Download presentation
Presentation is loading. Please wait.
1
SQL Injection
2
Common Attacks on Databases
Unauthorized Privilege Escalation: Individuals attempting to increase their privileges by attacking vulnerable points in the DBMS. Privilege Abuse: Authorized users accessing/modifying data in an unauthorized way. Example: a TA lowering the grades of students they dislike. Denial of Service: An attempt to make database resources unavailable to intended users. Often a general attack which attempts to consume network, data, or processing resources through excessive/expensive queries. Weak Authentication: Impersonating an authorized user to gain access (password stealing / phishing).
3
SQL Injection This attack involves a malicious user providing unexpected input that modifies the SQL query to perform unintended actions. Lets imagine a simple authentification procedure that asks a user for a name (josh) and password (zoe1234) and checks if such an entry exists in the database: SELECT * FROM users WHERE name = 'josh' and password = 'zoe1234'; If the user supplies malicious input like: name (josh) and password (i_dont_know' or 'x'='x), here's the new query: SELECT * FROM users WHERE name = 'josh' and password = 'i_dont_know' or 'x'='x'; This changed query will always return rows and "authenticate" the user despite providing the wrong password. This type of SQL injection is called SQL manipulation.
4
Other types of SQL Injection
Code Injection Adding additional SQL statements or commands to the existing SQL statement by exploiting a computer bug, which is caused by processing invalid data. This is often involves buffer overruns and stack overflows from unexpectedly large input payloads. Function Call Injection: This attack exploits the system-provided functions that many SQL queries invoke to cause unexpected behavior.
5
Risks from SQL Injection
Database fingerprinting: The database response to injection can often reveal information regarding the version of DBMS being used and susceptibility to other attacks. Denial of Service: Malicious queries often take longer to process, allowing a denial of service. Bypassing authentication: Very common problem, where an attacker makes a query succeed despite not having authorization. Identifying injectable parameters: Error message responses (which should be turned off in production databases) can be used to identify the structures within the database vulnerable to attack. Executing remote commands: A remote user can execute stored database procedures and functions leading to control over the entire OS.
6
Solutions to SQL Injection
Bind Variables Use parameterized statements Don't insert raw text into SQL statements, instead use parameters with will be bound to a variable when needed. It is both more performant and more secure. Filtering Input: Validate your input Remove escape characters (like the apostrophe) However, there are many escape characters, so you should use a built in to the database replace function. But even that isn't foolproof so bind your variables instead.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.