SlideShare une entreprise Scribd logo

Web Security: SQL Injection

V
Vortana Say

SQL Injection is a dangerous vulnerability. The transformation from a normal SQL to a malicious query. The successful SQL injection attack can lead to unauthorized access, change or delete data, and theft of information. Do not take SQL injection for granted.

Technologie
1  sur  40
Web Security: SQL Injection Professor : Dr. Eduard Babulak Students : Vortana SAY Budi Chandra Stephane Moluh 1 Maharishi University of Management Department of Computer Science Computer Professional Program Computer Security: CS466 February Entry, 2015
Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 2
Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 3
Objective of the project 4 •Provide the overview of SQL Injection. •Examine various technical implementations of the SQL injection. •Countermeasures against the SQL injection. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Introduction to SQL injection 5 • SQL Injection is an attack where the user supplies input in order to construct SQL request that will retrieve information from Database [1]. • SQL injection is an attack in which the SQL code is inserted or appended into application, or user input parameters that are later passed to a back-end SQL server for parsing and execution [2]. • SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution [3]. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Introduction to SQL injection 6 SQL Injection attack illustrate [4] 3 Attacker sends data containing SQL fragments Attacker enters SQL fragments into a web page that uses input in a query 1 Attacker views unauthorized data Custom Code Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus.Functions Database 2 Application sends modified query to database, which executes it Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Introduction to SQL injection 7 • Vulnerability detection on web application • Everything between the <FORM> and </FORM> have potential parameters that might be useful [5]. • Try to look especially for URL that takes parameters, like: GET method, i.e.: http://test/index.php?id=10 [2]. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Introduction to SQL injection 8 • Vulnerability detection on web application (Cont’) • POST parameters can be injected using a traffic manipulation tool or web browser plug-in [2]. • Using blind SQL injection to inject and analyse the error message from database if any. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Introduction to SQL injection 9 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices Consequences [6] Confidentiality SQL databases generally contains sensitive data, so loss of confidentiality is a big problem. Authentication If poor SQL commands are used to check user names and passwords, authentication can be compromised. Authorization If authorization information is held in a SQL database, it can be exploited. Integrity SQL Injection attack can change or delete data.
Introduction to SQL injection 10 • Examples [7] COMPANY DATE RESULTS Mapp.nl (Online store) 2015 157,000 email addresses and passwords were stolen US Federal (Army, NASA, ...) 2013 More than 100,000 user information Yahoo 2012 450,000 plain text passwords Ingenicard 2012 estimated financial fraud losses $9 million Global Payments 2011 950,000 card numbers stolen estimated loss $92.7 million Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 11
Architecture of the simulation system 12 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Architecture of the simulation system 13 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 14
Choice of Technologies 15 Web Server LAMP (Linux, Apache, MySQL, PHP) Web Client side HTML (Hyper Text Markup Language) CSS (Cascading Style Sheets) Bootstrap Server side PHP Tools Web browser: Firefox Integrated Development Environment (IDE): Netbeans OS Ubuntu 14.10 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
SQL injection attacks 16 1. Incorrectly filtered escape characters 2. Incorrect type handling 3. Second Order SQL Injection 4. Blind SQL Injection Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
SELECT id FROM users WHERE username = ‘$_GET[usrname]’ AND password = ‘$_GET[psw]’; SELECT id FROM users WHERE username = ‘’OR ‘1’ = ‘1’ AND password = ‘’OR ‘1’ = ‘1’; SQL injection attacks 17 1. Incorrectly filtered escape characters • When the user input is not filter for escape characters Example: SQL Injection SQL Injection Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
SQL injection attacks 18 2. Incorrect type handling • When an input is not appropriately typed or is not checked for type constraints. Example: Query: “SELECT * FROM usersInfo WHERE id= ”.$_GET[“var_number_id”].“;” SQL Injection: 1;DROP TABLE users Interpreted query: SELECT * FROM usersInfo WHERE id=1;DROP TABLE users; SQL Injection Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
SQL injection attacks 19 3. Second Order SQL Injection • When the submitted values contain SQL injection are stored in database (not yet executed immediately). • Normally developer trust the data from database. • SQL injection retrieve from database might be executed by another part of that application without controls to protect against SQL injection. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
