Scribd
Upload
14 views27 pages

Topic 6b - SQL Injection

SQL Injection is a technique where attackers insert SQL commands into input fields to manipulate databases, potentially leading to data theft or complete system compromise. The document outlines the implications of SQL injection, including information leakage and unauthorized database control, and provides examples of how such attacks can be executed. It also emphasizes the importance of input validation, avoiding dynamic queries, and using parameterized queries or stored procedures to mitigate these vulnerabilities.

Uploaded by

otienosamuel12831
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
14 views27 pages

Topic 6b - SQL Injection

SQL Injection is a technique where attackers insert SQL commands into input fields to manipulate databases, potentially leading to data theft or complete system compromise. The document outlines the implications of SQL injection, including information leakage and unauthorized database control, and provides examples of how such attacks can be executed. It also emphasizes the importance of input validation, avoiding dynamic queries, and using parameterized queries or stored procedures to mitigate these vulnerabilities.

Uploaded by

otienosamuel12831
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 27

SQL Injection : Database

Vulnerability Testing
By

Paul Mutinda,

1
What is SQL Injection
 Involves Inserting SQL commands into the URL gets the
database server to dump, alter, delete, or create
information in the database.
 SQL injection involves an attacker appending SQL database
commands within an input field – form or URL
 If the web application code does not filter (sanitize) the
input, SQL commands could be executed on the web server,
allowing an attacker to bypass network security, and
directly interrogate the back-end database.
 With SQL injection, an attacker is able to return and steal
tables of information, make changes to records, or even
delete the entire database.
3
SQL Injection:What are the implications

4
SQL Injection -What are the implications

 Information leakage through DB error messages


 Data extracted from your DB
 Take complete control your DB (insert data, delete tables, and so on)
 Execute commands on your system
 Complete system compromise
6
7
Input Form Based SQL Injection

8
9
10
Example : www.altoromutual.com/login.jsp
- First login with no username and password, the form responds requesting
to input valid username

11
Example : www.altoromutual.com/login.jsp
- Next login with any username and no password, the form responds requesting to input valid
password

12
Example : www.altoromutual.com/login.jsp
- Next login with any username and any password, the form responds Login Failed

13
Example : www.altoromutual.com/login.jsp
- Next perform SQL injection on username field using statement : ‘ OR 1=1--
insert any password to bypass ‘Value required’ validation, then login

14
Example: Results to Successful log in
URL/Error Based SQL
Injection
 This uses dynamic IDs to exploit the web application
through parameter tempering

16
17
18
Example : Extracting information through error messages
- First identify vulnerable URLs with dynamic ids using syntax: .php?id=

19
Example : Extracting information through error messages
- Replace the id=1 with a string id=test, then press ENTER

20
Example : Extracting information through error messages
- Note the error message – Database server information is given as MySQL

21
Example 2 : Extracting information through error messages
- Perform parameter tempering by adding id=115’ then press ENTER

22
Example 2 : Extracting information through error messages
- Note the syntax showing the directory path to the root directory (/home)

23
Example 3: Extracting information through error messages
- Database Name, table name and columns information
discovered

24
Next Use Sqlmap to exploit
the dynamic ID vulnerability

25
Fixing SQL Injection
 Input validation

 As often as possible, only accept known good values,


rather than sanitizing
 Never use dynamic queries
 Use parameterized query APIs

 These APIs encode the user input, and make sure that
it doesn’t break the SQL statements
 Use stored procedures

 They are generally safe from SQL Injection


 End

You might also like