sql injections (part 1)

Report

Tags:

Post on 18-Dec-2014

2.797 Views

Category:

Technology

3 Downloads

Preview:

Click to see full reader

DESCRIPTION

SQL Injections (Part 1) by Wasim Halani @ null Mumbai Meet, May, 2011

TRANSCRIPT

SQL Injection Part 1 - BASICS

Wasim Halani(WaSHaL)

./whoami

0Student0Fallible0NOT a SQL expert

0 “Do not take anything I say as fact. I have been wrong before and I will be wrong again.” - Nullthreat

OWASP Top 10

0A1 – Injection Flaws0 Injection flaws, such as SQL, OS, and LDAP injection,

occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.

0Simpler definition, anyone?

SQL Injection

0SQL = Structured Query Language0Execute a SQL query/statement or syntax by injecting

it in an user input field on the web application

Why study it?

0Barracuda0HBGary / HBGary Federal0Appinonline0Appinlabs0NIIT0Mysql.com

Our Sample DB

id username password Role

1 admin admin123 1

2 tom T0m!@# 0

3 jerry jerry 0

4 harry 098@harry 0

user_db

Generic SQL - Select

0SQL> select * from userdb where username=‘xxxx’ and password=‘yyyy’;0 returns all columns from table ‘userdb’ and every row

which have given username and password

0SQL> select role from userdb where username=‘zzzz’;0 returns only column ‘role’ where username matches

UNION Operator

0Combine results of two or more SELECT statements

0SELECT username,password from user_db UNION SELECT username,password from admin_db

0SELECT username,password from user_db UNION ALL SELECT username,password from admin_db

ORDER BY Clause

0Sort results of SELECT query by a specific column0 number 0 column name

Misc.

0 INSERT0UPDATE0DELETE0ALTER0DROP

Categories of SQL Injection

0 In-band0 Error0 Union

0Out-band0 Dns0 Ping

0 Inferential (Blind)0 Sleep0 Waitfor

Ref: www.toorcon.org/tcx/9_McCray.pdf

SQL Injection Attacks

Vulnerable Code

Vanilla Injection

0 ‘ or 1=1 --0a‘ or ‘a’=‘a

Finding # of Columns1234....100

Finding # of Columns - 2

Injecting Queries (UNION)

Ref: http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/

Tools

0Netsparker (Pro/Community)0Havij0SQLMap0SQLNinja

Coming Up…

0Blind SQL0Manual Extraction of Data using SQLi+Burp0Preventing SQL Injections

Questions?*

wasimhalani@gmail.com@washalsec

http://securitythoughts.wordpress.com/

*Conditions Apply

mailto:wasimhalani@gmail.com
http://securitythoughts.wordpress.com/

top related

sql accounting training guide part 2 - e stream · sql...
Documents
stand-alone injections skill exam - optometry · pdf...
Documents
sql – injections intro. prajen bhadel college of...
Documents
menos buffer overflows, más sql injections
Technology
sql part 1
Documents
pl/sql & sql coding guidelines – part 5
Technology
projektarbeit 1 - xss, csrf, sql-injection · pdf...
Documents
sql – part ii
Documents
sql injections: more fun and profit · database must have...
Documents
an introduction to sql injection attacks for oracle...
Documents
percona sql injections
Documents
sql injections prof. andrew mangle, pmp, cissp, csslp...
Documents
time based sql injections
Documents
auditing injections and infusions - mtha.org pdf...
Documents
sql: part ii - student.cs.uwaterloo.ca
Documents
nosql, no sql injections?
Technology
how to detect sql injections & xss attacks using siem event...
Technology
sql-injections: a wake-up call for...
Documents
sql server part 1
Business
sql basic sql part i
Documents