SQL injection attacks 20 4. Blind SQL Injection • When the web application is vulnerable to an SQL injection, but the results of the injection are not known to the attacker. • No output from verbose database error messages or in-band data concatenation. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
SQL injection attacks 21 4. Blind SQL Injection (Cont’) Introduction ConclusionArchitecture of the simulation system Implementation Best Practices • Slight changes are visible in the resulting page.Partially • they do not produce difference in output so, it is harder to determine if an injection does take place. Totally
SQL injection attacks 22 3. Blind SQL Injection (Cont’) • SQLMap is an open source testing tool • Automates the process of detecting and exploiting SQL injection flaws • Taking over of database servers Introduction ConclusionArchitecture of the simulation system Implementation Best Practices SQLMap tool [8]
23 Demonstration Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
SQL Injection countermeasures 24 1. Hexadecimal Conversion 2. Database permission 3. Pattern check 4. Escaping 5. Parameterized statements Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
SQL injection countermeasures 25 1. Hexadecimal Conversion PHP Functions: • DECHEX — Decimal to hexadecimal [9]. • BIN2HEX — Convert any other type of variable into hex [9]. MySQL Function: • UNHEX — Return a string containing hex representation of a number [10]. Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example "SELECT * FROM user WHERE `usrname`= UNHEX(".bin2hex($userInput).")";
SQL injection countermeasures 26 2. Securing Database • Well-defined user role membership and provide only needed privileged • Segregated (separate) Database login • Revoke public permission • Use strong cryptography to protect stored sensitive data Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
SQL injection countermeasures 27 3. Pattern check: Input validation using regular expression • Whitelist the practice of only accepting input that is known to be good • Blacklisting the practice of only rejecting input that is known to be bad Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
SQL injection countermeasures 28 3. Pattern check: Input validation using regular expression • Whitelist (points should be considered) • Known value • Data type • Data size • Data range • Data content Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example for data content: US Zip code: ^d{5}(-d{4})?$
SQL injection countermeasures 29 3. Pattern check: Input validation using regular expression • Blacklisting Reject input that contains malicious content Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example of known bad character, string or pattern: [(' OR)|('(''|[^'])*')|(;)|((ALTER|CREATE|DELETE|DROP|EXEC(UTE){0,1}|INSERT( +INTO){0,1}|MERGE|SELECT|UPDATE|UNION( +ALL){0,1}))]
SQL injection countermeasures 30 4. Escaping Escape characters that have special meaning in SQL. Example of forming a valid SQL string literal: • A single quote (‘) in a parameter two single quotes (‘’) • Escaped using back slash(’) Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
SQL injection countermeasures 31 5. Parameterized statements • Differentiate between SQL statements and data. • Used parameters which act exactly like a placeholders or bind variables. • Website only send the data to replace the placeholders. Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example: if (!($stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)"))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; }
32 Demonstration Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 33
Best Practices 34 1. Code-level defenses • Data sanitization • Data validation • Trust no one (data from either users or database) 2. Platform-level defenses • Secure database • Change password of the super users regularly • Web Application Firewall Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 35
Conclusion 36 • SQL Injection is a dangerous vulnerability • Transform a normal SQL calls to a malicious calls • Leads to unauthorized access, change or delete data and data stolen • All programming languages and all SQL databases are potentially vulnerable • Do not take SQL injection for granted !! Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
REFERENCES 37 [1] William Stalling, Computer Security Principles and Practice. United State of America: Pearson Education, 2012, 364. [2] Justin Clarke, SQL Injection Attacks and Defense. United State of America: Elsevier, 2012, 22. [3] [online] 2000, http://en.wikipedia.org/wiki/SQL_injection (Accessed: 15 April 2015). [4] M. Morana, “OWASP Top And Insecure Software Root Causes," [online] 2008, http://fr.slideshare.net/marco_morana/owasp-top-10- and-insecure-software-root-causes-presentation (Accessed: 20 April 2015).
REFERENCES 38 [5] [online] 2002, http://www.securiteam.com/securityreviews/5DP0N1P76E.h tml (Accessed: 20 April 2015). [6] [online] 2014, https://www.owasp.org/index.php/SQL_Injection (Accessed: 14 April 2015). [7] Ranger78, “SQL INJECTION HALL OF SHAME" [online], http://codecurmudgeon.com/wp/sql-injection-hall-of-shame/ (Accessed: 20 April 2015).
REFERENCES 39 [8] [online] 2006-2015, http://sqlmap.org/ (Accessed: 20 April 2015). [9] [online] 2001-2015, http://php.net/manual/en/index.php (Accessed: 20 April 2015). [10] [online] 2015, https://dev.mysql.com/doc/refman/5.0/en/string- functions.html (Accessed: 20 April 2015).
Thank for your attention Q & A 40

