Scribd
Upload
24 views

SQL Inection

SQL injection attacks exploit vulnerabilities in web applications that construct SQL queries in an unsafe manner. Attackers can insert additional SQL statements by manipulating user input to alter or retrieve unintended data from the database. This document discusses how SQL injection works, common types of SQL injection attacks like error-based and blind SQL injection, and steps to perform SQL injection using examples.

Uploaded by

Lovi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
24 views

SQL Inection

SQL injection attacks exploit vulnerabilities in web applications that construct SQL queries in an unsafe manner. Attackers can insert additional SQL statements by manipulating user input to alter or retrieve unintended data from the database. This document discusses how SQL injection works, common types of SQL injection attacks like error-based and blind SQL injection, and steps to perform SQL injection using examples.

Uploaded by

Lovi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 12

SQL Injection

SQL Overview
Structured Query Language

Database language designed for

managing data in RDBMS.

1970s by Dr. Codd.

ANSI: 1st SQL standard in 1986,

ANSI: updates in 1989, …

SQL Uses DML (Data Manipulation Language)


SQL Injection Attacks
SQL Injection Attacks Con..

 SQL serversSELECT
allow multiple statements.
* FROM `users` WHERE `name` = ‘Al'; SELECT * FROM `users`; DROP TABLE `users`;
SELECT * FROM `users` WHERE `name` = ‘Al'; SELECT * FROM `users`; DROP TABLE `users`;

 SELECT SELECT

 SQLIAs: Exploiting an application security vulnerability.

 SQLIAs: described as one of the most serious security threats to

web applications

 SQLIAs: Caused by insufficient input validation.

 Gartner Group:97% of 300 websites were vulnerable to SQLIAs.


SQLIA Example
SQLIA Example Con..
SQLIA Example con’t
SQLIA Types
• Inband - Error based and Union based. [Some
details are shown to identify sql vulnerability]
• Inferential /Blind– Boolean and TIME based –
sleep.
SQLIA Types
• Error based – using orderby and union
• Boolean based – true or false
• TIME based - sleep
SQLIA Steps using example
• Confirm SQL injection
• Enumerate columns
• Reflection

You might also like