MIS 5211.001 Week 11 Site:

Slides:



Advertisements
Similar presentations
PHP II Interacting with Database Data. The whole idea of a database-driven website is to enable the content of the site to reside in a database, and to.
Advertisements

How Did I Steal Your Database Mostafa
Introduction The concept of “SQL Injection”
Let’s try Oracle. Accessing Oracle The Oracle system, like the SQL Server system, is client / server. For SQL Server, –the client is the Query Analyser.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
Introduction to Structured Query Language (SQL)
Objectives Connect to MySQL from PHP
Introduction to Structured Query Language (SQL)
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Encrypted Passwords. your_password + username $u = crypt ( your_password ) PHP insert username + $u SQL MySQL database username | encrypted password username.
MIS2502: Data Analytics MySQL and SQL Workbench David Schuff
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
© Yanbu University College YANBU UNIVERSITY COLLEGE Management Science Department © Yanbu University College Module 6:WEB SERVER AND SERVER SIDE SCRPTING,
A Guide to SQL, Eighth Edition Chapter Three Creating Tables.
Session 5: Working with MySQL iNET Academy Open Source Web Development.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
How to Hack a Database.  What is SQL?  Database Basics  SQL Insert Basics  SQL Select Basics  SQL Where Basics  SQL AND & OR Basics  SQL Update.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
CHAPTER:14 Simple Queries in SQL Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Web Scripting [PHP] CIS166AE Wednesdays 6:00pm – 9:50pm Rob Loy.
(Chapter 10 continued) Our examples feature MySQL as the database engine. It's open source and free. It's fully featured. And it's platform independent.
Structure Query Language SQL. Database Terminology Employee ID 3 3 Last name Small First name Tony 5 5 Smith James
Attacking Data Stores Brad Stancel CSCE 813 Presentation 11/12/2012.
Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.
Intro to DatabasesClass 4 SQL REVIEW To talk to the database, you have to use SQL SQL is used by many databases, not just MySQL. SQL stands for Structured.
Creating PHPs to Insert, Update, and Delete Data CS 320.
SQL Injection Jason Dunn. SQL Overview Structured Query Language For use with Databases Purpose is to retrieve information Main Statements Select Insert.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting MySQL – Inserting Data.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.
© 2009 Stephen Wolff Application Security 1 Spring, 2009 OWASP Top Ten  Ten most critical WebApp security flaws. The top 2 are: 1. XSS – Cross Site Scripting.
Database Systems Design, Implementation, and Management Coronel | Morris 11e ©2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or.
SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister.
Controlling Web Site Access Using Logins CS 320. Basic Approach HTML form a php page that collects the username and password  Sends them to second PHP.
NMD202 Web Scripting Week5. What we will cover today PHP & MySQL Displaying Dynamic Pages Exercises Modifying Data PHP Exercises Assignment 1.
WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.
MIS Week 11 Site:
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Chapter 8 Manipulating MySQL Databases with PHP PHP Programming with MySQL 2 nd Edition.
JDBC CS 260 Database Systems. Overview  Introduction  JDBC driver types  Eclipse project setup  Programming with JDBC  Prepared statements  SQL.
CSC 2720 Building Web Applications Accessing MySQL from PHP.
Secure Authentication. SQL Injection Many web developers are unaware of how SQL queries can be tampered with SQL queries are able to circumvent access.
Starting with Oracle SQL Plus. Today in the lab… Connect to SQL Plus – your schema. Set up two tables. Find the tables in the catalog. Insert four rows.
SQL Injection Attacks An overview by Sameer Siddiqui.
SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
Error-based SQL Injection
MYSQL AND MYSQL WORKBENCH MIS2502 Data Analytics.
ADVANCED SQL.  The SQL ORDER BY Keyword  The ORDER BY keyword is used to sort the result-set by one or more columns.  The ORDER BY keyword sorts the.
MySQL Tutorial. Databases A database is a container that groups together a series of tables within a single structure Each database can contain 1 or more.
SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll Diwakar Kumar Dinkar M.Tech, CS&E Roll
Cosc 5/4765 Database security. Database Databases have moved from internal use only to externally accessible. –Organizations store vast quantities of.
SQL Injection Attacks.
Chapter 5 Introduction to SQL.
SQL Injection.
Unix System Administration
SQL INJECTION ATTACKS.
mysql and mysql workbench
Introduction to Web programming
Intro to Ethical Hacking
Chapter 8 Working with Databases and MySQL
Lecture 2 - SQL Injection
Using SQL*Plus.
Intro to Ethical Hacking
Introduction to Web programming
Presentation transcript:

