Upload
others
View
6
Download
0
Embed Size (px)
Citation preview
SQL is used to build and communicate with a database. The communicating sections are typically a "front end" which transmit a SQL Statement across a connection to a "back end" that having the database.
Ex: Oracle, MS SQL Server, MS Access, Ingres, DB2, Sybase, Informix, etc.
)
SELECT
UPDATE
INSERT INTO
DELETE
CREATE TABLE ALTER TABLE DROP TABLE
)
GRANT
REVOKE
COMMIT ROLL BACK
CREATE DATABASE.
CREATE TABLE.
ALTER TABLE.
DROP DATABASE.
DROP TABLE.
UPDATE.
SELECT
' or " Character string indicators
-- or # Single-line comment
/*…*/ Multiple-line comment
+ Addition, concatenate (or space in url)
|| (Double pipe) concatenate
% Wildcard attribute indicator
?Param1=foo&Param2=bar Url parameter
@variable Local variable
@@variable Global variable
‘’ “” Character string indicators
. Identifier qualifier separator
“” Quoted identifier indicators
-- Single-line comment delimiter
3) Dumping Data
2) Bypass attack 6) Expand Influence
5) RCE
1) Info. Gathering
4)OS Interaction
Output mechanism
Understand the query
Determine database type
Find out user privilege level
Determine OS interaction level
Union based injection (Parameter& Post)
Error based injection
Blind SQL injection
Single, double quote injection
Integer, Boolean
Time based
Header, Cookie based
Union based injection is merging multiple column to
identify the how many columns .
Already told how to break sql query, When We break the
query It’ll shows an error message so that we can able get
interact with db.
Web Content page with integer input in URL; id
parameter is used to code injection. That will helps to
SQLi.
It is far to be a kind of Cookie Poisoning. A SQL
injection attack consists of modification of cookies
via cookie editor will used to exploit the web app.
-ref: wikipedia
It’s a general class of web application
security vulnerability It occurs when Hypertext
Transfer Protocol (HTTP) headers are
dynamically generated based on user input.
Time-Based Blind SQL
Injection Attacks. Perform
tests by injecting time delays
It doesn’t displays any error’s but some
actions occurs on the web page
• Hashing • Different case • Bypass keyword removal filters • URL-encoding • SQL comments • String Building
• Reading and writing system files from disk
• Find passwords and configuration files
• Execute commands by overwriting initialization or configuration
files
• Direct command execution We can do anything Both are
restricted by the database's running privileges and permissions
Stored DB query
Whitelisting the query
Firewall,IDS