SlideShare a Scribd company logo

Ppt on sql injection

Download as PPTX, PDF
A
ashish20012

This document discusses SQL injection, which is a security vulnerability that allows attackers to interfere with how a database operates. SQL injection occurs when user input is not sanitized and is used directly in SQL queries, allowing attackers to alter the structure and meaning of queries. The document provides an example of how an attacker could log in without a password by adding SQL code to the username field. It also lists some common SQL injection techniques like using comments, concatenation, and wildcards. Finally, it points to additional online resources for learning more about SQL injection and database security.

EngineeringTechnology
1 of 14
Downloaded 561 times
1
2
3
4
5
6
Most read
7
8
9
10
11
Most read
12
13
14
Most read
SQL INJECTION SUBMITTED TO:- SUBMITTED BY :- MR. NAVEEN KEDIA ASHISH KUMAR FINAL YEAR I.T.
INDEX  Ethical Hacking.  What is SQL.  How does SQL Injection work.  Example of SQL Injection.  Diagram of SQL Injection.
ETHICAL HACKING  Independent computer security Professionals breaking into the computer systems.  Neither damage the target systems nor steal information.  Evaluate target systems security and report back to owners about the Bugs found.
ETHICAL HACKERS BUT NOT CRIMINAL HACKERS  Completely trustworthy.  Strong programming and computer networking skills.  Learn about the system and trying to find its weaknesses.  Techniques of Criminal hackers-Detection-Prevention.  Tester only reports findings, does not solve problems.
WHAT IS SQL?  SQL stands for Structured Query Language  Allows us to access a database  ANSI and ISO standard computer language  The most current standard is SQL99  SQL can:  execute queries against a database  retrieve data from a database  insert new records in a database  delete records from a database  update records in a database
WHAT IS A SQL INJECTION ATTACK?  Many web applications take user input from a form  Often this user input is used literally in the construction of a SQL query submitted to a database. For example:  SELECT productdata FROM table WHERE productname = ‘user input product name’;  A SQL injection attack involves placing SQL statements in the user input
HOW DOES SQL INJECTION WORK? Common vulnerable login query SELECT * FROM users WHERE login = 'victor' AND password = '123' (If it returns something then login) ASP/MS SQL Server login syntax var sql = "SELECT * FROM users WHERE login = '" + formusr + "' AND password = '" + formpwd + "'";
INJECTING THROUGH STRINGS formusr = ' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 – – AND password = 'anything'
Ppt on sql injection
SQL INJECTION CHARACTERS  ' or "character String Indicators  -- or # single-line commen  /*…*/ multiple-line comment  + addition, concatenate (or space in url)  || (double pipe) concatenate  % wildcard attribute indicator
ALL TABLES AND COLUMNS IN ONE QUERY  union select 0, sysobjects.name + ': ' + syscolumns.name + ': ' + systypes.name, 1, 1, '1', 1, 1, 1, 1, 1 from sysobjects, syscolumns, systypes where sysobjects.xtype = 'U' AND sysobjects.id = syscolumns.id AND syscolumns.xtype = systypes.xtype --
ARCHITECTURE OF SQL INJECTION
LINKS  A lot of SQL Injection related papers  http://www.nextgenss.com/papers.htm  http://www.spidynamics.com/support/whitepapers/  http://www.appsecinc.com/techdocs/whitepapers.html  http://www.atstake.com/research/advisories  Other resources  http://www.owasp.org  http://www.sqlsecurity.com  http://www.securityfocus.com/infocus/1768
THANK YOU

More Related Content

PPTX
Sql injections - with example
Prateek Chauhan
 
PPTX
SQL INJECTION
Anoop T
 
PPT
Sql injection
Pallavi Biswas
 
PPTX
Ford Fulkerson Algorithm
Adarsh Rotte
 
PPTX
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
PPTX
Database security
MaryamAsghar9
 
PPTX
IT Act 2000
Sreelekshmi Mohan
 
PDF
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
Casey Ellis
 
Sql injections - with example
Prateek Chauhan
 
SQL INJECTION
Anoop T
 
Sql injection
Pallavi Biswas
 
Ford Fulkerson Algorithm
Adarsh Rotte
 
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Database security
MaryamAsghar9
 
IT Act 2000
Sreelekshmi Mohan
 
CVE-2021-44228 Log4j (and Log4Shell) Executive Explainer by cje@bugcrowd
Casey Ellis
 

What's hot (20)

