SlideShare une entreprise Scribd logo

Advanced SQL Injection

A
amiable_indian

Victor Chapela

Technologie
1  sur  93
Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
What is SQL? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL is a Standard - but... ,[object Object],[object Object],[object Object]
SQL Database Tables ,[object Object],[object Object],[object Object],dthompson dthompson Thompson Daniel 3 qwerty adamt Taylor Adam 2 hello jsmith Smith John 1 Password Login LastName Name userID
SQL Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Manipulation Language (DML) ,[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Data Definition Language (DDL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Metadata ,[object Object],[object Object],[object Object],[object Object],[object Object]
What is SQL Injection? ,[object Object]
How common is it? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Vulnerable Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
How does SQL Injection work? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting through Strings ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
The power of ' ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
If it were numeric? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Injecting Numeric Fields ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection Characters ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Methodology
SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
Discovery of Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
2) Information Gathering ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
a) Exploring Output Mechanisms ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting information through Error Messages ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Blind Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
b) Understanding the Query ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SELECT Statement ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
UPDATE statement ,[object Object],[object Object],[object Object],[object Object],[object Object]
Determining a SELECT Query Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Is it a stored procedure? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Tricky Queries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
c) Determine Database Engine Type ,[object Object],[object Object],[object Object],[object Object],[object Object]
Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
d) Finding out user privilege level ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DB Administrators ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Discover DB structure ,[object Object],[object Object],[object Object],[object Object],[object Object]
Enumerating table columns in different DBs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
All tables and columns in one query ,[object Object]
Database Enumeration ,[object Object],[object Object],[object Object],[object Object],[object Object]
System Tables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
Password grabbing ,[object Object],[object Object],[object Object],[object Object]
Create DB Accounts ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Grabbing MS SQL Server Hashes ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What do we do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Extracting SQL Hashes ,[object Object],[object Object]
Extract hashes through error messages ,[object Object],[object Object],[object Object],[object Object],[object Object]
Brute forcing Passwords ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Transfer DB structure and data ,[object Object],[object Object],[object Object],[object Object],[object Object]
Create Identical DB Structure ,[object Object],[object Object],[object Object]
Transfer DB ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
Interacting with the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MS SQL OS Interaction ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Architecture ,[object Object],[object Object],[object Object],Web Server Web Page Access Database Server Injected SQL Execution! Application Server Input Validation Flaw
Assessing Network Connectivity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Gathering IP information through reverse lookups ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Network Reconnaissance Full Query ,[object Object],[object Object],[object Object],[object Object],[object Object]
6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Jumping to the OS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using ActiveX Automation Scripts ,[object Object],[object Object]
Retrieving VNC Password from Registry ,[object Object],[object Object]
7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
Hopping into other DB Servers ,[object Object],[object Object],[object Object],[object Object]
Linked Servers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Executing through stored procedures remotely ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Uploading files through reverse connection ,[object Object],[object Object],[object Object],[object Object]
Uploading files through SQL Injection ,[object Object],[object Object],[object Object]
Example of SQL injection file uploading ,[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion Techniques
Evasion Techniques ,[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Evasion and Circumvention ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL Input Validation Circumvention using Char() ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using white spaces ,[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using comments ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS Signature Evasion using string concatenation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IDS and Input Validation Evasion using variables ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Defending Against SQL Injection
SQL Injection Defense ,[object Object],[object Object],[object Object],[object Object],[object Object]
Strong Design ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Input Validation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Harden the Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Detection and Dissuasion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Conclusion ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Links ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Advanced SQL Injection Victor Chapela [email_address]

Recommandé

Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 

Recommandé

Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
Sql injection
Sql injectionSql injection
Sql injection
Mehul Boghra
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
Dmitry Evteev
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
Krzysztof Kotowicz
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
amiable_indian
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
Napendra Singh
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprise
n|u - The Open Security Community
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
Karwin Software Solutions LLC
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
Anurag Srivastava
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
Respa Peter
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Offensive PowerShell Cheat Sheet
Offensive PowerShell Cheat SheetOffensive PowerShell Cheat Sheet
Offensive PowerShell Cheat Sheet
Rahmat Nurfauzi
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
 
Xss (cross site scripting)
Xss (cross site scripting)Xss (cross site scripting)
Xss (cross site scripting)
vinayh.vaghamshi _
 
SQL injection
SQL injectionSQL injection
SQL injection
Raj Parmar
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
Bernardo Damele A. G.
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
Bernardo Damele A. G.
 

