SQL INJECTION IN MYSQL
WHAT IS SQL? SQL (pronounced "ess-que-el") stands for Structured Query Language. SQL is used to communicate with a database. extracted from http://www.sqlcourse.com/intro.html
SELECT STATEMENT The SELECT statement is used to select data from a database. The result is stored in a result table, called the result-set. SELECT column_name,column_name FROM table_name; OR SELECT * FROM table_name;
WHERE CLAUSE Used to filter records SELECT * FROM Customers WHERE CustomerID=1; Operator Description = Equal <> Not equal. Note: In some versions of SQL this operator may be written as!= > Greater than < Less than >= Greater than or equal <= Less than or equal BETWEEN LIKE IN Between an inclusive range Search for a pattern To specify multiple possible values for a column
INSERT STATEMENT Used to insert new records in a table INSERT INTO table_name (column1,column2,column3, ) VALUES (value1,value2,value3, ); OR INSERT INTO Customers (CustomerName, City, Country) VALUES ('Cardinal', 'Stavanger', 'Norway');
UPDATE STATEMENT Used to update records in a table UPDATE table_name SET column1=value1,column2=value2, WHERE some_column=some_value;
DELETE STATEMENT Used to delete rows in a table DELETE FROM table_name WHERE some_column=some_value;
UNION OPERATOR Used to combine the result-set of two or more SELECT statements SELECT column_name(s) FROM table1 UNION SELECT column_name(s) FROM table2; or SELECT column_name(s) FROM table1 UNION ALL SELECT column_name(s) FROM table2;
To learn more about sql visit http://www.w3schools.com/sql/
SQL INJECTION What is SQL injection? Insertion or "injection" of a SQL query via the input data from the client to the application
TYPES OF SQL INJECTION First Order Attack Blind SQL Injection Second Order Attack
FIRST ORDER ATTACK SQL Injection that is executed immediately
FIRST ORDER ATTACK Common SQL error message: You have an error in your SQL syntax; blahblahblah.
WHY IS IT POSSIBLE? User inputs are not properly sanitised What can you do? '' UNION ALL SELECT 1,LOAD_FILE('/etc/passwd'),3 ;
BLIND SQL INJECTION No feedback/response from web application Make use of SQL functions to delay response 1. SLEEP(10); 2. BENCHMARK(1000,RAND()); Content-based Compare response based on expression
METHODOLOGY Identify (Tool or Manual) SQLMap Attack
ADVANCED SQL INJECTION http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sqlinjection-cheat-sheet https://www.youtube.com/watch?v=rdyqounexsg
CROSS-SITE SCRIPTING (XSS)
CROSS-SITE SCRIPTING (XSS) Take advantage of unsanitised user input Leverage on HTML and Javascript Perform malicious activities on behalf of the user
DANGERS OF XSS ATTACKS Deface websites Steal cookie(s) Hijack sessions Perform malicious script(s)
XSS DETECTION Enter common HTML tags into input field <script>alert( hello )</script> <img src= SomeImage.jpg > <iframe src= SomeWebsiteThatHasMaliciousScripts >
TYPES OF XSS ATTACKS Persistent XSS Reflected XSS
PERSISTENT XSS XSS attack is executed on a persistent storage Forum post Database
REFLECTED XSS http://example.com/index.php?user=<script>alert( XSS Test )</script> HTTP Response contains a browser executable code Affects people who accesses the malicious link or web page
SESSION HIJACKING I.Identify XSS vectors II.Get cookies III.Load admin s cookies IV.Escalate privileges <script>alert(document.cookie)</script> javascript:void(document.cookie= cookie_here )
ADVANCED XSS TECHNIQUES <IMG SRC=javascript:ale&# x72t('XSS')> XSS Obfuscation to defeat common filters Malformed tags Default SRC tag OnError Alert Many others (Visit link below) https://www.owasp.org/index.php/xss_filter_evasion_cheat_sheet
PREVENTING XSS ATTACKS Sanitise user s input and output Enable HttpOnly cookies flag Disable Trace Request Avoid opening shady URL and e-mail
QUESTION AND ANSWERS