SlideShare uma empresa Scribd logo

Advanced Sql Injection ENG

Transferir como PPT, PDF
Dmitry Evteev
Dmitry Evteev
Tecnologia
1 de 62
Advanced SQL Injection Dmitry Evteev ( Positive Technologies) Web Application Security Consortium (WASC) Contributor
Subjects in Question ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Introduction to Web Application Security
Unsafe World of Web Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],The data is based on automatic scanning of 16121 systems, detailed analysis of 59 web applications including analysis of the source code of over 10 applications .
Unsafe World of Web Applications: Statistics 2008
Chapter 1 : SQL Injection Vulnerability ,[object Object]
Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329&print=Y … . SELECT * from news where id = 6329 … .
Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329+union+select+id,pwd,0+from... … . SELECT * from news where id = 6329 union select id,pwd,0 from… … .
SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection – Basic Concepts ,[object Object],[object Object]
SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injectio n – Classical Exploitation ( MySQL ) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injectio n – Features of Different DBMSs ,[object Object],MySQL MSSQL MS Access Oracle DB2 PostgreSQL String concatenation concat(,) concat_ws(delim,) ' '+' ' " "&" " ' '||' ' '' concat '' " "+" " ' '||' ' ' '||' ' Comments -- and /* * / and # -- and /* No -- and /* -- -- and /* Request union union union and ; union union union union and ; Sub-requests v .4.1 >= Yes No Yes Yes Yes Stored procedures No Yes No Yes No Yes Availability of information_schema or its analogs v .5.0 >= Yes Yes Yes Yes Yes
SQL Injectio n – Exploitation for Different DBMSs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 2 : Blind SQL Injection ,[object Object]
Blind SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object]
Blind SQL Injection – Basic Concepts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – Classical Exploitation ( MySQL ) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – Classical Exploitation ( MySQL ) Let’s go faster … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … and even faster … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … at the same rate … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Note: in the example, hexadecimal equivalents were used, e.g. 0 x787B312C307D instead x{1,0}
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … at the same rate … ,[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) … at the maximal rate ! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind SQL Injectio n – New Methods of Exploitation ( MySQL ) The Rate Limit … ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Double Blind SQL Injectio n – Classical Exploitation ( MySQL ) More haste, less speed;) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 3 : Working with File System and Executing Commands on Server ,[object Object]
Working with File System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Working with File System – Difference of DBMSs ,[object Object],[object Object],[object Object],[object Object],[object Object],MySQL MSSQL MS Access Oracle PostgreSQL Built-in functions Yes No Yes No Yes Available functions load_file, load data infile, into otfile/dumpfile Procedures eq insert from file curdir() Procedures eq insert from file pg_read_file(), pg_ls_dir(), copy, etc.
Working with File System ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Executing Commands on Server – Difference of DBMSs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],MySQL MSSQL MS Access Oracle PostgreSQL Built-in functions No Yes Yes No No Available functions No EXEC shell() Own procedures Own procedures
Executing Commands on Server ,[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 4 : Methods to Bypass Security Filters ,[object Object]
Filters for Incoming data. Types ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters (1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters (2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters (3) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass Security Filters ( 4 ) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Raz0r, http://raz0r.name/vulnerabilities/sql-inekcii-svyazannye-s-multibajtovymi-kodirovkami-i-addslashes/
Methods to Bypass Security Filters (5) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Chapter 5 : Methods to Bypass Web Application Firewall ,[object Object]
What is WAF http:// server /?id=6329&print=Y At attack is detected ! Alarm !!! WAF Webserver http:// server /?id=5351 http:// server /?id=8234 http:// server /? id=“><script>... http:// server /?id=1+union+select... http:// server /? id=/../../../etc/passwd Data normalization Decode HTML entities (e.g. &#99;, &quot;, &#xAA;) Escaped characters (e.g. , 01, AA, AABB) Null byte string termination ... Signature search /(sel)(ect.+fr)(om)/is /(uni)(on.+sel)(ect)/is ...
Classification ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methods to Bypass WAF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection - Normalization ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – HPP ( example 1) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – HPP ,[object Object]
Practice of Bypassing WAF: SQL Injection - HPP Technology/Environment Parameter Interpretation Example ASP.NET/IIS Concatenation by comma par1=val1,val2 ASP/IIS Concatenation by comma par1=val1,val2 PHP/APACHE The last parameter is resulting par1=val2 PHP/Zeus The last parameter is resulting par1=val2 JSP, Servlet/Apache Tomcat The first parameter is resulting par1=val1 JSP,Servlet/Oracle Application Server 10g The first parameter is resulting par1=val1 JSP,Servlet/Jetty The first parameter is resulting par1=val1 IBM Lotus Domino The first parameter is resulting par1=val1 IBM HTTP Server The last parameter is resulting par1=val2 mod_perl,libapeq2/Apache The first parameter is resulting par1=val1 Perl CGI/Apache The first parameter is resulting par1=val1 mod_perl,lib???/Apache The first parameter is resulting par1=val1 mod_wsgi (Python)/Apache An array is returned ARRAY(0x8b9058c) Pythin/Zope The first parameter is resulting par1=val1 IceWarp An array is returned ['val1','val2'] AXIS 2400 The last parameter is resulting par1=val2 Linksys Wireless-G PTZ Internet Camera Concatenation by comma par1=val1,val2 Ricoh Aficio 1022 Printer The last parameter is resulting par1=val2 webcamXP Pro The first parameter is resulting par1=val1 DBMan Concatenation by two tildes par1=val1~~val2
Practice of Bypassing WAF: SQL Injection – HPP ( example 2) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – HPF ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: Blind SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – Signature Bypass ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Practice of Bypassing WAF: SQL Injection – Signature Bypass ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusions
SQL Injection in “wildlife” ,[object Object]
Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automated Exploitation of SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Automatic detection of SQL Injection
Additional materials and references ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Thank you for your attention ! [email_address] http://devteev.blogspot.com/

