SQL Injections (Part 1)
Download as PPTX, PDF4 likes3,502 views
This document provides an introduction to SQL injection basics. It defines SQL injection as executing a SQL query or statement by injecting it into a user input field. The document outlines why SQL injection is studied, provides a sample database structure, and describes generic SQL queries and operators like UNION and ORDER BY. It also categorizes different types of SQL injection and attacks. The remainder of the document previews upcoming topics on blind SQL injection, data extraction techniques, and prevention.
SQL Injections (Part 1)
- 1. SQL Injection Part 1 - BASICSWasimHalani(WaSHaL)
- 2. ./whoamiStudentFallibleNOT a SQL expert“Do not take anything I say as fact. I have been wrong before and I will be wrong again.” - Nullthreat
- 3. OWASP Top 10A1 – Injection FlawsInjection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.Simpler definition, anyone?
- 4. SQL InjectionSQL = Structured Query LanguageExecute a SQL query/statement or syntax by injecting it in an user input field on the web application
- 5. Why study it?BarracudaHBGary/ HBGary FederalAppinonlineAppinlabsNIITMysql.com
- 7. Generic SQL - SelectSQL> select * from userdb where username=‘xxxx’ and password=‘yyyy’;returns all columns from table ‘userdb’ and every row which have given username and passwordSQL> select role from userdb where username=‘zzzz’;returns only column ‘role’ where username matches
- 8. UNION OperatorCombine results of two or more SELECT statementsSELECT username,password from user_db UNION SELECT username,password from admin_dbSELECT username,password from user_db UNION ALL SELECT username,password from admin_db
- 9. ORDER BY ClauseSort results of SELECT query by a specific columnnumber column name
- 11. Categories of SQL InjectionIn-bandErrorUnionOut-bandDnsPingInferential (Blind)SleepWaitforRef: www.toorcon.org/tcx/9_McCray.pdf
- 13. Vulnerable Code
- 14. Vanilla Injection‘ or 1=1 --a‘ or ‘a’=‘a
- 15. Finding # of Columns1234....100
- 16. Finding # of Columns - 2
- 17. Injecting Queries (UNION)Ref: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
- 19. Coming Up…Blind SQLManual Extraction of Data using SQLi+BurpPreventing SQL Injections
- 21. Blind SQL InjectionThe game of TRUE and FALSENo error messages/responsesResult determination is fromResponse pageHTTP Status code