SQL Injection

download SQL Injection

If you can't read please download the document

  • date post

    29-Oct-2014
  • Category

    Education

  • view

    36
  • download

    3

Embed Size (px)

description

SQL Injection Project for lecture "Computer Systems Security" You can find a SQL Injection Attack with sqlmap here: http://www.youtube.com/watch?v=wAwUv5dzwLk It was performed for educational purposes ONLY.

Transcript of SQL Injection

  • 1. University of Central GreeceComputer Science and Biomedical Informatics SQL INJECTION System Security project Sapountzi Eleni Siganos Marios

2. ; () SQL injections web SQL Injections 3. 7 4. ; 5. SQL , :MS SQL ServerOracleMySQLPostgresDB2MS AccessSybaseInformix, . 6. : Perl CGI scripts ASP, JSP, PHP XML, XSL XSQL Javascript VB, MFC, ODBC-based APIs DB web-based API Reports and DB Applications 3 and 4GL-based languages (C, OCI, Pro * C, COBOL) 7. ; web browser ; : login page search page feedback . HTML POST ASP 8. SQL Injection; SQL developers O SQL Server SYSTEM, administrator , 9. Web Server Application Server Database Server WebInputInjected SQL Page ValidationExecution!Access Flaw 10. ; SQL . 11. (validation) (input data) : ( HTTP GET POST) links ( HTTP GET) 12. W E B 13. 1 employees MySQL block PHP :SELECT employeeid, fullname, salary FROM employees WHEREemployeeid = 3SELECT employeeid, fullname, salary FROM employees WHEREemployeeid = 352 14. 1 Employeeid employees browser, GET HTTP link : http://www.example.com/employees.php?employeeid=3 GET employeeid URL, http://www.example.com/employees.php?employeeid=3 OR 1=1 :SELECT employeeid, fullname, salary FROM employees WHERE employeeid=3 OR 1=1 15. 2Login form block PHP 16. 2 username password web login HTTP POST password: bar OR 1=1 OR username= : SELECT userid FROM users WHERE username=fooAND password=bar OR 1=1 OR username=; (login) 17. 3 SQL SQL Injections!!! block PHP 18. 3 links : http://www.example.com/employees.php?employeeid=3 : SELECT employeeid, fullname, salary FROM employeesWHERE employeeid = 3 19. 3 o URL http://www.example.com/employees.php?employeeid=3;DELETE FROM users; 2 : SELECT employeeid, fullname, salaryFROM employees WHERE employeeid = 3; DELETE FROM users; users ! 20. G O O G L E D O R K S : inurl:index.php?id= url error inurl:index.php?catid= SQLi inurl:news.php?id= inurl:news.php?catid= inurl:product.php?id= 21. , SQL : ! : , : 22. S Q L I N J EC T I O N Automated and heuristic web vulnerability scanner 23. SQLMAP Open Source penetration testing tool SQLi , passwordhashes , , ,, 24. SQLMAP password hashes name pass 25. SQLMAP - Boolean-based blind SQL injection inferential SQLinjection Time-based blind SQL injection blind SQL injection Error-based SQL injection UNION query SQL injection inband SQL injection Stacked queries SQL injection multiple statementsSQL injection 26. SQL INJECTIONS; : quotes, slash, backslash, semicolon, NULL, new line, : URL cookies 27. SQL INJECTIONS; stored procedures : master..Xp_cmdshell, xp_startmail, xp_sendmail, sp_makewebtask 28. SQL Injection SQL SQLi : 29. !