Recomendados

Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 

Recomendados

Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Sql injection
Sql injectionSql injection
Sql injectionMehul Boghra
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injectionamiable_indian
 
Sql injection
Sql injectionSql injection
Sql injectionHemendra Kumar
 
Sql injection
Sql injectionSql injection
Sql injectionNitish Kumar
 
SQL Injection
SQL Injection SQL Injection
SQL Injection Adhoura Academy
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniquesSongchaiDuangpan
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injectionNikunj Dhameliya
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)n|u - The Open Security Community
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
sqlmap internals
sqlmap internalssqlmap internals
sqlmap internalsMiroslav Stampar
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Bernardo Damele A. G.
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprisen|u - The Open Security Community
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
SQL Basics
SQL BasicsSQL Basics
SQL BasicsHammad Rasheed
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1Bernardo Damele A. G.
 

Mais conteúdo relacionado

Mais procurados

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONMentorcs
 
Sql injection
Sql injectionSql injection
Sql injectionZidh
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationRapid Purple
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySandip Chaudhari
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmapHerman Duarte
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and preventionhelloanand
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Bernardo Damele A. G.
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersKrzysztof Kotowicz
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 

Mais procurados (20)

Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)Advanced SQL injection to operating system full control (whitepaper)
Advanced SQL injection to operating system full control (whitepaper)
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
sqlmap internals
sqlmap internalssqlmap internals
sqlmap internals
 
Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)Advanced SQL injection to operating system full control (slides)
Advanced SQL injection to operating system full control (slides)
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprise
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
SQL Basics
SQL BasicsSQL Basics
SQL Basics
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 

Destaque

D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacksRespa Peter
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)Bernardo Damele A. G.
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheLeslie Samuel
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackImperva
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWebsecurify
 
Virtua lkeyboard
Virtua lkeyboardVirtua lkeyboard
Virtua lkeyboardJaya0006
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17Eoin Keary
 
Threat modeling librarian freedom conference
Threat modeling librarian freedom conferenceThreat modeling librarian freedom conference
Threat modeling librarian freedom conferenceevacide
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injectionjpubal
 

Destaque (20)

