracle Data redaction - GUOB - OTN TOUR LA - 2015Oracle Data redaction - GUOB - OTN TOUR LA - 2015
Oracle Data redaction - GUOB - OTN TOUR LA - 2015
 
Schemadoc
SchemadocSchemadoc
Schemadoc
 
Component and Event-Driven Architectures in PHP
Component and Event-Driven Architectures in PHPComponent and Event-Driven Architectures in PHP
Component and Event-Driven Architectures in PHP
 
An introduction to SQLAlchemy
An introduction to SQLAlchemyAn introduction to SQLAlchemy
An introduction to SQLAlchemy
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEAR
 
Ot performance webinar
Ot performance webinarOt performance webinar
Ot performance webinar
 
Designing an ExtJS user login panel
Designing an ExtJS user login panelDesigning an ExtJS user login panel
Designing an ExtJS user login panel
 
( 13 ) Office 2007 Coding With Excel And Excel Services
( 13 ) Office 2007 Coding With Excel And Excel Services( 13 ) Office 2007 Coding With Excel And Excel Services
( 13 ) Office 2007 Coding With Excel And Excel Services
 
C:\Users\User\Desktop\Eclipse Infocenter
C:\Users\User\Desktop\Eclipse InfocenterC:\Users\User\Desktop\Eclipse Infocenter
C:\Users\User\Desktop\Eclipse Infocenter
 
Apachepoitutorial
ApachepoitutorialApachepoitutorial
Apachepoitutorial
 
Practical Object Oriented Models In Sql
Practical Object Oriented Models In SqlPractical Object Oriented Models In Sql
Practical Object Oriented Models In Sql
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
 
Pobs cleanup-steps-nauman
Pobs cleanup-steps-naumanPobs cleanup-steps-nauman
Pobs cleanup-steps-nauman
 

Destaque

Worm Technical Advisory
Worm Technical AdvisoryWorm Technical Advisory
Worm Technical AdvisoryAung Khant
 
Web App Footprints Discovery
Web App Footprints DiscoveryWeb App Footprints Discovery
Web App Footprints DiscoveryAung Khant
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApacheAung Khant
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web AppAung Khant
 
Writing SecureWeb App
Writing SecureWeb AppWriting SecureWeb App
Writing SecureWeb AppAung Khant
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementAung Khant
 
Introducing Msd
Introducing MsdIntroducing Msd
Introducing MsdAung Khant
 

Destaque (8)

Worm Technical Advisory
Worm Technical AdvisoryWorm Technical Advisory
Worm Technical Advisory
 
Web App Footprints Discovery
Web App Footprints DiscoveryWeb App Footprints Discovery
Web App Footprints Discovery
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
 
Writing SecureWeb App
Writing SecureWeb AppWriting SecureWeb App
Writing SecureWeb App
 
Web Services
Web ServicesWeb Services
Web Services
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
 
Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
 

Semelhante a Sql Injection Adv Owasp

Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptssuserde23af
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injectionbadhanbd
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)SqliChema Alonso
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programmingRushdi Shams
 
References - sql injection
References - sql injection References - sql injection
References - sql injection Mohammed
 
Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9sumsid1234
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesS.Shayan Daneshvar
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 

Semelhante a Sql Injection Adv Owasp (20)

Advanced sql injection 2
Advanced sql injection 2Advanced sql injection 2
Advanced sql injection 2
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
 
PHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQLPHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQL
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced sql injection 1
Advanced sql injection 1Advanced sql injection 1
Advanced sql injection 1
 
Asp
AspAsp
Asp
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Oracle notes
Oracle notesOracle notes
Oracle notes
 
ORACLE PL SQL
ORACLE PL SQLORACLE PL SQL
ORACLE PL SQL
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programming
 
References - sql injection
References - sql injection References - sql injection
References - sql injection
 
Sql injection
Sql injectionSql injection
Sql injection
 
Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql tutorial
Sql tutorialSql tutorial
Sql tutorial
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 

Mais de Aung Khant

Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server IbmAung Khant
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design PatternsAung Khant
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code ReviewAung Khant
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering ExecutiveAung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith PatternsAung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web ServersAung Khant
 
Session Fixation
Session FixationSession Fixation
Session FixationAung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection PaperAung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security IissuesAung Khant
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White PaperAung Khant
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1Aung Khant
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege EscalationAung Khant
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security WorkshopAung Khant
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web AppAung Khant
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based ApplicationsAung Khant
 
Search Attacks
Search AttacksSearch Attacks
Search AttacksAung Khant
 
Secure Dev Practices
Secure Dev PracticesSecure Dev Practices
Secure Dev PracticesAung Khant
 

Mais de Aung Khant (20)

Securing Php App
Securing Php AppSecuring Php App
Securing Php App
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
 
Session Fixation
Session FixationSession Fixation
Session Fixation
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
 
S Shah Web20
S Shah Web20S Shah Web20
S Shah Web20
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security Workshop
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web App
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based Applications
 
Ruby Security
Ruby SecurityRuby Security
Ruby Security
 
Search Attacks
Search AttacksSearch Attacks
Search Attacks
 
Secure Dev Practices
Secure Dev PracticesSecure Dev Practices
Secure Dev Practices
 

Último

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

Sql Injection Adv Owasp

  • 1. Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 19. SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
  • 20. 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 21.
  • 22. 2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
  • 35. More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
  • 36.
  • 37.
  • 38. 3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. 4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. 5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64. 6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 65.
  • 66.
  • 67.
  • 68. 7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93. Advanced SQL Injection Victor Chapela [email_address]