Recommandé

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
Sanad Bhowmik
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 

Recommandé

Ppt on sql injection
Ppt on sql injectionPpt on sql injection
Ppt on sql injection
ashish20012
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
RajKumar Rampelli
 
Sql injection
Sql injectionSql injection
Sql injection
Hemendra Kumar
 
SQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint PresentationSQL Injections - A Powerpoint Presentation
SQL Injections - A Powerpoint Presentation
Rapid Purple
 
Sql injection
Sql injectionSql injection
Sql injection
Pallavi Biswas
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Anoop T
 
Sql injection in cybersecurity
Sql injection in cybersecuritySql injection in cybersecurity
Sql injection in cybersecurity
Sanad Bhowmik
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
Mentorcs
 
Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
helloanand
 
Sql injection
Sql injectionSql injection
Sql injection
Zidh
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
Raghav Bisht
 
Sql injection
Sql injectionSql injection
Sql injection
Nikunj Dhameliya
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
Asish Kumar Rath
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
Prateek Chauhan
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
Eguardian Global Services
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
n|u - The Open Security Community
 
Sql injection
Sql injectionSql injection
Sql injection
Nitish Kumar
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
CAS
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
Umesh Mahawar
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
Sql injection
Sql injectionSql injection
Sql injection
Sasha-Leigh Garret
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
SongchaiDuangpan
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
Adhoura Academy
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
Jawhar Ali
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
Sandip Chaudhari
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
Abu Sadat Mohammed Yasin
 
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfDEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
James Arlen
 
Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-with
Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-withDefcon 22-anton-sapozhnikov-acquire-current-user-hashes-with
Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-with
Priyanka Aash
 

Contenu connexe

Tendances

A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
Sina Manavi
 

Tendances (20)

Sql Injection attacks and prevention
Sql Injection attacks and preventionSql Injection attacks and prevention
Sql Injection attacks and prevention
 
Sql injection
Sql injectionSql injection
Sql injection
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attack
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection
SQL InjectionSQL Injection
SQL Injection
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
SQL Injections (Part 1)
SQL Injections (Part 1)SQL Injections (Part 1)
SQL Injections (Part 1)
 
Sql injection
Sql injectionSql injection
Sql injection
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Sql injection
Sql injectionSql injection
Sql injection
 
A Brief Introduction in SQL Injection
A Brief Introduction in SQL InjectionA Brief Introduction in SQL Injection
A Brief Introduction in SQL Injection
 
SQL injection prevention techniques
SQL injection prevention techniquesSQL injection prevention techniques
SQL injection prevention techniques
 
SQL Injection
SQL Injection SQL Injection
SQL Injection
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Sql Injection - Vulnerability and Security
Sql Injection - Vulnerability and SecuritySql Injection - Vulnerability and Security
Sql Injection - Vulnerability and Security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 

En vedette

DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfDEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
James Arlen
 
Optical fiber communiction system
Optical fiber communiction systemOptical fiber communiction system
Optical fiber communiction system
rahulohlan14
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
Imperva
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
Ahmed AbdelSatar
 