MIS Week 11 Site:

 In the news  Student Presentations  SQL Injection 2MIS

 Submitted  sslv3-in-ie-all-online-services/ sslv3-in-ie-all-online-services/  injection-vulnerability_2.html injection-vulnerability_2.html  sh-hacker-finds-serious-vulnerability-in-os-x- yosemite.html sh-hacker-finds-serious-vulnerability-in-os-x- yosemite.html 3MIS

 Submitted MIS

 What I noted  reportedly-close-to-reclassifying-isps-as-common- carriers/ reportedly-close-to-reclassifying-isps-as-common- carriers/  impacts-carnegie-mellon-page-leads-to-angler- ek/article/380599/ impacts-carnegie-mellon-page-leads-to-angler- ek/article/380599/  es-e-reader-software-now-collects-less-data.html es-e-reader-software-now-collects-less-data.html   rewards-points-accounts/ rewards-points-accounts/  as-macs-send-sensitive-docs-to-icloud-without-warning/ as-macs-send-sensitive-docs-to-icloud-without-warning/ MIS

 We are going to cover some “Basics”  SQL Injection is a subset of the general flaw “Injection” covered last week  Client supplied data passed to an application without appropriate data validation  Processed as commands by the database  Remember in all of this that we can also use the intercepting proxy to “add” text the browser doesn’t want to accept MIS

 Perform operations on the database  Bypass authentication mechanisms  Read otherwise unavailable information from the database  Write information such as new user accounts to the database MIS

 Do not use your powers for evil.  Ultimately, the reason for covering these attacks is to teach you how to prevent them.  Well established sites are generally hardened to this type of attack.  You might cause irreparable harm to a small “mom-and-pop” business.  Even if you don’t, breaking into someone else’s database is illegal and unethical. MIS

 Querying tables: select column1, column2 from table_name; or select * from table_name;  Conditions: select columns from table_name where condition; MIS

 Inserting new rows: insert into table_name values (value1, value2); or insert into table_name set column1=value1, column2=value2,...;  Updating rows: update table_name set column1=value1 where condition; MIS

 Deleting rows: delete from table_name where condition;  Set values in conditions: select * from table_name where column in (select_statement); or select * from table_name where column in (value1, value2,...); MIS

 Joining tables: select * from table1, table2 where table1.attribute1 = table2.attribute2;  Built-in Functions select count (*) from test; MIS

 Pattern Matching select * from test where a like '%c_t%';  Other Keywords select * from test where a is null ;  Metadata Tables  Highly vendor-specific  Available tables, table structures are usually stored in some reserved table name(s). MIS

 Different Vendor’s Databases use different forms  May want to use reconn techniques to determine which database is in use  What follows are some general techniques MIS

 Submit a single quote (‘), this is used in SQL as a string terminator and, if not filtered by the application, would lead to an incorrect query  Submit a semicolon (;) this is used to end a SQL statement and, if it is not filtered, it is also likely to generate an error  In either case:  If an error results, app is vulnerable.  If no error, check for any output changes. MIS

 Can also try  Submit two single quotes (‘’).  Databases use ’’ to represent literal ’  If error disappears, app is vulnerable  Comment deliminators (-- or /* */, etc)  SQL keywords like ‘AND’ and ‘OR’  String where a number is expected  Might also slip by SQL Injection detection system MIS

 Assume actual SQL is  SELECT * FROM Users WHERE Username='$username' AND Password='$password‘  Now consider  $username = 1' or '1' = '1  $password = 1' or '1' = '1  Becomes  SELECT * FROM Users WHERE Username='1' OR '1' = '1' AND Password='1' OR '1' = '1' MIS or_SQL_Injection_(OTG-INPVAL-005)

 Assume actual SQL is  SELECT * FROM products WHERE id_product=$id_product Or   Now consider:  AND 1=2  If you get a response that there are no matches try:  AND 1=1 MIS

 Look at your error messages  MySQL  You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1  SQL Server  ORA-00933: SQL command not properly ended  PostgresSQL  Query failed: ERROR: syntax error at or near "’" at character 56 in /www/site/test.php on line 121. MIS

MIS

MIS injection-license-plate-hopes-to-foil- euro-traffic-cameras

 Web Services MIS

? MIS