Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Slides:



Advertisements
Similar presentations
PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
Advertisements

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
TUTORIAL (1) Software installation Written by: Eng. Ahmed Mohamed Abdel Ghafar, Edited by Eng. Muhammed Hammad, Eng. Hamdy Soltan & Eng. Osama Talaat.
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
PHP Security.
CSCI 6962: Server-side Design and Programming
Session 5: Working with MySQL iNET Academy Open Source Web Development.
INTERNET APPLICATION DEVELOPMENT For More visit:
Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Attacking Applications: SQL Injection & Buffer Overflows.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.
Installing and Using MySQL and phpMyAdmin. Last Time... Installing Apache server Installing PHP Running basic PHP scripts on the server Not necessary.
Creating Dynamic Web Pages Using PHP and MySQL CS 320.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
NMED 3850 A Advanced Online Design January 12, 2010 V. Mahadevan.
SYST Web Technologies SYST Web Technologies Databases & MySQL.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks.
PHP Workshop ‹#› PHP Security. PHP Workshop ‹#› Two Golden Rules 1.FILTER external input Obvious.. $_POST, $_COOKIE, etc. Less obvious.. $_SERVER 2.ESCAPE.
11 Using ADO.NET II Textbook Chapter Getting Started Last class we started a simple example of using ADO.NET operations to access the Addresses.
Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.
Accessing Your MySQL Database from the Web with PHP (Ch 11) 1.
CHAPTER 9 PHP AND MYSQL. A POSSIBLE SITE CONFIGURATION Application Folder index.php includes (folder)header.phpfooter.phpstyle.cssmodel (folder)mysqli_connect.php.
Creating PHPs to Insert, Update, and Delete Data CS 320.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Sumanth M Ganesh B CPSC 620.  SQL Injection attacks allow a malicious individual to execute arbitrary SQL code on your server  The attack could involve.
SecurityPHPApril 2010 : [‹#›] PHP Security. SecurityPHPApril 2010 : [‹#›] Two Golden Rules 1.FILTER external input Obvious.. $_POST, $_COOKIE, etc. Less.
Web Applications Testing By Jamie Rougvie Supported by.
WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
PHP and SQL Server: Queries IST2101. Steps to Design PHP Pages to Answer User Queries 1.Query generation – What SQL query do we need to retrieve the desired.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
>> PHP: File Uploads. Pre-requisite Go Online – Download file modify-item.php – copy it to your root folder (D:\xampp\htdocs\Buy4mMe) Web-Based Systems.
Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Web Applications Attacks A: SQL Injection Stored Cross Site Scripting Prof. Reuven Aviv Department of Computer Science Tel Hai Academic College Topics.
Software-Projekt 2008 Seminarvortrag“Short tutorial of MySql“ Wei Chen Verena Honsel.
SQL Injection By Wenonah Abadilla. Topics What is SQL What is SQL Injection Damn Vulnerable Web App SQLI Demo Prepared Statements.
Hacker Games By Wenonah Abadilla. What is a Hacker Game? Learn and practice security concepts Fun-filled games.
“Why is my blog selling boner pills?” An introduction to common web application attacks such as SQLi, XSS and command injection.
Web Database Programming Using PHP
SQL Injection By Wenonah Abadilla.
Introduction to Dynamic Web Programming
WEB APPLICATION TESTING
CONTENT MANAGEMENT SYSTEM CSIR-NISCAIR, New Delhi
Web Database Programming Using PHP
Performance and User Experience Improvements to the ASU/NASA Space Grant Website
Web Application Security
Web Systems Development (CSC-215)
Chapter 13 Security Methods Part 3.
Lecture 2 - SQL Injection
Presentation transcript:

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014

 How to install and run DVWA  Exploit a some SQL Injection attacks  Upload a malicious file  Exploit an XSS attack

 DVWA is a PHP/MySQL web application that is damn vulnerable to most common web attacks.  The main goals are: ◦ to be an aid for security professionals to test their skills and tools in a legal environment. ◦ to help web developers better understand the processes of securing web applications. ◦ To be an for aid teachers/students to teach/learn web application security in a class room environment.

1. Install Xampp 1. Download DVWA and extract that 2. Copy DVWA folder in web server root 3. Go to DVWA Directory>>Config>> Open config.inc.php and change $_DVWA[ 'db_password' ] = to $_DVWA[ 'db_password' ] = to $_DVWA[ 'db_password' ] =''

 A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application.  In SQL injection, SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.  Input data must be validated to ensure that the web application is operated on clean, correct and useful data.

 The query, executed back in the database looks like: SELECT first_name, Last_Name from users where ID=‘1’;  A solution that would extract all the first name and passwords from the table is to use following injection string: SELECT first_name, Last_Name from users where ID=‘1’ or ‘0’=‘0’;

 The basic idea is to make the database to respond with error message containing database type and version.  Entering a quote make the DB to consider any characters after quote as a simple string and non sql code and cause syntax error.  Now we know that the database is MySQL so we can use appropriate queries to find out the version.  In MySQL the queries that return the version are: SELECT version() SELECT  Enter the following srings: 1. ‘ union select 2. ' union select null, #  The query that would extract DB version is: SELECT first_name, Last_Name from users where ID=‘ ’union select null, #’;

 In MySQL the queries that retrieve the host_name anddatabase name are: SELECT database() SELECT hostname()  So, What would be the injection string????

 Information schema is a database that contains information about all of databases that the installed MySQL contains.  Enter the following string: a' UNION select table_schema,table_name FROM information_Schema.tables;#  Try to find damn vulnerable web app database and its tables.  Now, set DVWA to high security and attack again.

 The first step in many attacks is to get some code to the system to be attacked. Then the attacker only needs to find a way to get the code executed. Using a file upload helps the attacker accomplish the first step.

1. Copy a JPG file and a PNG file to the root. 2. Choose a PHP file in the root Path and try to upload that. 3. Try to upload JPG and PNG file as well. 4. Give it a try with medium and high security. Note:  Check the PHP code to figure out What the differences are?

 Cross-Site Scripting attacks are a type of injection problem, in which client-side script is injected into web pages viewed by other users.

1. Select “XSS Stored” from the left navigation menu. 2. Name: Test 1 3. Message: alert(“my xss attack”) 4. Sign guestBook Note:  This XSS exploit will be displayed for all of users.

1. Reset the DataBase 2. Select “XSS Stored” from the left navigation menu. 3. Input Name: Test 2 4. Input Message: 5. Sign Guest Book Notes:  We need to reset the database otherwise the each XSS exploit will appear for each example.  This is a powerful exploit because a user could use SET to create Malicious cloned website and place in here.

1. Reset the DataBase 2. Select “XSS Stored” from the left navigation menu. 3. Input Name: Test 3 4. Input Message: alert(document.cookie) 5. Sign Guest Book Notes:  It is possible to modify this XSS script to send the cookie to a remote location instead of displaying it.(man in the middle attack)  Check the PHP code to figure out What the differences are?

Thank you Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.