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
Haitham Raik
 
Communication progress ltd Startup Grind Tirana Albania
Communication progress ltd Startup Grind Tirana AlbaniaCommunication progress ltd Startup Grind Tirana Albania
Communication progress ltd Startup Grind Tirana Albania
Communication Progress
 

En vedette (20)

DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing YourselfDEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
DEFCON17 - Your Mind: Legal Status, Rights and Securing Yourself
 
Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-with
Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-withDefcon 22-anton-sapozhnikov-acquire-current-user-hashes-with
Defcon 22-anton-sapozhnikov-acquire-current-user-hashes-with
 
Defcon 22-quaddi-r3plicant-hefley-hacking-911
Defcon 22-quaddi-r3plicant-hefley-hacking-911Defcon 22-quaddi-r3plicant-hefley-hacking-911
Defcon 22-quaddi-r3plicant-hefley-hacking-911
 
SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1SQL injection: Not only AND 1=1
SQL injection: Not only AND 1=1
 
16 Tenses In English
16 Tenses In English16 Tenses In English
16 Tenses In English
 
Management vs. Leadership - Linked 2 Leadership
Management vs. Leadership - Linked 2 LeadershipManagement vs. Leadership - Linked 2 Leadership
Management vs. Leadership - Linked 2 Leadership
 
Professional basic selling skills
Professional basic selling skillsProfessional basic selling skills
Professional basic selling skills
 
Optical fiber communiction system
Optical fiber communiction systemOptical fiber communiction system
Optical fiber communiction system
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
 
An Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection AttackAn Anatomy of a SQL Injection Attack
An Anatomy of a SQL Injection Attack
 
Web Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data ValidationWeb Application Security 101 - 14 Data Validation
Web Application Security 101 - 14 Data Validation
 
Cryptoghaphy
CryptoghaphyCryptoghaphy
Cryptoghaphy
 
Defcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injectionDefcon 17-joseph mccray-adv-sql_injection
Defcon 17-joseph mccray-adv-sql_injection
 
Sql injection - security testing
Sql injection - security testingSql injection - security testing
Sql injection - security testing
 
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
 
Communication progress ltd Startup Grind Tirana Albania
Communication progress ltd Startup Grind Tirana AlbaniaCommunication progress ltd Startup Grind Tirana Albania
Communication progress ltd Startup Grind Tirana Albania
 
Flamuri shqiptar
Flamuri shqiptarFlamuri shqiptar
Flamuri shqiptar
 
Advanced SQL Injection
Advanced SQL InjectionAdvanced SQL Injection
Advanced SQL Injection
 
D:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql InjectionD:\Technical\Ppt\Sql Injection
D:\Technical\Ppt\Sql Injection
 
Albanian flag
Albanian flagAlbanian flag
Albanian flag
 

Similaire à Web Security: SQL Injection

Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection Attack
IJRESJOURNAL
 

Similaire à Web Security: SQL Injection (20)

Web security
Web securityWeb security
Web security
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
 
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
 
Security testing
Security testingSecurity testing
Security testing
 
SQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptxSQL INJECTION ATTACKS.pptx
SQL INJECTION ATTACKS.pptx
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
SQLi for Security Champions
SQLi for Security ChampionsSQLi for Security Champions
SQLi for Security Champions
 
Practical Approach towards SQLi ppt
Practical Approach towards SQLi pptPractical Approach towards SQLi ppt
Practical Approach towards SQLi ppt
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection Attack
 
E017131924
E017131924E017131924
E017131924
 
SQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive AlgorithmSQL Injection Prevention by Adaptive Algorithm
SQL Injection Prevention by Adaptive Algorithm
 
ASP.NET MVC Best Practices malisa ncube
ASP.NET MVC Best Practices malisa ncubeASP.NET MVC Best Practices malisa ncube
ASP.NET MVC Best Practices malisa ncube
 
