Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it."— Presentation transcript:

1 1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it

2 What is SQL Injection? SQL injection is a type of exploit in which attackers add SQL code into web page form input box or into URL’s code to make changes to databases and gain access to resources. A form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet. SQL injection attacks are used to steal information from a database from which the data would normally not be available and/or to gain access to an organization's host computers through the computer that is hosting the database. (www.webopedia.com)

3 Note before proceeding Single quote (‘) is used to end the string part of SQL queries # tells SQL queries to halt after input

4 Different varieties of SQL injection By input form OR By manipulating URLs http://homepage.com/login.php?id=2 ‘; DROP TABLE login;’

5 By input form Use to inject ' OR 1' Behind the scene SELECT * FROM usersTb WHERE username = ‘ OR 1’ Every entries in users table will be selected What happens? The OR of 1 will always be true, therefore attacker bypass the selection process

6 By input form continue… An ok input $name = “minh”; $queries = “SELECT * FROM usersTb WHERE username = ‘$name’”; An attacker input $name = “‘ OR 1’”; $queries = “SELECT * FROM usersTb WHERE username = ‘$name’”; Display SELECT * FROM usersTb WHERE username = '' OR 1'' Attackers gain access to data since OR 1 will always be true

7 By input form continue… More serious attack $ name= "'; DELETE FROM usersTb WHERE 1 or username = '"; $query = "SELECT * FROM usersTb WHERE username = '$name'"; What it looks like in query SELECT * FROM usersTb WHERE username = ' '; DELETE FROM usersTb WHERE 1 or username = ' '

8 By URL injection A simple hyperlink http://homepage.com/login.php?id=2 By inputting SQL code into the URL ‘; DROP TABLE login; # You get http://homepage.com/login.php?id=2‘; DROP TABLE login; # Result Drop the entire table of users

9 Preventions Limit the number of fields length '; DELETE FROM usersTB WHERE 1 or username = ‘ Data types validation Use mysql_real_escape_string() mysql_real_escape_string() calls MySQL's library function mysql_real_escape_string, which prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a. (php.net)

10 Preventions continue… The use of mysql_real_escape_string() $name = “‘ OR 1’”; $name = mysql_real_escape_string($name); $queries = “SELECT * FROM usersTb WHERE username = ‘$name’”; Display SELECT * FROM usersTb WHERE username = '\' OR 1\''

11 Preventions continue… $ name= "'; DELETE FROM usersTb WHERE 1 or username = '"; $name = mysql_real_escape_string($name); $query = "SELECT * FROM usersTb WHERE username = '$name'"; Display SELECT * FROM usersTb WHERE username = '\'; DELETE FROM usersTb WHERE 1 or username = \''

12 References http://www.learnphponline.com/security/sql- injection-prevention-mysql-php http://www.learnphponline.com/security/sql- injection-prevention-mysql-php http://php.net/manual/en/function.mysql-real- escape-string.php http://php.net/manual/en/function.mysql-real- escape-string.php

Download ppt "1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it."

Similar presentations

PHP SQL. Connection code:- mysql_connect(server, username, password); Connect to the Database Server with the authorised user and password. Eg $connect.

PHP SQL. Connection code:- mysql_connect("server", "username", "password"); Connect to the Database Server with the authorised user and password. Eg $connect.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.

SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
Misc. Announcements Backup your work! Document team members’ contributions (so that if there is any dispute …) More Bonus credits: Create screencasts for.

Misc. Announcements Backup your work! Document team members’ contributions (so that if there is any dispute …) More Bonus credits: Create screencasts for.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.

SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.
Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.

Preventing SQL Injection ~example of SQL injection $user = $_POST[‘user’]; $pass = $_POST[‘pass’]; $query = DELETE FROM Users WHERE user = ‘$user’ AND.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
SQL Injection Timmothy Boyd CSE 7330.

SQL Injection Timmothy Boyd CSE 7330.
Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io

Lecture 3 – Data Storage with XML+AJAX and MySQL+socket.io
PHP Security.

PHP Security.
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.
CSCI 6962: Server-side Design and Programming JDBC Database Programming.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Similar presentations

Ads by Google