PPTX
SQL INJECTION
Mentorcs
 
PPTX
Sql injection - security testing
Napendra Singh
 
PPT
A Brief Introduction in SQL Injection
Sina Manavi
 
PPTX
Sql injection
Zidh
 
PPT
Sql injection
Nitish Kumar
 
PPTX
Sql Injection attacks and prevention
helloanand
 
PPTX
SQL injection prevention techniques
SongchaiDuangpan
 
PPTX
seminar report on Sql injection
Jawhar Ali
 
PPTX
Sql injection
Sasha-Leigh Garret
 
PPTX
Sql injection in cybersecurity
Sanad Bhowmik
 
PPTX
Sql injection
Nuruzzaman Milon
 
PPTX
SQL Injection
Asish Kumar Rath
 
PDF
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
PPTX
Sqlmap
Rushikesh Kulkarni
 
PPT
Sql injection attack
RajKumar Rampelli
 
PPTX
Sql injection attack
Raghav Bisht
 
PPT
Sql injection
Nikunj Dhameliya
 
PDF
How to identify and prevent SQL injection
Eguardian Global Services
 
PPTX
Whatis SQL Injection.pptx
Simplilearn
 
PPTX
SQL injection
Raj Parmar
 
SQL INJECTION
Mentorcs
 
Sql injection - security testing
Napendra Singh
 
A Brief Introduction in SQL Injection
Sina Manavi
 
Sql injection
Zidh
 
Sql injection
Nitish Kumar
 
Sql Injection attacks and prevention
helloanand
 
SQL injection prevention techniques
SongchaiDuangpan
 
seminar report on Sql injection
Jawhar Ali
 
Sql injection
Sasha-Leigh Garret
 
Sql injection in cybersecurity
Sanad Bhowmik
 
Sql injection
Nuruzzaman Milon
 
SQL Injection
Asish Kumar Rath
 
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
Sqlmap
Rushikesh Kulkarni
 
Sql injection attack
RajKumar Rampelli
 
Sql injection attack
Raghav Bisht
 
Sql injection
Nikunj Dhameliya
 
How to identify and prevent SQL injection
Eguardian Global Services
 
Whatis SQL Injection.pptx
Simplilearn
 
SQL injection
Raj Parmar
 
Ad

Similar to Ppt on sql injection (20)

PPTX
Greensql2007
Kaustav Sengupta
 
PPTX
Code injection and green sql
Kaustav Sengupta
 
PPTX
Sql injection
Mehul Boghra
 
PDF
Chapter 14 sql injection
newbie2019
 
PPSX
Web application security
www.netgains.org
 
PDF
Module 14 (sql injection)
Wail Hassan
 
PDF
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
PPTX
Understanding and preventing sql injection attacks
Kevin Kline
 
PDF
Sq li
Ashok kumar sandhyala
 
PDF
Php Security - OWASP
Mizno Kruge
 
PPTX
ASP.NET Web Security
SharePointRadi
 
PPTX
Sql Injection V.2
Tjylen Veselyj
 
PPTX
SQL Injection attack
Rayudu Babu
 
PPTX
03. sql and other injection module v17
Eoin Keary
 
PPT
SQL Injection Attacks
Compare Infobase Limited
 
PDF
Sql injection
Safwan Hashmi
 
PDF
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Grand Parade Poland
 
PDF
Prevention of SQL Injection Attack in Web Application with Host Language
IRJET Journal
 
PPTX
SQL Injection in action with PHP and MySQL
Pradeep Kumar
 
PPTX
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
 
Greensql2007
Kaustav Sengupta
 
Code injection and green sql
Kaustav Sengupta
 
Sql injection
Mehul Boghra
 
Chapter 14 sql injection
newbie2019
 
Web application security
www.netgains.org
 
Module 14 (sql injection)
Wail Hassan
 
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
Understanding and preventing sql injection attacks
Kevin Kline
 
Sq li
Ashok kumar sandhyala
 
Php Security - OWASP
Mizno Kruge
 
ASP.NET Web Security
SharePointRadi
 
Sql Injection V.2
Tjylen Veselyj
 
SQL Injection attack
Rayudu Babu
 
03. sql and other injection module v17
Eoin Keary
 
SQL Injection Attacks
Compare Infobase Limited
 
Sql injection
Safwan Hashmi
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
Grand Parade Poland
 
Prevention of SQL Injection Attack in Web Application with Host Language
IRJET Journal
 
SQL Injection in action with PHP and MySQL
Pradeep Kumar
 
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
 
Ad

Recently uploaded (20)

PPTX
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
PPTX
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
PPTX
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
PDF
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
PPTX
Construction Project Organization Group 2.pptx
vj5agdales
 
PDF
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
PPTX
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
PDF
BIO-INSPIRED HORMONAL MODULATION AND ADAPTIVE ORCHESTRATION IN S-AI-GPT
ijaia
 
PDF
737-MAX_SRG.pdf student reference guides
ssusere2119a1
 
PDF
composite construction of structures.pdf
AinieButt1
 
PPTX
Geodesy 1.pptx...............................................
abhi1361yadav
 
PDF
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
PDF
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
PDF
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
PPTX
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
PPTX
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
PPTX
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
PDF
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
PPTX
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
PDF
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 
Infosys Presentation by1.Riyan Bagwan 2.Samadhan Naiknavare 3.Gaurav Shinde 4...
bapushinde7218
 
