INJECTION
NABEEL MUHAMMED N
NO:35
AKNMGPTC THIRURANGADI CT BATCH 2014-17
CONTENTS
Introduction
Types of SQL INJECTION
Steps for performing SQL INJECTION
How it Works
Countermeasures
Conclusion
References
SQL Injection is a type of Security Exploit in
which the attacker injects SQL statements to
gain access to restricted resources and make
changes.
TARGET: Web Application with backend
database
Uses client supplied SQL queries to get
unauthorized access to database.
SQL Injection types:
SQL Manipulation
Code Injection
Function Call Injection
Buffer Over Flow
SQL MANIPULATION:
It means to manipulate and retrieve data in a relational
database.
SQL Manipulation comprises the SQL-Data change
statements, which modify the stored data but not the schema
or database objects.
CODE INJECTION:
Code injection is the exploitation of computer application
that is caused by processing invalid data.
It is always used malevolently which means it is always used in
an evil way to destroy a database by exploiting the other
codes.
FUNCTION CALL INJECTION:
It is one of the most common type of injection technique
where functions are used for injection.
When a function call a parameter then the attacker passes a
different parameter to the function resulting something
different than expected.
BUFFER OVERFLOW:
It also one of the common technique used for injection at the
users input side.
It is a mechanism of injection by input of data exceeding the
limits of the fields of the user input resulting an error message
using which the SQL codes are injected.
SQL Injection Steps:
Input field to submit data
(e.g. a login page)
SQL Injection Steps
(contd..)
Check for server pages if input field is absent
e.g. http://www.xsecurity.com/index.jsp?id=10
In the above example attack will be like this:
e.g.
http://www.xsecurity.com/index.jsp?id=debu’ or
1=1 –
Look for errors: This can be done using single
quotation mark (‘). E.g.
Test for Vulnerability:
Using single quote in the input
•sujit’ or 1=1 --
•login: shweta’ or 1=1 --
•http://search/index.asp?id=sql’ or 1=1 --
Depending on the error:
• ‘ or 1=1 --
• “ or 1=1 --
•‘ or ‘a’ = ‘a
• “ or “a” = “a
•‘) or (‘a’ = ‘a)
How It Works:
Examples: BadLogin.aspx.cs
Minimize the Privilege of Database Connection
Disable Verbose Error Message
Protect the system account “SA”
Audit Source Code:
Escape Single Quotes
Input Validation
Reject Known Bad Input
Input Bound Checking
All user inputs should be filtered
SQL Injection Detection and Blocking Tools
SQLBlock
Screen Shots
Conclusion:
Now a days SQL injection is one of the biggest nightmare
among Database administrators. Though we have a lot of way
for its prevention but still today’s most website suffer from this
attack.
References
http://hack.er.org/sqlinjection
http://hackercentre.com/sqlinjectioncheetsheet
22