Presentation is loading. Please wait.

Presentation is loading. Please wait.

SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister.

Published byCory Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister."— Presentation transcript:

1 SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister

2 2 SQL Injections SQL injection –code injection technique that exploits a security vulnerability in application – occurs at the database layer of an application. SQL - Structured Query Language –Used to communicate with the database –ANSI-compliant SQL

3 3 SQL Injections Authentication Bypass Information Disclosure Compromised Data Integrity Compromised Availability of Data Remote Command Execution

4 4 Basic SQL Select Insert Update Delete Union SQL statement breakdown

5 5 SQL - Select 1.Select Information from a table SELECT * FROM table where field=1

6 6 SQL - Insert 1.Add new records to database INSERT INTO tablename (id, name) values(10, “Greg”)

7 7 SQL - Update 1.Updating existing records UPDATE table set fieldA=123 WHERE somefield=2323 UPDATE table set fieldB=‘Greg’

8 8 SQL - Delete 1.Delete records DELETE FROM tableA where somefield=1221 DELETE FROM tableA

9 9 SQL - Union 1.Combine two or more SELECT statements. SELECT column_name(s) FROM table_name1 UNION SELECT column_name(s) FROM table_name2

10 10 Terminators ; Semi colon ends current SQL query and starts a new one –SELECT * FROM users ; DROP TABLE users Stacked Query -- Double dash ignores remaining query string –Select * FROM users -- limit 10 Can be used in conjunction –SELECT * FROM users WHERE id=''; DROP TABLE users; -- ' AND password=''

11 11 Where Clause Pruning Powerful SQL technique –SQL trick for allowing a query to return either a full set or a specified subset – 1=1 == TRUE SELECT * FROM users WHERE (id = :id) OR (-1 = :id))

12 12 SQL Injection Cause Executed via front end of the Web Application –GET URL parameter http://host.com/item.php?cat=1&id=11 –Form POST fields

13 13 Techniques Normal SQL Injections –Errors & Exception –Unexpected output O'Reilly != O\'Reilly Blind SQL Injections –No errors –A lot of guesswork –Introduction of a delay as part of a malicious SQL statement

14 14 SQL Injection Types Passive –Exposing database information Information retrieval Active –Altering database information Insertion Deletion

15 15 Testing for Vulnerability Manual –Time consuming Automated –SQL injection scanners only scan for known vulnerabilities Google –Incorrect syntax near

16 16 Toolbox SQLIer SQLbftools SQLibf SQLBrute BobCat SQLMap Absinthe SQL Injection Pen-testing Tool SQID SQLNinja FJ-Injector Framwork Automagic SQL Injector NGSS SQL Injector

17 17 Identifying Vulnerable Site Given unexpected input site behaves oddly – ‘ Single Quote – “ Double Quote – ‘1 Single Quote one – ‘a Single Quote a – ‘; Single Quote semicolon Input > Satan’s little minion –Nothing found for Satan\’s little minion –You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'

18 18 Identifying Vulnerable Site ' or 1=1-- " or 1=1-- or 1=1-- ' or 'a'='a " or "a"="a ') or ('a'='a

19 19 Bypassing Filters Escaping entities –%26%23039 == &#039 == ‘ (single quote) %26 == & %23 == # 039 Entity number –Select * FROM users WHERE username=‘secret%26%23039 OR %26%23039X%26%23039=%26%23039X –Evaluated as > Select * FROM users WHERE username=‘secret ‘ OR ‘X’ = ‘X’ This evaluates to always true Char function –Char(83,101,108,101,99,116,32,42,32,102,114,111,109,32,117,115,101,114,115 ) –Select * from users Concat & Hex functions –CONCAT('0x', HEX('/var/log/messages')) –0x2F7661722F6C6F672F6D65737361676573

20 20 Bypassing Filters Injecting AND 1=(SELECT LOAD_FILE('var/log/messages') ) –MySQL Error '\'var/log/messages\') ) limit 5 = 1 order by average desc limit 10' at line 1)

21 21 Bypassing Filters 1=(SELECT LOAD_FILE('var/log/messages') ) –MySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'var/log/messages\') ) limit 5 -- = 1 order by average desc limit 10' at line 1) Char Hex –1=(SELECT LOAD_FILE(0x2F7661722F6C6F672F6D65737361676573)

22 22 Bypassing Blacklists What are Blacklists Blacklist (DELETE, EXEC) –DEL/**/ETE –/**/ D/**EVIL**/ELE/**/TE

23 23 Escape Characters %26%23039 OR %26%23039X%26%23039=%26%23039X –‘ OR ‘X’ = ‘X’

Download ppt "SQL – Injections Intro. Prajen Bhadel College of Information Technology & Engeneering Kathmandu tinkune Sixth semister."

Similar presentations

Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.

SQL Injection Attacks Prof. Jim Whitehead CMPS 183: Spring 2006 May 17, 2006.
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
SQL Injection and Buffer overflow

SQL Injection and Buffer overflow
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.

Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.

SQL Injection Attacks CS 183 : Hypermedia and the Web UC Santa Cruz.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
MIS 5211.001 Week 11 Site:

MIS Week 11 Site:
Chapter 5 Introduction to SQL. Structured Query Language = the “programming language” for relational databases SQL is a nonprocedural language = the user.

Chapter 5 Introduction to SQL. Structured Query Language = the “programming language” for relational databases SQL is a nonprocedural language = the user.
SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.

SQL Power Injector Avadanei AlinBalan Robert. What is SQL Power Injector ?  A graphical application created in C#.Net 1.1 that helps the penetration.
CSCI 6962: Server-side Design and Programming JDBC Database Programming.

CSCI 6962: Server-side Design and Programming JDBC Database Programming.
ASP.NET Programming with C# and SQL Server First Edition

ASP.NET Programming with C# and SQL Server First Edition
How to Hack a Database.  What is SQL?  Database Basics  SQL Insert Basics  SQL Select Basics  SQL Where Basics  SQL AND & OR Basics  SQL Update.

How to Hack a Database.  What is SQL?  Database Basics  SQL Insert Basics  SQL Select Basics  SQL Where Basics  SQL AND & OR Basics  SQL Update.
Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.

Hamdi Yesilyurt, MA Student in MSDF & PhD-Public Affaris SQL Riji Jacob MS Student in Computer Science.
(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.

(CPSC620) Sanjay Tibile Vinay Deore. Agenda  Database and SQL  What is SQL Injection?  Types  Example of attack  Prevention  References.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.

PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.

Similar presentations

Ads by Google