Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007 Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007.

Published byAubrey Pierce Modified over 8 years ago

Similar presentations

Presentation on theme: "SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007 Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007."— Presentation transcript:

1 SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007 Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007

2 Agenda Introduction Scope Attack Vectors – Query Manipulation – Code Injection What’s Vulnerable? DEMO Testing: Blind Injection Countermeasures Tools Resources References Introduction Scope Attack Vectors – Query Manipulation – Code Injection What’s Vulnerable? DEMO Testing: Blind Injection Countermeasures Tools Resources References

3 Introduction SQL injection is a basic attack used either to – gain unauthorized access to a database. – retrieve information directly from the database. The basic principles underlying SQL injection are simple and these types of attacks are easy to execute. SQL injection is a basic attack used either to – gain unauthorized access to a database. – retrieve information directly from the database. The basic principles underlying SQL injection are simple and these types of attacks are easy to execute.

4 Scope of Attack Application Software having data base at the back end such as accounting packages, automation systems etc. Web applications such as online banking, ecommerce systems etc. Application Software having data base at the back end such as accounting packages, automation systems etc. Web applications such as online banking, ecommerce systems etc.

5 Attack Vectors Query Manipulation Code Injection Query Manipulation Code Injection

6 Query Manipulation Query manipulation typically involves modifying the SQL statement through set operations (e.g., UNION) or altering the WHERE clause to return a different result. The most well known attack is to modify the WHERE clause of the user authentication statement so the WHERE clause always results in TRUE. Query manipulation typically involves modifying the SQL statement through set operations (e.g., UNION) or altering the WHERE clause to return a different result. The most well known attack is to modify the WHERE clause of the user authentication statement so the WHERE clause always results in TRUE.

7 Code Injection Code injection is when an attacker inserts new SQL statements The classic code injection attack is to append a SQL query to the vulnerable SQL statement. Code injection is when an attacker inserts new SQL statements The classic code injection attack is to append a SQL query to the vulnerable SQL statement.

8 What’s Vulnerable? An application is vulnerable to SQL injection for only one reason – end user string input is not properly validated and is passed to a dynamic SQL statement without any such validation. Stateless nature of many web applications, allows the user to write data to the database or store it using some other means between web pages. An application is vulnerable to SQL injection for only one reason – end user string input is not properly validated and is passed to a dynamic SQL statement without any such validation. Stateless nature of many web applications, allows the user to write data to the database or store it using some other means between web pages.

9 DEMO

10

11 Consider the following example A simplistic web application may check user authentication by executing the following query and checking to see if any rows were returned – SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword' The attacker attempts to manipulate the SQL statement to execute as – SELECT * FROM users WHERE username = 'bob' and PASSWORD = ‘mypassword' or 'a' = 'a' Based on operator precedence, the WHERE clause is true for every row and the attacker has gained access to the application. The set operator UNION is frequently used in SQL injection attacks. The goal is to manipulate a SQL Consider the following example A simplistic web application may check user authentication by executing the following query and checking to see if any rows were returned – SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword' The attacker attempts to manipulate the SQL statement to execute as – SELECT * FROM users WHERE username = 'bob' and PASSWORD = ‘mypassword' or 'a' = 'a' Based on operator precedence, the WHERE clause is true for every row and the attacker has gained access to the application. The set operator UNION is frequently used in SQL injection attacks. The goal is to manipulate a SQL Example: Query Manipulation

12 DEMO

13 Example: Code Injection The attacker may use the following phrase as a code manipulation to delete a account from the database:- SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword'; DELETE FROM users WHERE username = 'admin'; The attacker may use the following phrase as a code manipulation to delete a account from the database:- SELECT * FROM users WHERE username = 'bob' and PASSWORD = 'mypassword'; DELETE FROM users WHERE username = 'admin';

14 Testing: Blind Injection The simplest way to confirm that a SQL injection possibilities is there is that use a single quote (‘) in both user name and password field. If you get a error something related to database connectivity like Microsoft OLEDB, [Oracle]ODBC, java.sqlException connection error then it is vulnerable to SQL injection. The simplest way to confirm that a SQL injection possibilities is there is that use a single quote (‘) in both user name and password field. If you get a error something related to database connectivity like Microsoft OLEDB, [Oracle]ODBC, java.sqlException connection error then it is vulnerable to SQL injection.

15 Countermeasures You as a developer can prevent SQL injection vulnerability by simply rejecting the meta characters such as single quote (‘),double quote (“) = ; (space) in the user input. Another way is that you only allow alphabets (A-Z),(a-z), numbers(0-9), and a dot(.) in the user input, also called as white listing. You as a developer can prevent SQL injection vulnerability by simply rejecting the meta characters such as single quote (‘),double quote (“) = ; (space) in the user input. Another way is that you only allow alphabets (A-Z),(a-z), numbers(0-9), and a dot(.) in the user input, also called as white listing.

16 Tools There are some tools available that lets the user to attack on a SQL vulnerable sites automatically. SQLNinja, Hexjector, Haviz are few popular tools, generally used by attackers for the automated SQL injection. There are some tools available that lets the user to attack on a SQL vulnerable sites automatically. SQLNinja, Hexjector, Haviz are few popular tools, generally used by attackers for the automated SQL injection.

17 Resources Following are the demo sites for practising the different type of sql injecton http://testasp.acunetix.com http://testphp.acunetix.com http://testjsp.acunetix.com http://demo.testfire.net Following are the demo sites for practising the different type of sql injecton http://testasp.acunetix.com http://testphp.acunetix.com http://testjsp.acunetix.com http://demo.testfire.net

18 References 1. N.E.H.A.(http://www.nehaindia.org)http://www.nehaindia.org 2. Software Hacking; Das Patnaik, Nishant 3. http://nishantdaspatnaik.yolasite.comhttp://nishantdaspatnaik.yolasite.com 1. N.E.H.A.(http://www.nehaindia.org)http://www.nehaindia.org 2. Software Hacking; Das Patnaik, Nishant 3. http://nishantdaspatnaik.yolasite.comhttp://nishantdaspatnaik.yolasite.com

19 Thank You! “Always remember, great power comes with great responsibilities. Use it wisely! ” Any questions, btw? ;) “Always remember, great power comes with great responsibilities. Use it wisely! ” Any questions, btw? ;)

Download ppt "SQL INJECTION Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007 Diwakar Kumar Dinkar M.Tech, CS&E Roll - 1050007."

Similar presentations

Module XIV SQL Injection

Module XIV SQL Injection
SQL Injection Stephen Frein Comcast.

SQL Injection Stephen Frein Comcast.
How Did I Steal Your Database Mostafa

How Did I Steal Your Database Mostafa
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.
SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.

SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
SQL Injection Timmothy Boyd CSE 7330.

SQL Injection Timmothy Boyd CSE 7330.
MIS 5211.001 Week 11 Site:

MIS Week 11 Site:
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Attacking Applications: SQL Injection & Buffer Overflows.

Attacking Applications: SQL Injection & Buffer Overflows.
Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

Accessing MySQL with PHP IDIA 618 Fall 2014 Bridget M. Blodgett.

Similar presentations

Ads by Google