This document discusses SQL injection, which is a security vulnerability that allows attackers to interfere with how a database operates. SQL injection occurs when user input is not sanitized and is used directly in SQL queries, allowing attackers to alter the structure and meaning of queries. The document provides an example of how an attacker could log in without a password by adding SQL code to the username field. It also lists some common SQL injection techniques like using comments, concatenation, and wildcards. Finally, it points to additional online resources for learning more about SQL injection and database security.

1. SQL INJECTION
SUBMITTED TO:- SUBMITTED BY :-
MR. NAVEEN KEDIA ASHISH KUMAR
FINAL YEAR I.T.

2. INDEX
 Ethical Hacking.
 What is SQL.
 How does SQL Injection work.
 Example of SQL Injection.
 Diagram of SQL Injection.

3. ETHICAL HACKING
 Independent computer security Professionals breaking
into the computer systems.
 Neither damage the target systems nor steal information.
 Evaluate target systems security and report back to
owners about the Bugs found.

4. ETHICAL HACKERS BUT NOT CRIMINAL
HACKERS
 Completely trustworthy.
 Strong programming and computer networking skills.
 Learn about the system and trying to find its weaknesses.
 Techniques of Criminal hackers-Detection-Prevention.
 Tester only reports findings, does not solve problems.

5. WHAT IS SQL?
 SQL stands for Structured Query Language
 Allows us to access a database
 ANSI and ISO standard computer language
 The most current standard is SQL99
 SQL can:
 execute queries against a database
 retrieve data from a database
 insert new records in a database
 delete records from a database
 update records in a database

6. WHAT IS A SQL INJECTION ATTACK?
 Many web applications take user input from a form
 Often this user input is used literally in the construction
of a SQL query submitted to a database. For example:
 SELECT productdata FROM table WHERE productname =
‘user input product name’;
 A SQL injection attack involves placing SQL statements
in the user input

7. HOW DOES SQL INJECTION WORK?
Common vulnerable login query
SELECT * FROM users
WHERE login = 'victor'
AND password = '123'
(If it returns something then login)
ASP/MS SQL Server login syntax
var sql = "SELECT * FROM users
WHERE login = '" + formusr +
"' AND password = '" + formpwd + "'";

8. INJECTING THROUGH STRINGS
formusr = ' or 1=1 – –
formpwd = anything
Final query would look like this:
SELECT * FROM users
WHERE username = ' ' or 1=1
– – AND password = 'anything'

10. SQL INJECTION CHARACTERS
 ' or "character String Indicators
 -- or # single-line commen
 /*…*/ multiple-line comment
 + addition, concatenate (or space in url)
 || (double pipe) concatenate
 % wildcard attribute indicator

11. ALL TABLES AND COLUMNS IN ONE QUERY
 union select 0, sysobjects.name + ': ' + syscolumns.name
+ ': ' + systypes.name, 1, 1, '1', 1, 1, 1, 1, 1 from
sysobjects, syscolumns, systypes where sysobjects.xtype
= 'U' AND sysobjects.id = syscolumns.id AND
syscolumns.xtype = systypes.xtype --

12. ARCHITECTURE OF SQL INJECTION

13. LINKS
 A lot of SQL Injection related papers
 http://www.nextgenss.com/papers.htm
 http://www.spidynamics.com/support/whitepapers/
 http://www.appsecinc.com/techdocs/whitepapers.html
 http://www.atstake.com/research/advisories
 Other resources
 http://www.owasp.org
 http://www.sqlsecurity.com
 http://www.securityfocus.com/infocus/1768

14. THANK YOU