D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
 
Sql injection
Sql injectionSql injection
Sql injection
 
How to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your NicheHow to Become a Thought Leader in Your Niche
How to Become a Thought Leader in Your Niche
 
SQL injection and SYN attack
SQL injection and SYN attackSQL injection and SYN attack
SQL injection and SYN attack
 
Pen pc tech
Pen pc techPen pc tech
Pen pc tech
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
 
Virtua lkeyboard
Virtua lkeyboardVirtua lkeyboard
Virtua lkeyboard
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
Threat modeling librarian freedom conference
Threat modeling librarian freedom conferenceThreat modeling librarian freedom conference
Threat modeling librarian freedom conference
 
Virtual keyboard
Virtual keyboardVirtual keyboard
Virtual keyboard
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injection
 

Semelhante a Advanced Sql Injection ENG

Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)SqliChema Alonso
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersChema Alonso
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlChema Alonso
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protectionamiable_indian
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLkobaitari
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 
Asegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingAsegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingChema Alonso
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your databaseMostafa Siraj
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngDmitry Evteev
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-onAndrea Valenza
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesChema Alonso
 

Semelhante a Advanced Sql Injection ENG (20)

Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
 
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scannersHow "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)SqlShmooCon 2009 - (Re)Playing(Blind)Sql
ShmooCon 2009 - (Re)Playing(Blind)Sql
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
Asp
AspAsp
Asp
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
ieee
ieeeieee
ieee
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQL
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Sq li
Sq liSq li
Sq li
 
Asegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File DownloadingAsegúr@IT IV - Remote File Downloading
Asegúr@IT IV - Remote File Downloading
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASP
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your database
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
 
Sql Injection V.2
Sql Injection V.2Sql Injection V.2
Sql Injection V.2
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-on
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Time-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy QueriesTime-Based Blind SQL Injection using Heavy Queries
Time-Based Blind SQL Injection using Heavy Queries
 

Mais de Dmitry Evteev

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Dmitry Evteev
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Dmitry Evteev
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Dmitry Evteev
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Dmitry Evteev
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Dmitry Evteev
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБОDmitry Evteev
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...Dmitry Evteev
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системDmitry Evteev
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банковDmitry Evteev
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future NowDmitry Evteev
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный вебDmitry Evteev
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеровDmitry Evteev
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Dmitry Evteev
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftDmitry Evteev
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоDmitry Evteev
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийDmitry Evteev
 
Введение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийВведение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийDmitry Evteev
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестированийDmitry Evteev
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестераDmitry Evteev
 

Mais de Dmitry Evteev (20)

Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...Противодействие хищению персональных данных и платежной информации в сети Инт...
Противодействие хищению персональных данных и платежной информации в сети Инт...
 
penetest VS. APT
penetest VS. APTpenetest VS. APT
penetest VS. APT
 
Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.Уязвимости систем ДБО в 2011-2012 гг.
Уязвимости систем ДБО в 2011-2012 гг.
 
Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...Статистика по результатам тестирований на проникновение и анализа защищенност...
Статистика по результатам тестирований на проникновение и анализа защищенност...
 
Реальные опасности виртуального мира.
Реальные опасности виртуального мира.Реальные опасности виртуального мира.
Реальные опасности виртуального мира.
 
Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.Истории из жизни. Как взламывают сети крупных организаций.
Истории из жизни. Как взламывают сети крупных организаций.
 
Демонстрация атаки на ДБО
Демонстрация атаки на ДБОДемонстрация атаки на ДБО
Демонстрация атаки на ДБО
 
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...История из жизни. Демонстрация работы реального злоумышленника на примере ата...
История из жизни. Демонстрация работы реального злоумышленника на примере ата...
 
