Scribd
Upload
90 views13 pages

SQL Injection Presentation by Vivek Pancholi

This document gives you more information and practical approach. I made it when i was in college and i explained to all target audience how it can be performed with live training.

Uploaded by

Er Vivek Pancholi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
90 views13 pages

SQL Injection Presentation by Vivek Pancholi

This document gives you more information and practical approach. I made it when i was in college and i explained to all target audience how it can be performed with live training.

Uploaded by

Er Vivek Pancholi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

Guided By: Prof.

Premal Patel Prepared By: Vivek Pancholi(151180107018)


Vrushang Patel(151180107033)
What is SQL Injection?

 SQL injection is a code injection technique that might


destroy your database.
 SQL injection is one of the most common web
hacking techniques.
 SQL injection is the placement of malicious code in
SQL statements, via web page input.
Types of SQL Injection

1. Classic SQL Injection:-


 Classic SQL Injection utilize where clause modification
and union operator injection to exploit the improper
filtering.
 There are basically two types of classic SQL injection:
1. Error based SQL.
2. Union based SQL.
Types of SQL Injection

2. Blind SQL Injection:-


 This form injection is the same as classic SQL
Injection except the attacker is not able to
immediately able to see the results.
 Syntax: SELECT IF(expression, true, false)
How to exploit SQL Vulnerability?

 Control application behaviour that’s based on data in the


database, for example by tricking an application into
allowing a login without a valid password
 Alter data in the database without authorization, for
example by creating fraudulent records, adding users or
“promoting” users to higher access levels, or deleting data
 Access data without authorization, for example by tricking
the database into providing too many results for a query
How to exploit SQL Vulnerability?

 Searching for a vulnerable point


 Fingerprinting the backend DB
 Enumerating or retrieving data of interest-table
dumps, usernames/passwords etc.
 Eventual exploiting the system once the information
is handy
 OS take over, data change, web server take over etc.
How to Prevent SQL Injection
Vulnerability?

 Regularly apply software patches.


 Use a web application firewall.
 Continuously monitor SQL statements from database-
connected applications.
 Avoid constructing SQL queries with user input.
How to SQL Injection Work?

 App sends from to user.


 Attacker submits from with SQL
exploit data.
 Application builds string with
exploit data.
 Application sends SQL query to
DB.
 DB executes query, including
exploit, sends data back to
application.
 Application returns data to user.
Actual Use

 $sql=“SELECT * FROM ARTICLES WHERE id= ”.$_GET[“id”];


//executed query =SELECT * FROM ARTICLES WHERE ID=1234
$RESULT = mysql_query($sql);
SQL Inject Input

 $sql=“SELECT * FROM ARTICLES WHERE id= ”.$_GET[“id”];


//executed query =SELECT * FROM ARTICLES WHERE ID=1234;
DROP TABLE ARTICLES;
$RESULT = mysql_query($sql);
Example

 SELECT*FROM users WHERE email= ‘$email’ AND password= md5(‘$password’);

Supplied value= [email protected] xxx’) OR 1=1—

SELECT*FROM users WHERE email= ‘[email protected] ’ AND password= md5(‘xxx’) OR 1=1—’);

SELECT * FROM user WHERE FALSE AND FALSE OR TRUE


SELECT * FROM user WHERE FALSE OR TRUE
SELECT * FROM user WHERE TRUE
Most Common SQL Injection URL
Patterns

 Ending with “--”


 Ending with “/*”
 Containing UNION, (ALL), SELECT and FROM
 BENCHMARK
 Containing “information_schema”
 Containing “load_file”

You might also like