Scribd Logo
Upload

Welcome to Scribd!

  • Implementing SQL Injection Attack: - By: Saravpreet

    Uploaded by

    Rahul Puri
    9 views12 pages
    SQL injection is a code injection attack where malicious SQL statements are inserted into an entry field for execution behind the scenes. There are two types: first-order injection where the attack happens immediately, and second-order injection where the attack occurs later when stored input is retrieved. Successful SQL injections can allow attackers to extract and manipulate data, bypass authentication, and escalate privileges.

    Original Description:

    Original Title

    30

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    SQL injection is a code injection attack where malicious SQL statements are inserted into an entry field for execution behind the scenes. There are two types: first-order injection where the attack happens immediately, and second-order injection where the attack occurs later when stored input is retrieved. Successful SQL injections can allow attackers to extract and manipulate data, bypass authentication, and escalate privileges.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views12 pages

    Implementing SQL Injection Attack: - By: Saravpreet

    Uploaded by

    Rahul Puri
    SQL injection is a code injection attack where malicious SQL statements are inserted into an entry field for execution behind the scenes. There are two types: first-order injection where the attack happens immediately, and second-order injection where the attack occurs later when stored input is retrieved. Successful SQL injections can allow attackers to extract and manipulate data, bypass authentication, and escalate privileges.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 12

    Implementing SQL Injection Attack

    By: Saravpreet

    What is SQL injection?


    A class of code-injection attacks, in which data provided by the user is included in an SQL query in such a way that part of the users input is treated as SQL code

    Example of SQL injection

    The most critical Web application security risk (OWASP)

    Two important characteristics:


    Injection mechanism(implementation) Attack intent

    Injection through user input Injection through cookies Injection through server variables Second-order injection

    First-order injection

    The application processes the input, causing the attackers injected SQL query to execute.

    The application stores that input for future use (usually in the database), and responds to the request. The attacker submits a second (different) request. To handle the second request, the application retrieves the stored input and processes it, causing the attackers injected SQL query to execute.

    First-order injection

    Second-order injection
    7

    Example

    Identifying injectable parameters Performing database finger-printing Determining database schema Extracting data Adding or modifying data

    Performing denial of service Evading detection Bypassing authentication Executing remote commands Performing privilege escalation

    10

    Performing denial of service Evading detection Bypassing authentication Executing remote commands Performing privilege escalation

    11

    You might also like