Powerpoint presentation on SQL injection in brief (Simple)
-
Upload
shivam-sahu -
Category
Engineering
-
view
707 -
download
47
Transcript of Powerpoint presentation on SQL injection in brief (Simple)
![Page 1: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/1.jpg)
A SEMINAR POWERPOINT PRESENTATION
ON sql injection
(Structured Query Language Injection)
Session: 2017-18
Submitted To: Submitted By: Dr. Deepak Dembla Shivam Sahu Professor & HOD IT 16BCAN035
&Computer Applications Department IInd Sem BCA
JECRC University, Jaipur
![Page 2: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/2.jpg)
Structure of presentation• What are Injection attacks?• What is SQL?• What is SQL Injection?• Classes of SQL Injection?• Is it can be a very serious problem?• Important SQL Syntax!• Find SQL Injection Bugs ?• Impact of SQL Injection• SQL Attack steps!• News!!??• Any Websites provide Bugs Bounty for SQL Injection?• SQL Injection(code and dork)• How to hack Website using SQL Injection with easy Steps!(Live Demonstartion!)• SQL injection exploit?• How Can You Prevent This?• Other Injection Types• SQL injection Conclusion• Bibliography
![Page 3: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/3.jpg)
What are Injection attacks?
• Injection attacks trick an application into including unintended commands in the data send to an interpreter.
• Interpreters• Interpret strings as commands.• Ex: SQL, shell (cmd.exe, bash), LDAP, XPath• Key Idea• Input data from the application is executed as
code by the interpreter.
![Page 4: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/4.jpg)
What is SQL?• SQL: Structured
Query Language
• Used to store, edit, and retrieve database data
• Applications issue SQL commands that manage data
Web Application
Database
SQLChanges
Retr
ieva
l
![Page 5: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/5.jpg)
What is SQL Injection?• App sends form to user.
• Attacker submits form with SQL exploit data.
• Application builds string with exploit data.
• Application sends SQL query to DB.
• DB executes query, including exploit, sends data back to application.
• Application returns data to user.
• Many web applications take user input from a form
• Often this user input is used literally in the construction of a SQL query submitted to a database
DB Server
Firewall
User
Pass ‘ or 1=1--
![Page 6: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/6.jpg)
![Page 7: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/7.jpg)
Video Source : https://www.youtube.com/watch?v=FwIUkAwKzG8
![Page 8: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/8.jpg)
Classes of SQL Injection• SQL Injection can be broken up into 3 classes:
• 1.Inband - data is extracted using the same channel that is used to inject the SQL code. • This is the most straightforward kind of attack, in which the retrieved data is presented • directly in the application web page
• 2.Out-of-Band - data is retrieved using a different channel (e.g.: an email with the results of • the query is generated and sent to the tester)
• 3.Inferential - there is no actual transfer of data, but the tester is able to reconstruct the • information by sending particular requests and observing the resulting behaviour of the • website/DB Server.
![Page 9: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/9.jpg)
Is it can be a very serious problem?
• The attacker can delete, modify or even worse, steal your data
• Compromises the safety, security & trust of user data
• Compromises a company’s competitiveness or even the ability to stay in business
![Page 10: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/10.jpg)
Important SyntaxCOMMENTS: --
Example: SELECT * FROM `table` --selects everything
LOGIC: ‘a’=‘a’Example: SELECT * FROM `table` WHERE ‘a’=‘a’
MULTI STATEMENTS: S1; S2Example: SELECT * FROM `table`; DROP TABLE `table`;
![Page 11: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/11.jpg)
Impact of SQL Injection1. Leakage of sensitive
information.2. Reputation decline.3. Modification of sensitive
information.4. Loss of control of db
server.5. Data loss.6. Denial of service.
![Page 12: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/12.jpg)
SQL Attack steps• Searching for a vulnerable point• Fingerprinting the backend DB• Enumerating or retrieving data of interest –
table dumps, usernames/passwords etc.• Eventual exploiting the system once the
information is handy– OS take over, data change, web server take over
etc.
![Page 13: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/13.jpg)
SQL Injection Attacks on the rise• Many, many sites have lost customer data in this way,” said Chris Hinkley,
Senior Security Engineer at FireHost. “SQL Injection attacks are often automated and many website owners may be blissfully unaware that their data could actively be at risk. These attacks can be detected and businesses should be taking basic and blanket steps to block attempted SQL Injection, as well as the other types of attacks we frequently see.
• 16/11/2016 :Websites of Indian Embassy in 7 Countries Hacked; Database Leaked Online
![Page 14: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/14.jpg)
SQL injection exploit?• Access sensitive data in the database, • Modify database data,• Execute administrative operations within the
database (e.g. shutdown the DBMS), • Recover the content of a given file present on
the DBMS file system • And in some cases issue commands to the
operating system.
