SQL INJECTION IN MYSQL

Transcription

1 SQL INJECTION IN MYSQL

2 WHAT IS SQL? SQL (pronounced "ess-que-el") stands for Structured Query Language. SQL is used to communicate with a database. extracted from

3 SELECT STATEMENT The SELECT statement is used to select data from a database. The result is stored in a result table, called the result-set. SELECT column_name,column_name FROM table_name; OR SELECT * FROM table_name;

4 WHERE CLAUSE Used to filter records SELECT * FROM Customers WHERE CustomerID=1; Operator Description = Equal <> Not equal. Note: In some versions of SQL this operator may be written as!= > Greater than < Less than >= Greater than or equal <= Less than or equal BETWEEN LIKE IN Between an inclusive range Search for a pattern To specify multiple possible values for a column

5 INSERT STATEMENT Used to insert new records in a table INSERT INTO table_name (column1,column2,column3, ) VALUES (value1,value2,value3, ); OR INSERT INTO Customers (CustomerName, City, Country) VALUES ('Cardinal', 'Stavanger', 'Norway');

6 UPDATE STATEMENT Used to update records in a table UPDATE table_name SET column1=value1,column2=value2, WHERE some_column=some_value;

7 DELETE STATEMENT Used to delete rows in a table DELETE FROM table_name WHERE some_column=some_value;

8 UNION OPERATOR Used to combine the result-set of two or more SELECT statements SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2; or SELECT column_name(s) FROM table1 UNION ALL SELECT column_name(s) FROM table2;

9 To learn more about sql visit

10 SQL INJECTION What is SQL injection? Insertion or "injection" of a SQL query via the input data from the client to the application

11 TYPES OF SQL INJECTION First Order Attack Blind SQL Injection Second Order Attack

12 FIRST ORDER ATTACK SQL Injection that is executed immediately

13 FIRST ORDER ATTACK Common SQL error message: You have an error in your SQL syntax; blahblahblah.

14 WHY IS IT POSSIBLE? User inputs are not properly sanitised What can you do? '' UNION ALL SELECT 1,LOAD_FILE('/etc/passwd'),3 ;

15 BLIND SQL INJECTION No feedback/response from web application Make use of SQL functions to delay response 1. SLEEP(10); 2. BENCHMARK(1000,RAND()); Content-based Compare response based on expression

16 METHODOLOGY Identify (Tool or Manual) SQLMap Attack

17 ADVANCED SQL INJECTION

18 CROSS-SITE SCRIPTING (XSS)

19 CROSS-SITE SCRIPTING (XSS) Take advantage of unsanitised user input Leverage on HTML and Javascript Perform malicious activities on behalf of the user

20 DANGERS OF XSS ATTACKS Deface websites Steal cookie(s) Hijack sessions Perform malicious script(s)

21 XSS DETECTION Enter common HTML tags into input field <script>alert( hello )</script> <img src= SomeImage.jpg > <iframe src= SomeWebsiteThatHasMaliciousScripts >

22 TYPES OF XSS ATTACKS Persistent XSS Reflected XSS

23 PERSISTENT XSS XSS attack is executed on a persistent storage Forum post Database

24 REFLECTED XSS XSS Test )</script> HTTP Response contains a browser executable code Affects people who accesses the malicious link or web page

25 SESSION HIJACKING I.Identify XSS vectors II.Get cookies III.Load admin s cookies IV.Escalate privileges <script>alert(document.cookie)</script> javascript:void(document.cookie= cookie_here )

26 ADVANCED XSS TECHNIQUES <IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&# x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29> XSS Obfuscation to defeat common filters Malformed tags Default SRC tag OnError Alert Many others (Visit link below)

27 PREVENTING XSS ATTACKS Sanitise user s input and output Enable HttpOnly cookies flag Disable Trace Request Avoid opening shady URL and

28 QUESTION AND ANSWERS