Contenu connexe

Tendances

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 

Tendances (20)

Sql injection
Sql injectionSql injection
Sql injection
 
Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
 
SQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developersSQL Injection: complete walkthrough (not only) for PHP developers
SQL Injection: complete walkthrough (not only) for PHP developers
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Advanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection ProtectionAdvanced Topics On Sql Injection Protection
Advanced Topics On Sql Injection Protection
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
Sql Injection 0wning Enterprise
Sql Injection 0wning EnterpriseSql Injection 0wning Enterprise
Sql Injection 0wning Enterprise
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
Sql injection
Sql injectionSql injection
Sql injection
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
Types of sql injection attacks
Types of sql injection attacksTypes of sql injection attacks
Types of sql injection attacks
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Offensive PowerShell Cheat Sheet
Offensive PowerShell Cheat SheetOffensive PowerShell Cheat Sheet
Offensive PowerShell Cheat Sheet
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
Xss (cross site scripting)
Xss (cross site scripting)Xss (cross site scripting)
Xss (cross site scripting)
 
SQL injection
SQL injectionSQL injection
SQL injection
 

En vedette

Advanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variablesAdvanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variables
DefCamp
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
Imperva
 

En vedette (16)

SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)SQL injection: Not Only AND 1=1 (updated)
SQL injection: Not Only AND 1=1 (updated)
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
 
SQL injection exploitation internals
SQL injection exploitation internalsSQL injection exploitation internals
SQL injection exploitation internals
 
Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks Advanced SQL Injection: Attacks
Advanced SQL Injection: Attacks
 
Sql injection with sqlmap
Sql injection with sqlmapSql injection with sqlmap
Sql injection with sqlmap
 
Advanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variablesAdvanced data mining in my sql injections using subqueries and custom variables
Advanced data mining in my sql injections using subqueries and custom variables
 
MySQL For Oracle Developers
MySQL For Oracle DevelopersMySQL For Oracle Developers
MySQL For Oracle Developers
 
Sql injection
Sql injectionSql injection
Sql injection
 
Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)Advanced SQL injection to operating system full control (short version)
Advanced SQL injection to operating system full control (short version)
 
External XML Entities
External XML EntitiesExternal XML Entities
External XML Entities
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
 
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
 

Similaire à Advanced SQL Injection

Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
ssuserde23af
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
badhanbd
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programming
Rushdi Shams
 

Similaire à Advanced SQL Injection (20)

Advanced sql injection 2
Advanced sql injection 2Advanced sql injection 2
Advanced sql injection 2
 
Advanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).pptAdvanced_SQL_ISASasASasaASnjection (1).ppt
Advanced_SQL_ISASasASasaASnjection (1).ppt
 
Advanced sql injection
Advanced sql injectionAdvanced sql injection
Advanced sql injection
 
PHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQLPHP - Introduction to Advanced SQL
PHP - Introduction to Advanced SQL
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
Advanced sql injection 1
Advanced sql injection 1Advanced sql injection 1
Advanced sql injection 1
 
Asp
AspAsp
Asp
 
Playing With (B)Sqli
Playing With (B)SqliPlaying With (B)Sqli
Playing With (B)Sqli
 
Chapter 14 sql injection
Chapter 14 sql injectionChapter 14 sql injection
Chapter 14 sql injection
 
Oracle notes
Oracle notesOracle notes
Oracle notes
 
ORACLE PL SQL
ORACLE PL SQLORACLE PL SQL
ORACLE PL SQL
 
L9 l10 server side programming
L9 l10 server side programmingL9 l10 server side programming
L9 l10 server side programming
 
working with PHP & DB's
working with PHP & DB'sworking with PHP & DB's
working with PHP & DB's
 
References - sql injection
References - sql injection References - sql injection
References - sql injection
 
References
References References
References
 
Sql injection
Sql injectionSql injection
Sql injection
 
Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9Hacking Oracle From Web Apps 1 9
Hacking Oracle From Web Apps 1 9
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql tutorial
Sql tutorialSql tutorial
Sql tutorial
 

Plus de amiable_indian

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
amiable_indian
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
amiable_indian
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
amiable_indian
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
amiable_indian
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
amiable_indian
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
amiable_indian
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
amiable_indian
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
amiable_indian
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
amiable_indian
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
amiable_indian
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
amiable_indian
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
amiable_indian
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
amiable_indian
 

Plus de amiable_indian (20)

Phishing As Tragedy of the Commons
Phishing As Tragedy of the CommonsPhishing As Tragedy of the Commons
Phishing As Tragedy of the Commons
 
Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art Cisco IOS Attack & Defense - The State of the Art
Cisco IOS Attack & Defense - The State of the Art
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Workshop on Wireless Security
Workshop on Wireless SecurityWorkshop on Wireless Security
Workshop on Wireless Security
 
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
Insecure Implementation of Security Best Practices: of hashing, CAPTCHA's and...
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
State of Cyber Law in India
State of Cyber Law in IndiaState of Cyber Law in India
State of Cyber Law in India
 
AntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the uglyAntiSpam - Understanding the good, the bad and the ugly
AntiSpam - Understanding the good, the bad and the ugly
 
Reverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure CodingReverse Engineering v/s Secure Coding
Reverse Engineering v/s Secure Coding
 
Network Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons LearnedNetwork Vulnerability Assessments: Lessons Learned
Network Vulnerability Assessments: Lessons Learned
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 
Immune IT: Moving from Security to Immunity
Immune IT: Moving from Security to ImmunityImmune IT: Moving from Security to Immunity
Immune IT: Moving from Security to Immunity
 
Reverse Engineering for exploit writers
Reverse Engineering for exploit writersReverse Engineering for exploit writers
Reverse Engineering for exploit writers
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Web Exploit Finder Presentation
Web Exploit Finder PresentationWeb Exploit Finder Presentation
Web Exploit Finder Presentation
 
Network Security Data Visualization
Network Security Data VisualizationNetwork Security Data Visualization
Network Security Data Visualization
 
Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization Enhancing Computer Security via End-to-End Communication Visualization
Enhancing Computer Security via End-to-End Communication Visualization
 
Top Network Vulnerabilities Over Time
Top Network Vulnerabilities Over TimeTop Network Vulnerabilities Over Time
Top Network Vulnerabilities Over Time
 
What are the Business Security Metrics?
What are the Business Security Metrics? What are the Business Security Metrics?
What are the Business Security Metrics?
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

Advanced SQL Injection

  • 1. Advanced SQL Injection Victor Chapela Sm4rt Security Services [email_address] . com 4/11/2005
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 19. SQL Injection Testing Methodology 1) Input Validation 2) Info. Gathering 6) OS Cmd Prompt 7) Expand Influence 4) Extracting Data 3) 1=1 Attacks 5) OS Interaction
  • 20. 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 21.
  • 22. 2) Information Gathering 2) Info. Gathering 3) 1=1 Attacks 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 1) Input Validation
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34. Some differences TEXTPOS() InStr() InStr() InStr() LOCATE() CHARINDEX Position Yes Yes No No No Yes Cast import from export to I f null () " "+" " DB2 Call COALESCE() ' '||' ' Postgres PL/pgSQL #date# Iff ( I s null ()) " "&" " Access utf_file select into outfile / dumpfile xp_cmdshell Op Sys interaction I f null() I f null() I s null() Null replace ' '||' ' concat (" ", " ") ' '+' ' Concatenate Strings Oracle PL/SQL MySQL MS SQL T-SQL
  • 35. More differences… N N N N Y Access Y Many Y Y Y MS SQL N Y Y Y Linking DBs N N Many N Default stored procedures Y N N N* Batch Queries Y Y Y N 4.0 Y 4.1 Subselects Y Y Y Y UNION Postgres DB2 Oracle MySQL
  • 36.
  • 37.
  • 38. 3) 1=1 Attacks 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 4) Extracting Data 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44. 4) Extracting Data 4) Extracting Data 1) Input Validation 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 2) Info. Gathering 3) 1=1 Attacks
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54.
  • 55. 5) OS Interaction 5) OS Interaction 6) OS Cmd Prompt 7) Expand Influence 1) Input Validation 2) Info. Gathering 3) 1=1 Attacks 4) Extracting Data
  • 56.
  • 57.
  • 58.
  • 59.
  • 60.
  • 61.
  • 62.
  • 63.
  • 64. 6) OS Cmd Prompt 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 65.
  • 66.
  • 67.
  • 68. 7) Expand Influence 7) Expand Influence 3) 1=1 Attacks 4) Extracting Data 1) Input Validation 2) Info. Gathering 5) OS Interaction 6) OS Cmd Prompt
  • 69.
  • 70.
  • 71.
  • 72.
  • 73.
  • 74.
  • 76.
  • 77.
  • 78.
  • 79.
  • 80.
  • 81.
  • 82.
  • 83.
  • 84.
  • 86.
  • 87.
  • 88.
  • 89.
  • 90.
  • 91.
  • 92.
  • 93. Advanced SQL Injection Victor Chapela [email_address]