Submit Search
Upload
Out-of-band Sql Injection Attacks (#hacktrickconf)
•
3 likes
•
1,745 views
Ömer Çıtak
Follow
Out-of-band Sql Injection Attacks (#hacktrickconf)
Read less
Read more
Software
Report
Share
Report
Share
1 of 22
Download now
Download to read offline
Recommended
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
Ömer Çıtak
#İstSec'17 Out of Band Sql Injection Attacks
#İstSec'17 Out of Band Sql Injection Attacks
BGA Cyber Security
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington Beach
Jeff Prom
Types of sql injection attacks
Types of sql injection attacks
Respa Peter
Identity theft blue4it nljug
Identity theft blue4it nljug
Brian Vermeer
SQL Injections and Behind...
SQL Injections and Behind...
arjunguptam
Building decentralised apps with js - Devoxx Morocco 2018
Building decentralised apps with js - Devoxx Morocco 2018
Mikhail Kuznetcov
Web Security attacks and defense
Web Security attacks and defense
Jose Mato
Recommended
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
Ömer Çıtak
#İstSec'17 Out of Band Sql Injection Attacks
#İstSec'17 Out of Band Sql Injection Attacks
BGA Cyber Security
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington Beach
Jeff Prom
Types of sql injection attacks
Types of sql injection attacks
Respa Peter
Identity theft blue4it nljug
Identity theft blue4it nljug
Brian Vermeer
SQL Injections and Behind...
SQL Injections and Behind...
arjunguptam
Building decentralised apps with js - Devoxx Morocco 2018
Building decentralised apps with js - Devoxx Morocco 2018
Mikhail Kuznetcov
Web Security attacks and defense
Web Security attacks and defense
Jose Mato
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
Ömer Çıtak
Web Security 101
Web Security 101
Michael Peters
Php Security - OWASP
Php Security - OWASP
Mizno Kruge
PHP Secure Programming
PHP Secure Programming
Balavignesh Kasinathan
Greensql2007
Greensql2007
Kaustav Sengupta
Code injection and green sql
Code injection and green sql
Kaustav Sengupta
PHPUG Presentation
PHPUG Presentation
Damon Cortesi
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
Felipe Prado
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
IRJET Journal
SQL Injection in PHP
SQL Injection in PHP
Dave Ross
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
Protecting Your Web SiteFrom SQL Injection & XSS
Protecting Your Web SiteFrom SQL Injection & XSS
skyhawk133
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Pradeep Kumar
Simple web security
Simple web security
裕夫 傅
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core
NETFest
Security: Odoo Code Hardening
Security: Odoo Code Hardening
Odoo
Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016
Colin O'Dell
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
mirahman
Ppt on sql injection
Ppt on sql injection
ashish20012
osquery injection
osquery injection
Ömer Çıtak
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
Ömer Çıtak
More Related Content
Similar to Out-of-band Sql Injection Attacks (#hacktrickconf)
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
Ömer Çıtak
Web Security 101
Web Security 101
Michael Peters
Php Security - OWASP
Php Security - OWASP
Mizno Kruge
PHP Secure Programming
PHP Secure Programming
Balavignesh Kasinathan
Greensql2007
Greensql2007
Kaustav Sengupta
Code injection and green sql
Code injection and green sql
Kaustav Sengupta
PHPUG Presentation
PHPUG Presentation
Damon Cortesi
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
Felipe Prado
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
IRJET Journal
SQL Injection in PHP
SQL Injection in PHP
Dave Ross
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
Protecting Your Web SiteFrom SQL Injection & XSS
Protecting Your Web SiteFrom SQL Injection & XSS
skyhawk133
ASP.NET Web Security
ASP.NET Web Security
SharePointRadi
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Pradeep Kumar
Simple web security
Simple web security
裕夫 傅
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core
NETFest
Security: Odoo Code Hardening
Security: Odoo Code Hardening
Odoo
Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016
Colin O'Dell
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
mirahman
Ppt on sql injection
Ppt on sql injection
ashish20012
Similar to Out-of-band Sql Injection Attacks (#hacktrickconf)
(20)
Out-of-band SQL Injection Attacks (#cypsec'17)
Out-of-band SQL Injection Attacks (#cypsec'17)
Web Security 101
Web Security 101
Php Security - OWASP
Php Security - OWASP
PHP Secure Programming
PHP Secure Programming
Greensql2007
Greensql2007
Code injection and green sql
Code injection and green sql
PHPUG Presentation
PHPUG Presentation
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
DEFCON 23 - Lance buttars Nemus - sql injection on lamp
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
SQL Injection in PHP
SQL Injection in PHP
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Protecting Your Web SiteFrom SQL Injection & XSS
Protecting Your Web SiteFrom SQL Injection & XSS
ASP.NET Web Security
ASP.NET Web Security
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Simple web security
Simple web security
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET Core
Security: Odoo Code Hardening
Security: Odoo Code Hardening
Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
Ppt on sql injection
Ppt on sql injection
More from Ömer Çıtak
osquery injection
osquery injection
Ömer Çıtak
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
Ömer Çıtak
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile Laravel
Ömer Çıtak
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?