M Tech Sem 1 Civil Engineering Environmental Sciences.pptx
ShriNRPrasad
 
bas. eng. economics group 4 presentation 1.pptx
kiribakimoses1993
 
Automation-in-Manufacturing-Chapter-Introduction.pdf
pcmth867
 
Construction Project Organization Group 2.pptx
vj5agdales
 
keyrequirementskkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
mojeeburahmanwardak
 
CYBER-CRIMES AND SECURITY A guide to understanding
Davies Chacko
 
BIO-INSPIRED HORMONAL MODULATION AND ADAPTIVE ORCHESTRATION IN S-AI-GPT
ijaia
 
737-MAX_SRG.pdf student reference guides
ssusere2119a1
 
composite construction of structures.pdf
AinieButt1
 
Geodesy 1.pptx...............................................
abhi1361yadav
 
Mitigating Risks through Effective Management for Enhancing Organizational Pe...
IJAEMSJORNAL
 
The CXO Playbook 2025 – Future-Ready Strategies for C-Suite Leaders Cerebrai...
Cerebraix Technologies
 
SM_6th-Sem__Cse_Internet-of-Things.pdf IOT
smceramu
 
Fundamentals of safety and accident prevention -final (1).pptx
Palani kumar
 
UNIT 4 Total Quality Management .pptx
gokuld13012005
 
Internet of Things (IOT) - A guide to understanding
Davies Chacko
 
Enhancing Cyber Defense Against Zero-Day Attacks using Ensemble Neural Networks
IJCNCJournal
 
OOP with Java - Java Introduction (Basics)
Rashmi T V
 
Unit I ESSENTIAL OF DIGITAL MARKETING.pdf
Nitin Shelake
 

Ppt on sql injection

  • 1. SQL INJECTION SUBMITTED TO:- SUBMITTED BY :- MR. NAVEEN KEDIA ASHISH KUMAR FINAL YEAR I.T.
  • 2. INDEX  Ethical Hacking.  What is SQL.  How does SQL Injection work.  Example of SQL Injection.  Diagram of SQL Injection.
  • 3. ETHICAL HACKING  Independent computer security Professionals breaking into the computer systems.  Neither damage the target systems nor steal information.  Evaluate target systems security and report back to owners about the Bugs found.
  • 4. ETHICAL HACKERS BUT NOT CRIMINAL HACKERS  Completely trustworthy.  Strong programming and computer networking skills.  Learn about the system and trying to find its weaknesses.  Techniques of Criminal hackers-Detection-Prevention.  Tester only reports findings, does not solve problems.
  • 5. WHAT IS SQL?  SQL stands for Structured Query Language  Allows us to access a database  ANSI and ISO standard computer language  The most current standard is SQL99  SQL can:  execute queries against a database  retrieve data from a database  insert new records in a database  delete records from a database  update records in a database
  • 6. WHAT IS A SQL INJECTION ATTACK?  Many web applications take user input from a form  Often this user input is used literally in the construction of a SQL query submitted to a database. For example:  SELECT productdata FROM table WHERE productname = ‘user input product name’;  A SQL injection attack involves placing SQL statements in the user input
  • 7. HOW DOES SQL INJECTION WORK? Common vulnerable login query SELECT * FROM users WHERE login = 'victor' AND password = '123' (If it returns something then login) ASP/MS SQL Server login syntax var sql = "SELECT * FROM users WHERE login = '" + formusr + "' AND password = '" + formpwd + "'";
  • 8. INJECTING THROUGH STRINGS formusr = ' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ' ' or 1=1 – – AND password = 'anything'
  • 10. SQL INJECTION CHARACTERS  ' or "character String Indicators  -- or # single-line commen  /*…*/ multiple-line comment  + addition, concatenate (or space in url)  || (double pipe) concatenate  % wildcard attribute indicator
  • 11. ALL TABLES AND COLUMNS IN ONE QUERY  union select 0, sysobjects.name + ': ' + syscolumns.name + ': ' + systypes.name, 1, 1, '1', 1, 1, 1, 1, 1 from sysobjects, syscolumns, systypes where sysobjects.xtype = 'U' AND sysobjects.id = syscolumns.id AND syscolumns.xtype = systypes.xtype --
  • 12. ARCHITECTURE OF SQL INJECTION
  • 13. LINKS  A lot of SQL Injection related papers  http://www.nextgenss.com/papers.htm  http://www.spidynamics.com/support/whitepapers/  http://www.appsecinc.com/techdocs/whitepapers.html  http://www.atstake.com/research/advisories  Other resources  http://www.owasp.org  http://www.sqlsecurity.com  http://www.securityfocus.com/infocus/1768