SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007 Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007.

Slides:

Advertisements

Similar presentations

Module XIV SQL Injection

Advertisements

SQL Injection Stephen Frein Comcast.

How Did I Steal Your Database Mostafa

Introduction The concept of “SQL Injection”

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

SQL Injection and Buffer overflow

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

SQL Injection Timmothy Boyd CSE 7330.

MIS Week 11 Site:

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Attacking Applications: SQL Injection & Buffer Overflows.

Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.

Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.

Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.

Building Secure Web Applications With ASP.Net MVC.

By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.

SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister.

WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.

Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.

Preventing MySQL Injection Sonja Parson COSC 5010 Security Presentation April 26, 2005.

SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.

Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.

SQL Injection Attacks An overview by Sameer Siddiqui.

SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.

Error-based SQL Injection

By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,

SQL Injection By: Ayman Mohamed Abdel Rahim Ali Ehab Mohamed Hassan Ibrahim Bahaa Eldin Mohamed Abdel Sabour Tamer Mohamed Kamal Eldin Jihad Ahmad Adel.

Chapter 7 SQL Injection I: Identification

SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion.

Introduction SQL Injection is a very old security attack. It first came into existence in the early 1990's ex: ”Hackers” movie hero does SQL Injection.

Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.

SQL Injection Attacks.

Database and Cloud Security

ASP.NET Programming with C# and SQL Server First Edition

Controlling User Access

Database System Implementation CSE 507

Web Application Security

Module: Software Engineering of Web Applications

Dynamic SQL Writing Efficient Queries on the Fly

Theodore Lawson CSCE548 Student Presentation, Topic #2

Unix System Administration

SQL INJECTION ATTACKS.

Pengantar Keamanan Informasi

Computer Security Fundamentals

Intro to Ethical Hacking

Database Driven Websites

ISC440: Web Programming 2 Server-side Scripting PHP 3

PHP: Security issues FdSc Module 109 Server side scripting and

Chapter 13 Security Methods Part 3.

Lecture 2 - SQL Injection

Web Hacking: Beginners

CS5123 Software Validation and Quality Assurance

Intro to Ethical Hacking

Presentation transcript:

SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll

Agenda Introduction Scope Attack Vectors – Query Manipulation – Code Injection What’s Vulnerable? DEMO Testing: Blind Injection Countermeasures Tools Resources References Introduction Scope Attack Vectors – Query Manipulation – Code Injection What’s Vulnerable? DEMO Testing: Blind Injection Countermeasures Tools Resources References

Introduction SQL injection is a basic attack used either to – gain unauthorized access to a database. – retrieve information directly from the database. The basic principles underlying SQL injection are simple and these types of attacks are easy to execute. SQL injection is a basic attack used either to – gain unauthorized access to a database. – retrieve information directly from the database. The basic principles underlying SQL injection are simple and these types of attacks are easy to execute.

Scope of Attack Application Software having data base at the back end such as accounting packages, automation systems etc. Web applications such as online banking, ecommerce systems etc. Application Software having data base at the back end such as accounting packages, automation systems etc. Web applications such as online banking, ecommerce systems etc.

Attack Vectors Query Manipulation Code Injection Query Manipulation Code Injection

Query Manipulation Query manipulation typically involves modifying the SQL statement through set operations (e.g., UNION) or altering the WHERE clause to return a different result. The most well known attack is to modify the WHERE clause of the user authentication statement so the WHERE clause always results in TRUE. Query manipulation typically involves modifying the SQL statement through set operations (e.g., UNION) or altering the WHERE clause to return a different result. The most well known attack is to modify the WHERE clause of the user authentication statement so the WHERE clause always results in TRUE.

Code Injection Code injection is when an attacker inserts new SQL statements The classic code injection attack is to append a SQL query to the vulnerable SQL statement. Code injection is when an attacker inserts new SQL statements The classic code injection attack is to append a SQL query to the vulnerable SQL statement.

What’s Vulnerable? An application is vulnerable to SQL injection for only one reason – end user string input is not properly validated and is passed to a dynamic SQL statement without any such validation. Stateless nature of many web applications, allows the user to write data to the database or store it using some other means between web pages. An application is vulnerable to SQL injection for only one reason – end user string input is not properly validated and is passed to a dynamic SQL statement without any such validation. Stateless nature of many web applications, allows the user to write data to the database or store it using some other means between web pages.

DEMO

Consider the following example A simplistic web application may check user authentication by executing the following query and checking to see if any rows were returned – SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword' The attacker attempts to manipulate the SQL statement to execute as – SELECT * FROM users WHERE username = 'bob' and PASSWORD = ‘mypassword' or 'a' = 'a' Based on operator precedence, the WHERE clause is true for every row and the attacker has gained access to the application. The set operator UNION is frequently used in SQL injection attacks. The goal is to manipulate a SQL Consider the following example A simplistic web application may check user authentication by executing the following query and checking to see if any rows were returned – SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword' The attacker attempts to manipulate the SQL statement to execute as – SELECT * FROM users WHERE username = 'bob' and PASSWORD = ‘mypassword' or 'a' = 'a' Based on operator precedence, the WHERE clause is true for every row and the attacker has gained access to the application. The set operator UNION is frequently used in SQL injection attacks. The goal is to manipulate a SQL Example: Query Manipulation

DEMO

Example: Code Injection The attacker may use the following phrase as a code manipulation to delete a account from the database:- SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword'; DELETE FROM users WHERE username = 'admin'; The attacker may use the following phrase as a code manipulation to delete a account from the database:- SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword'; DELETE FROM users WHERE username = 'admin';

Testing: Blind Injection The simplest way to confirm that a SQL injection possibilities is there is that use a single quote (‘) in both user name and password field. If you get a error something related to database connectivity like Microsoft OLEDB, [Oracle]ODBC, java.sqlException connection error then it is vulnerable to SQL injection. The simplest way to confirm that a SQL injection possibilities is there is that use a single quote (‘) in both user name and password field. If you get a error something related to database connectivity like Microsoft OLEDB, [Oracle]ODBC, java.sqlException connection error then it is vulnerable to SQL injection.

Countermeasures You as a developer can prevent SQL injection vulnerability by simply rejecting the meta characters such as single quote (‘),double quote (“) = ; (space) in the user input. Another way is that you only allow alphabets (A-Z),(a-z), numbers(0-9), and a dot(.) in the user input, also called as white listing. You as a developer can prevent SQL injection vulnerability by simply rejecting the meta characters such as single quote (‘),double quote (“) = ; (space) in the user input. Another way is that you only allow alphabets (A-Z),(a-z), numbers(0-9), and a dot(.) in the user input, also called as white listing.

Tools There are some tools available that lets the user to attack on a SQL vulnerable sites automatically. SQLNinja, Hexjector, Haviz are few popular tools, generally used by attackers for the automated SQL injection. There are some tools available that lets the user to attack on a SQL vulnerable sites automatically. SQLNinja, Hexjector, Haviz are few popular tools, generally used by attackers for the automated SQL injection.

Resources Following are the demo sites for practising the different type of sql injecton Following are the demo sites for practising the different type of sql injecton

References 1. N.E.H.A.( 2. Software Hacking; Das Patnaik, Nishant N.E.H.A.( 2. Software Hacking; Das Patnaik, Nishant 3.

Thank You! “Always remember, great power comes with great responsibilities. Use it wisely! ” Any questions, btw? ;) “Always remember, great power comes with great responsibilities. Use it wisely! ” Any questions, btw? ;)