SQL Injection Attacks: Concepts, Tools, Techniques Cheat Sheet

by ironclad via cheatography.com/36781/cs/11566/

Descri​ption Successful Attacks May

SQL Injection is the act of inserting data into an SQL query through the Modify Database Data
input data given to an applic​ation by a client. Read Sensitive Inform​ation

Execute Operations as an Admini​strator

Causes
Recover Files Present on the Database System
Lack of input validation
Issue Commands to the Database System's OS
Usage of untrusted code

Lack of adherence to best practices Why?

Server config​uration issues

In many applic​ations, direction access to the database is the easiest
Client​-pr​ovided inform​ation used in query means of access. Thus, a simple form-based authen​tic​ation or web query
may be one step away from intera​cting with a database. With this
Structure of an SQL Query knowledge in hand, a skilled attacker could use cleverly crafted SQL
queries to gain root level access and further attack the network.
select <co​l> from <ta​ble> where <fi​eld> = <va​lue​>;

In this case: col, table, field, and value are all places where injection could Modern Injection Tools
happen.
Havij User-f​riendly GUI for automatic SQL Injection

Escaping the Intent of the Query sqlmap Open source penetr​ation testing tool

Google Advance web searches that are used to finger​print web

SELECT name, pass FROM users WHERE user_id = '" + $id + "​'";
dorks servers
Input Result
BSQL Made for Blind SQL Injection
%' or '1'='1 All names and Hacker
passwords
Mole Provide the tool with a URL and it does the rest
1' UNION SELECT 1, @@version -- - A name and
MySQL Version
Mitigation Techniques
1' UNION SELECT distin​ct(​tab​le_​sch​ema​),null All Schema
Input Validation Make sure all client​-su​pplied inform​ation is sanitized
FROM inform​ati​on_​sch​ema.tables Inform​ation
Use Separates the develo​per's SQL query from client
Parame​terized input
State of the Art - Latest Techniques
Queries
SQL Forces compro​mised server to serve the attacker's ads
Stored Store SQL queries in the database itself and only
Injection
Procedures provide sanitized input
through Ads
Whitelist Input Only accept the inform​ation you want, make sure it
Chaining of Utilizing techniques such as camel-​casing, escape
Validation doesn't affect query intent
Attacks characters and character codes to get around protec​tions
Front-​end​/Ba​ck- Don't let the applic​ation interact directly with the
Inform​ation Dumping the Inform​ation Schema to learn more about the
end Design database
Schema database
Least Privilege In the event of a compro​mise, limit the damage
Multi-Line Using multi-line comments (/**/) to bypass defensive
Comments techniques Patch Your Keep your servers up to date
Systems
Obfusc​ation Utilizing obfusc​ation to mask attacks
Logging Keep a log of all queries, preferable on a remote
SQL Union Using SQL UNION along with attacks above to mask
server
attacks

By ironclad Not published yet. Sponsored by CrosswordCheats.com

cheatography.com/ironclad/ Last updated 24th April, 2017. Learn to solve cryptic crosswords!
Page 1 of 1. http://crosswordcheats.com