Типовые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских системТиповые проблемы безопасности банковских систем
Типовые проблемы безопасности банковских систем
 
Услуги PT для банков
Услуги PT для банковУслуги PT для банков
Услуги PT для банков
 
PHDays 2012: Future Now
PHDays 2012: Future NowPHDays 2012: Future Now
PHDays 2012: Future Now
 
Такой (не)безопасный веб
Такой (не)безопасный вебТакой (не)безопасный веб
Такой (не)безопасный веб
 
Собираем команду хакеров
Собираем команду хакеровСобираем команду хакеров
Собираем команду хакеров
 
Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)Тестирование на проникновение в сетях Microsoft (v.2)
Тестирование на проникновение в сетях Microsoft (v.2)
 
Тестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях MicrosoftТестирование на проникновение в сетях Microsoft
Тестирование на проникновение в сетях Microsoft
 
PHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это былоPHDays CTF 2011 Quals/Afterparty: как это было
PHDays CTF 2011 Quals/Afterparty: как это было
 
Как взламывают сети государственных учреждений
Как взламывают сети государственных учрежденийКак взламывают сети государственных учреждений
Как взламывают сети государственных учреждений
 
Введение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложенийВведение в тему безопасности веб-приложений
Введение в тему безопасности веб-приложений
 
Практика проведения DDoS-тестирований
Практика проведения DDoS-тестированийПрактика проведения DDoS-тестирований
Практика проведения DDoS-тестирований
 
Мобильный офис глазами пентестера
Мобильный офис глазами пентестераМобильный офис глазами пентестера
Мобильный офис глазами пентестера
 

Último

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 

Último (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 

Advanced Sql Injection ENG

  • 1. Advanced SQL Injection Dmitry Evteev ( Positive Technologies) Web Application Security Consortium (WASC) Contributor
  • 2.
  • 3. Introduction to Web Application Security
  • 4.
  • 5. Unsafe World of Web Applications: Statistics 2008
  • 6.
  • 7. Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329&print=Y … . SELECT * from news where id = 6329 … .
  • 8. Illustrative Example of SQL Injection Web Server DBMS http://web/? id=6329+union+select+id,pwd,0+from... … . SELECT * from news where id = 6329 union select id,pwd,0 from… … .
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42. What is WAF http:// server /?id=6329&print=Y At attack is detected ! Alarm !!! WAF Webserver http:// server /?id=5351 http:// server /?id=8234 http:// server /? id=“><script>... http:// server /?id=1+union+select... http:// server /? id=/../../../etc/passwd Data normalization Decode HTML entities (e.g. &#99;, &quot;, &#xAA;) Escaped characters (e.g. , 01, AA, AABB) Null byte string termination ... Signature search /(sel)(ect.+fr)(om)/is /(uni)(on.+sel)(ect)/is ...
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48. Practice of Bypassing WAF: SQL Injection - HPP Technology/Environment Parameter Interpretation Example ASP.NET/IIS Concatenation by comma par1=val1,val2 ASP/IIS Concatenation by comma par1=val1,val2 PHP/APACHE The last parameter is resulting par1=val2 PHP/Zeus The last parameter is resulting par1=val2 JSP, Servlet/Apache Tomcat The first parameter is resulting par1=val1 JSP,Servlet/Oracle Application Server 10g The first parameter is resulting par1=val1 JSP,Servlet/Jetty The first parameter is resulting par1=val1 IBM Lotus Domino The first parameter is resulting par1=val1 IBM HTTP Server The last parameter is resulting par1=val2 mod_perl,libapeq2/Apache The first parameter is resulting par1=val1 Perl CGI/Apache The first parameter is resulting par1=val1 mod_perl,lib???/Apache The first parameter is resulting par1=val1 mod_wsgi (Python)/Apache An array is returned ARRAY(0x8b9058c) Pythin/Zope The first parameter is resulting par1=val1 IceWarp An array is returned ['val1','val2'] AXIS 2400 The last parameter is resulting par1=val2 Linksys Wireless-G PTZ Internet Camera Concatenation by comma par1=val1,val2 Ricoh Aficio 1022 Printer The last parameter is resulting par1=val2 webcamXP Pro The first parameter is resulting par1=val1 DBMan Concatenation by two tildes par1=val1~~val2
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55.
  • 57.
  • 58.
  • 59.
  • 60. Automatic detection of SQL Injection
  • 61.
  • 62. Thank you for your attention ! [email_address] http://devteev.blogspot.com/