Addressing Security Regression Through Unit Testing
Addressing Security Regression Through Unit TestingAddressing Security Regression Through Unit Testing
Addressing Security Regression Through Unit Testing
 
System verilog important
System verilog importantSystem verilog important
System verilog important
 
Session 41 - Struts 2 Introduction
Session 41 - Struts 2 IntroductionSession 41 - Struts 2 Introduction
Session 41 - Struts 2 Introduction
 
Introduction to Spring Framework
Introduction to Spring Framework Introduction to Spring Framework
Introduction to Spring Framework
 
Web application vulnerability assessment
Web application vulnerability assessmentWeb application vulnerability assessment
Web application vulnerability assessment
 
Overview on SQL Injection Attacks
Overview on SQL Injection AttacksOverview on SQL Injection Attacks
Overview on SQL Injection Attacks
 
Ijcatr04041018
Ijcatr04041018Ijcatr04041018
Ijcatr04041018
 
Parallel verification of software architecture design
Parallel verification of software architecture designParallel verification of software architecture design
Parallel verification of software architecture design
 

Dernier

Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 

Dernier (20)

Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 

Web Security: SQL Injection

  • 1. Web Security: SQL Injection Professor : Dr. Eduard Babulak Students : Vortana SAY Budi Chandra Stephane Moluh 1 Maharishi University of Management Department of Computer Science Computer Professional Program Computer Security: CS466 February Entry, 2015
  • 2. Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 2
  • 3. Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 3
  • 4. Objective of the project 4 •Provide the overview of SQL Injection. •Examine various technical implementations of the SQL injection. •Countermeasures against the SQL injection. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 5. Introduction to SQL injection 5 • SQL Injection is an attack where the user supplies input in order to construct SQL request that will retrieve information from Database [1]. • SQL injection is an attack in which the SQL code is inserted or appended into application, or user input parameters that are later passed to a back-end SQL server for parsing and execution [2]. • SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution [3]. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 6. Introduction to SQL injection 6 SQL Injection attack illustrate [4] 3 Attacker sends data containing SQL fragments Attacker enters SQL fragments into a web page that uses input in a query 1 Attacker views unauthorized data Custom Code Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus.Functions Database 2 Application sends modified query to database, which executes it Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 7. Introduction to SQL injection 7 • Vulnerability detection on web application • Everything between the <FORM> and </FORM> have potential parameters that might be useful [5]. • Try to look especially for URL that takes parameters, like: GET method, i.e.: http://test/index.php?id=10 [2]. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 8. Introduction to SQL injection 8 • Vulnerability detection on web application (Cont’) • POST parameters can be injected using a traffic manipulation tool or web browser plug-in [2]. • Using blind SQL injection to inject and analyse the error message from database if any. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 9. Introduction to SQL injection 9 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices Consequences [6] Confidentiality SQL databases generally contains sensitive data, so loss of confidentiality is a big problem. Authentication If poor SQL commands are used to check user names and passwords, authentication can be compromised. Authorization If authorization information is held in a SQL database, it can be exploited. Integrity SQL Injection attack can change or delete data.
  • 10. Introduction to SQL injection 10 • Examples [7] COMPANY DATE RESULTS Mapp.nl (Online store) 2015 157,000 email addresses and passwords were stolen US Federal (Army, NASA, ...) 2013 More than 100,000 user information Yahoo 2012 450,000 plain text passwords Ingenicard 2012 estimated financial fraud losses $9 million Global Payments 2011 950,000 card numbers stolen estimated loss $92.7 million Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 11. Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 11
  • 12. Architecture of the simulation system 12 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 13. Architecture of the simulation system 13 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 14. Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 14
  • 15. Choice of Technologies 15 Web Server LAMP (Linux, Apache, MySQL, PHP) Web Client side HTML (Hyper Text Markup Language) CSS (Cascading Style Sheets) Bootstrap Server side PHP Tools Web browser: Firefox Integrated Development Environment (IDE): Netbeans OS Ubuntu 14.10 Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 16. SQL injection attacks 16 1. Incorrectly filtered escape characters 2. Incorrect type handling 3. Second Order SQL Injection 4. Blind SQL Injection Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 17. SELECT id FROM users WHERE username = ‘$_GET[usrname]’ AND password = ‘$_GET[psw]’; SELECT id FROM users WHERE username = ‘’OR ‘1’ = ‘1’ AND password = ‘’OR ‘1’ = ‘1’; SQL injection attacks 17 1. Incorrectly filtered escape characters • When the user input is not filter for escape characters Example: SQL Injection SQL Injection Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 18. SQL injection attacks 18 2. Incorrect type handling • When an input is not appropriately typed or is not checked for type constraints. Example: Query: “SELECT * FROM usersInfo WHERE id= ”.$_GET[“var_number_id”].“;” SQL Injection: 1;DROP TABLE users Interpreted query: SELECT * FROM usersInfo WHERE id=1;DROP TABLE users; SQL Injection Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 19. SQL injection attacks 19 3. Second Order SQL Injection • When the submitted values contain SQL injection are stored in database (not yet executed immediately). • Normally developer trust the data from database. • SQL injection retrieve from database might be executed by another part of that application without controls to protect against SQL injection. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 20. SQL injection attacks 20 4. Blind SQL Injection • When the web application is vulnerable to an SQL injection, but the results of the injection are not known to the attacker. • No output from verbose database error messages or in-band data concatenation. Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 21. SQL injection attacks 21 4. Blind SQL Injection (Cont’) Introduction ConclusionArchitecture of the simulation system Implementation Best Practices • Slight changes are visible in the resulting page.Partially • they do not produce difference in output so, it is harder to determine if an injection does take place. Totally