Ömer Çıtak
How to Make Web RTS Game?
How to Make Web RTS Game?
Ömer Çıtak
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
Ömer Çıtak
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlama
Ömer Çıtak
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Ömer Çıtak
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Ömer Çıtak
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Ömer Çıtak
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
Ömer Çıtak
More from Ömer Çıtak
(11)
osquery injection
osquery injection
Cyber Security's Good Sectors & Bad Sectors
Cyber Security's Good Sectors & Bad Sectors
Günahı ile Sevabı ile Laravel
Günahı ile Sevabı ile Laravel
Data manipulation Will hackers rule the world?
Data manipulation Will hackers rule the world?
How to Make Web RTS Game?
How to Make Web RTS Game?
Web Uygulamalarının Hacklenmesi
Web Uygulamalarının Hacklenmesi
Laravel ile hızlı ve modern web programlama
Laravel ile hızlı ve modern web programlama
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Web Çatı Şablonlarının Güvenliği (SSTI) - Özgür Web Günleri 2016
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Web Uygulama Güvenliği (Akademik Bilişim 2016)
Memcache Injection (Hacktrick'15)
Memcache Injection (Hacktrick'15)
Recently uploaded
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
masabamasaba
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
AmarnathKambale
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
kalichargn70th171
tonesoftg
tonesoftg
lanshi9
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
masabamasaba
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
masabamasaba
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
masabamasaba
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Bert Jan Schrijver
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
masabamasaba
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
WSO2
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
masabamasaba
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
AnnaArtyushina1
Recently uploaded
(20)
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
VTU technical seminar 8Th Sem on Scikit-learn
VTU technical seminar 8Th Sem on Scikit-learn
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
Payment Gateway Testing Simplified_ A Step-by-Step Guide for Beginners.pdf
tonesoftg
tonesoftg
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
Devoxx UK 2024 - Going serverless with Quarkus, GraalVM native images and AWS...
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Boston Psychic Readings, Attraction spells,Bring...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Out-of-band Sql Injection Attacks (#hacktrickconf)
1.
Out-of-band SQL Injection Attacks Omer
Citak Hacktrick, May 2017
2.
whoami Security Researcher @
Netsparker Ltd. Developer @ Another Times Writer @ Ethical Hacking “Offensive & Defensive” Book Blog: omercitak.com All Social Platform: @Om3rCitak
3.
http
4.
http
5.
http
6.
http
7.
http - server
side
8.
server side
9.
sql injection ● Inband ○
Error Based ● Indirect Inference ○ Boolean Based ○ Blind (Time Based) ● Out-of-band ○ Blind (HTTP, DNS)
10.
sql injection ● Inband ○
Error Based .... ini_set('display_errors', 'On'); error_reporting(E_ALL); $sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'"; $results = mysql_query($sql); ...
11.
sql injection ● Inband ○
Error Based
12.
sql injection ● Indirect
Inference ○ Boolean Based .... ini_set('display_errors', 'Off'); error_reporting(~E_ALL); $sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'"; $results = mysql_query($sql); $row_count = mysql_num_rows($results); if($row_count > 0) echo 'user exist'; else echo 'user not exist'; ...
13.
sql injection ● Indirect
Inference ○ Boolean Based
14.
sql injection ● Indirect
Inference ○ Blind (Time Based) .... ini_set('display_errors', 'Off'); error_reporting(~E_ALL); $sql = "SELECT * FROM users WHERE username like '%".$_GET["username"]."%'"; $results = mysql_query($sql); ...
15.
sql injection ● Indirect
Inference ○ Blind (Time Based)
16.
sql injection ● Indirect
Inference ○ Blind (Time Based) payload> ay' and if(substring(user(),1,1) = 'r', sleep(3), false) --
17.
sql injection ● Indirect
Inference ○ Blind (Time Based) payload> ay' and if(substring(user(),1,1) = 'a', sleep(3), false) --
18.
sql injection ● Out-of-band ○
Blind (HTTP, DNS) .... ini_set('display_errors', 'Off'); error_reporting(~E_ALL); $sql = "SELECT * FROM users WHERE (username like '%".$_GET["param"]."%')"; $results = pg_query($sql); ...
19.
demo ● dependencies; ○ 1
DNS server => 207.154.219.61 ■ Ubuntu 16 ■ Spiderlab Responder ○ 1 app & database server => 207.154.246.88 ■ Ubuntu 16 ■ Php7 ■ Postgresql 9.5 and 1 unit attacker
20.
demo
21.
where is the
guvenlik?
22.
thanks www.omercitak.com All Social Platform:
@Om3rCitak
Download now