Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword or section
Like this

Table Of Contents

SQL is a Standard -but
SQL Database Tables
SQL Queries
SQL Data Manipulation Language (DML)
SQL Data Definition Language (DDL)
How common is it?
Vulnerable Applications
How does SQL Injection work?
Common vulnerable login query
ASP/MS SQL Server login syntax
Injecting through Strings
formusr = ' or 1=1
Final query would look like this:
The power of '
If it were numeric?
PHP/MySQL login syntax
Injecting Numeric Fields
SQL Injection Characters
SQL Injection Testing Methodology
1) Input Validation
Discovery of Vulnerabilities
a) Exploring Output Mechanisms
Extracting information through Error
Blind Injection
b) Understanding the Query
SELECT Statement
UPDATE statement
Determining a SELECT Query Structure
Is it a stored procedure?
Tricky Queries
c) Determine Database Engine Type
Some differences
More differences
d) Finding out user privilege level
DB Administrators
3) 1=1 Attacks
Discover DB structure
' group bycolumnnameshaving 1=1 --
' union select sum(columnname)from
Enumerating table columns in different DBs
System Tables
4) Extracting Data
Password grabbing
Create DB Accounts
Grabbing MS SQL Server Hashes
What do we do?
Extracting SQL Hashes
Brute forcing Passwords
Transfer DB structure and data
Create Identical DB Structure
Transfer DB
5) OS Interaction
Interacting with the OS
MySQL OS Interaction
MS SQL OS Interaction
Assessing Network Connectivity
Gathering IP information through reverse
Network Reconnaissance
Network Reconnaissance Full Query
6) OS Cmd Prompt
Jumping to the OS
Using ActiveX Automation Scripts
Retrieving VNC Password from Registry
'; declare@out binary(8)
exec master..xp_regread
@value= @outoutput
7) Expand Influence
Hopping into other DB Servers
Linked Servers
Executing through stored procedures
Uploading files through reverse connection
Uploading files through SQL Injection
Example of SQL injection file uploading
IDS Signature Evasion
Input validation
Evasion and Circumvention
MySQL Input Validation Circumvention using
IDS Signature Evasion using white spaces
IDS Signature Evasion using comments
IDS Signature Evasion using string
IDS and Input Validation Evasion using
SQL Injection Defense
Strong Design
Input Validation
Harden the Server
Detection and Dissuasion
0 of .
Results for:
No results containing your search query
P. 1
Advanced SQL Injection 4271

Advanced SQL Injection 4271

Ratings: (0)|Views: 25|Likes:
Published by Hoàng Trọng Tú

More info:

Published by: Hoàng Trọng Tú on Jan 03, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PPT, PDF, TXT or read online from Scribd
See more
See less





You're Reading a Free Preview
Pages 4 to 7 are not shown in this preview.
You're Reading a Free Preview
Pages 11 to 40 are not shown in this preview.
You're Reading a Free Preview
Pages 44 to 93 are not shown in this preview.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->