  • 22. SQL injection attacks 22 3. Blind SQL Injection (Cont’) • SQLMap is an open source testing tool • Automates the process of detecting and exploiting SQL injection flaws • Taking over of database servers Introduction ConclusionArchitecture of the simulation system Implementation Best Practices SQLMap tool [8]
  • 23. 23 Demonstration Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 24. SQL Injection countermeasures 24 1. Hexadecimal Conversion 2. Database permission 3. Pattern check 4. Escaping 5. Parameterized statements Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
  • 25. SQL injection countermeasures 25 1. Hexadecimal Conversion PHP Functions: • DECHEX — Decimal to hexadecimal [9]. • BIN2HEX — Convert any other type of variable into hex [9]. MySQL Function: • UNHEX — Return a string containing hex representation of a number [10]. Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example "SELECT * FROM user WHERE `usrname`= UNHEX(".bin2hex($userInput).")";
  • 26. SQL injection countermeasures 26 2. Securing Database • Well-defined user role membership and provide only needed privileged • Segregated (separate) Database login • Revoke public permission • Use strong cryptography to protect stored sensitive data Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
  • 27. SQL injection countermeasures 27 3. Pattern check: Input validation using regular expression • Whitelist the practice of only accepting input that is known to be good • Blacklisting the practice of only rejecting input that is known to be bad Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
  • 28. SQL injection countermeasures 28 3. Pattern check: Input validation using regular expression • Whitelist (points should be considered) • Known value • Data type • Data size • Data range • Data content Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example for data content: US Zip code: ^d{5}(-d{4})?$
  • 29. SQL injection countermeasures 29 3. Pattern check: Input validation using regular expression • Blacklisting Reject input that contains malicious content Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example of known bad character, string or pattern: [(' OR)|('(''|[^'])*')|(;)|((ALTER|CREATE|DELETE|DROP|EXEC(UTE){0,1}|INSERT( +INTO){0,1}|MERGE|SELECT|UPDATE|UNION( +ALL){0,1}))]
  • 30. SQL injection countermeasures 30 4. Escaping Escape characters that have special meaning in SQL. Example of forming a valid SQL string literal: • A single quote (‘) in a parameter two single quotes (‘’) • Escaped using back slash(’) Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system
  • 31. SQL injection countermeasures 31 5. Parameterized statements • Differentiate between SQL statements and data. • Used parameters which act exactly like a placeholders or bind variables. • Website only send the data to replace the placeholders. Introduction Team and Planning ConclusionImplementationArchitecture of the simulation system Example: if (!($stmt = $mysqli->prepare("INSERT INTO test(id) VALUES (?)"))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; }
  • 32. 32 Demonstration Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 33. Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 33
  • 34. Best Practices 34 1. Code-level defenses • Data sanitization • Data validation • Trust no one (data from either users or database) 2. Platform-level defenses • Secure database • Change password of the super users regularly • Web Application Firewall Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 35. Outline 1. Introduction 1. Objective of the project 2. Introduction to SQL injection 2. Architecture of the simulation system 3. Implementation 1. Choice of the technologies 2. SQL injection attacks 3. Demonstration 4. SQL injection countermeasures 5. Demonstration 4. Best Practices 5. Conclusion 35
  • 36. Conclusion 36 • SQL Injection is a dangerous vulnerability • Transform a normal SQL calls to a malicious calls • Leads to unauthorized access, change or delete data and data stolen • All programming languages and all SQL databases are potentially vulnerable • Do not take SQL injection for granted !! Introduction ConclusionArchitecture of the simulation system Implementation Best Practices
  • 37. REFERENCES 37 [1] William Stalling, Computer Security Principles and Practice. United State of America: Pearson Education, 2012, 364. [2] Justin Clarke, SQL Injection Attacks and Defense. United State of America: Elsevier, 2012, 22. [3] [online] 2000, http://en.wikipedia.org/wiki/SQL_injection (Accessed: 15 April 2015). [4] M. Morana, “OWASP Top And Insecure Software Root Causes," [online] 2008, http://fr.slideshare.net/marco_morana/owasp-top-10- and-insecure-software-root-causes-presentation (Accessed: 20 April 2015).
  • 38. REFERENCES 38 [5] [online] 2002, http://www.securiteam.com/securityreviews/5DP0N1P76E.h tml (Accessed: 20 April 2015). [6] [online] 2014, https://www.owasp.org/index.php/SQL_Injection (Accessed: 14 April 2015). [7] Ranger78, “SQL INJECTION HALL OF SHAME" [online], http://codecurmudgeon.com/wp/sql-injection-hall-of-shame/ (Accessed: 20 April 2015).
  • 39. REFERENCES 39 [8] [online] 2006-2015, http://sqlmap.org/ (Accessed: 20 April 2015). [9] [online] 2001-2015, http://php.net/manual/en/index.php (Accessed: 20 April 2015). [10] [online] 2015, https://dev.mysql.com/doc/refman/5.0/en/string- functions.html (Accessed: 20 April 2015).
  • 40. Thank for your attention Q & A 40