![Page 15: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/15.jpg)
![Page 16: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/16.jpg)
Video Source : https://www.youtube.com/watch?v=J6-zUVUzZA4
![Page 17: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/17.jpg)
Websites that provide bug bounty for SQL
Injectionhttps://www.hackerone.com/
![Page 18: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/18.jpg)
SQL Injection' or 0=0 --' or 0=0 --'' or 0=0 #" or 0=0 --" or 0=0 --''" or 0=0 --or 0=0 --' or 0=0
" or 0=0 #' or a=a--
' or "a"="a' or 'a'='a
" or "a"="a') or ('a'='a
") or ("a"="ahi" or "a"="ahi" or 1=1 --
or 0=0 #' or 'x'='x
" or "x"="x') or ('x'='x" or 1=1--or 1=1--
' or a=a--'' or a=a #
hi' or 1=1 --
hi' or 'a'='ahi') or ('a'='a
hi") or ("a"="a' or 1=1--" or 1=1--or 1=1--
' or 'a'='a" or "a"="a') or ('a'='a
![Page 19: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/19.jpg)
![Page 20: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/20.jpg)
Finding SQL Injection Bugs
1. Submit a single quote as input.If an error results, app is vulnerable.If no error, check for any output changes.
2. Submit two single quotes.Databases use ’’ to represent literal ’If error disappears, app is vulnerable.
3. Try string or numeric operators.
![Page 21: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/21.jpg)
How to mitigate the risk?
• Escape all user supplied input• Always validate input• Use prepared statements– For PHP+MySQL – use PDO with strongly typed
parameterized queries (using bindParam()) • Code reviews • Don’t store password in plain text in the DB– Salt them and hash them
![Page 22: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/22.jpg)
How does this prevent an attack?
• The SQL statement you pass to prepare is parsed and compiled by the database server.
• By specifying parameters (either a ? or a named parameter like :name) you tell the database engine what to filter on.
• Then when you call execute the prepared statement is combined with the parameter values you specify.
• It works because the parameter values are combined with the compiled statement, not a SQL string.
• SQL injection works by tricking the script into including malicious strings when it creates SQL to send to the database. So by sending the actual SQL separately from the parameters you limit the risk of ending up with something you didn't intend.
![Page 23: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/23.jpg)
Prevention• Logic to allow only numbers / letters in username
and password.• How should you enforce the constraint?
SERVER SIDE.• ‘ESCAPE’ bad characters.
’ becomes \’• READ ONLY database access.• Remember this is NOT just for login areas!
NOT just for websites!!
![Page 24: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/24.jpg)
![Page 25: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/25.jpg)
Video Source: https://www.youtube.com/watch?v=WNNLpObPQuo
![Page 26: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/26.jpg)
SQL injection Conclusion• SQL injection is technique for exploiting applications that use relational
databases as their back end. • Applications compose SQL statements and send to database. • SQL injection use the fact that many of these applications concatenate the
fixed part of SQL statement with user-supplied data that forms WHERE predicates or additional sub-queries.
• The technique is based on malformed user-supplied data • Transform the innocent SQL calls to a malicious call • Cause unauthorized access, deletion of data, or theft of information• All databases can be a target of SQL injection and all are vulnerable to this
technique. • The vulnerability is in the application layer outside of the database, and
the moment that the application has a connection into the database.
![Page 27: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/27.jpg)
Other Injection Types• Shell injection.• Scripting language injection.• File inclusion.• XML injection.• XPath injection.• LDAP injection.• SMTP injection.
![Page 28: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/28.jpg)
Some good sites to learn more
• Prevention guide (with sample code in many languages):• http://bobby-tables.com/• Tutorials:• (webinar) http://www.percona.com/webinars/2012-07-25-sql-injection-
myths-and-fallacies• http://www.netrostar.com/SQL-Injection-Attack• http://www.unixwiz.net/techtips/sql-injection.html• Cool site that let’s you try out attacks on a sample DB and explains why they
work• http://sqlzoo.net/hack/• Research paper on how to retrofit existing websites to combat SQL injection
attacks• http://lersse-dl.ece.ubc.ca/record/205/files/paper.pdf
![Page 29: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/29.jpg)
BIBLIOGRAPHY• https://www.google.co.in/#q=sql+injection&• http://www.acunetix.com/websitesecurity/sql-injectio
n/• https://www.google.co.in/search?q=sql+injection&so
urce=lnms&tbm=isch&sa=X&sqi=2&ved=0ahUKEwir3_fijMfSAhUJqY8KHaZrD50Q_AUICCgD&biw=1440&bih=794
• https://www.w3schools.com/sql/sql_injection.asp• https://en.wikipedia.org/wiki/SQL_injection• https://www.tutorialspoint.com/sql/sql-injection.htm• http://searchsoftwarequality.techtarget.com/definition
/SQL-injection• https://www.netsparker.com/blog/web-security/sql-in
jection-vulnerability/
![Page 30: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/30.jpg)
Queries WillBe
Appreciated?
![Page 31: Powerpoint presentation on SQL injection in brief (Simple)](https://reader035.fdocuments.in/reader035/viewer/2022081414/58ce74f31a28abdc578b645b/html5/thumbnails/31.jpg)
Profound Thanks To:
Dr. Deepak Dembla Professor & HOD IT & Computer Applications Department