Notes de l'éditeur

  1. http://me5145.blogspot.com/2014_09_01_archive.html
  2. Partially Blind Injections In the resulting page slight changes are visible, for example, one can be redirected to the main page when the injection is unfruitful, whereas the fruitful one will return a blank page. Totally Blind Injections As for the totally one, they do not produce difference in output of any kind. Hence, it is harder to determine whether an injection does take place. Conditional Responses The logical statement is evaluated by the database, on the side of the attacker
  3. Partially Blind Injections In the resulting page slight changes are visible, for example, one can be redirected to the main page when the injection is unfruitful, whereas the fruitful one will return a blank page. Totally Blind Injections As for the totally one, they do not produce difference in output of any kind. Hence, it is harder to determine whether an injection does take place. Conditional Responses The logical statement is evaluated by the database, on the side of the attacker
  4. Every database server platform has a default role to which every login belongs, usually called the public role, which has a default set of permissions that includes access to system objects.
  5. ^\d{5} Match exactly five numeric digits at the start of the string. (–\d{4})? Match the dash character plus exactly four digits either once (present) or not at all (not present). $ This would appear at the end of the string. If there is additional content at the end of the string, the regular expression will not match.
  6. This commonly involves rejecting input that contains content that is specifically known to be malicious by looking through the content for a number of “known bad” characters, strings, or patterns.