Scribd
Upload
29 views

1.2 SQL-slides

This document discusses SQL injection attacks. It begins with an outline of topics to be covered, including a tutorial on SQL and databases, SQL injection attacks, similarities to other attacks, and countermeasures. It then provides a tutorial on SQL and databases, demonstrating queries, updates, and comments. Next, it describes how SQL injection attacks work by exploiting vulnerabilities in web applications. Examples are given of attacks that log in without a password, modify salaries, and run arbitrary SQL statements. Finally, it discusses countermeasures like encoding special characters, prepared statements, and turning code into data to prevent SQL injection attacks.

Uploaded by

Heo Quay
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
29 views

1.2 SQL-slides

This document discusses SQL injection attacks. It begins with an outline of topics to be covered, including a tutorial on SQL and databases, SQL injection attacks, similarities to other attacks, and countermeasures. It then provides a tutorial on SQL and databases, demonstrating queries, updates, and comments. Next, it describes how SQL injection attacks work by exploiting vulnerabilities in web applications. Examples are given of attacks that log in without a password, modify salaries, and run arbitrary SQL statements. Finally, it discusses countermeasures like encoding special characters, prepared statements, and turning code into data to prevent SQL injection attacks.

Uploaded by

Heo Quay
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 42

SQL Injection

Attack

SQL-slides Page 1
Outline

❖ Tutorial on SQL and Database


❖ SQL Injection Attack
❖ Similarity with Other Attacks
❖ Countermeasures (Prepared Statement)

❖ Reading: Chapter 12
❖ Lab: SQL Injection Attack Lab

SQL-slides Page 2
Web Application Architecture

Browser Web Application Server Database

SQL-slides Page 3
Lab Setup
The Labsetup/ Folder

Target website: www.seed-server.com

Add the following to /etc/hosts

SQL-slides Page 4
End

SQL-slides Page 5
Tutorial on SQL
and Database

SQL-slides Page 6
The Database Container
❖ The Database's Dockerfile

❖ The docker-compose.yml file

SQL-slides Page 7
Database Setup
❖ Log into MySQL
# mysql -u root -pdees
mysql>

❖ Display all the databases


SHOW DATABASES;

❖ Create a database

❖ Create a table

SQL-slides Page 8
❖ Insert records

SQL-slides Page 9
Query Database
❖ SELECT statement

USE test_db
SELECT * FROM mytable;

SELECT Name, Salary FROM mytable;

❖ Conditions: WHERE clause

SELECT * FROM mytable WHERE Name='Alice';

SQL-slides Page 10
SELECT * FROM mytable WHERE Name='Alice' OR Salary>8000;

❖ A special condition
SELECT * FROM mytable WHERE 1=1;

SQL-slides Page 11
Update Records
❖ The UPDATE statement

UPDATE mytable SET Salary=9999 WHERE Name='Alice';

SQL-slides Page 12
Comments
❖ Comments in SQL statement

SQL-slides Page 13
End

SQL-slides Page 14
SQL Injection
Attack

SQL-slides Page 15
How Web Application Interacts with Database
Browser

Application Server

Database

SQL-slides Page 16
Logging In Without Password 1
❖ Attack objective
Can you log into Alice's account without knowing her password?

❖ SQL statement

SQL-slides Page 17
Logging In Without Password 2
❖ Attack objective
You don't know any name, can you log into the database?

❖ SQL Statement

SQL-slides Page 18
End

SQL-slides Page 19
Modify Database

SQL-slides Page 20
Change Your Own Salary
❖ Attack objective
You are not happy with the salary that you get. You want to change your own salary?

❖ Profile-Change form and the SQL statement

SQL-slides Page 21
Change Your Own Salary
❖ Attack objective
Your boss (Ted) did not increase your salary, you want to punish him
by changing his salary to $1.

❖ Profile-Change form and the SQL statement

SQL-slides Page 22
Run an Arbitrary SQL Statement
❖ Attack objective
Use SQL injection vulnerability to run an arbitrary SQL statement?

❖ SQL Statement

SQL-slides Page 23
SQL Injection Comic Strip

(Source: https://xkcd.com/327/)

SQL-slides Page 24
End

SQL-slides Page 25
Similarity with
Other
Vulnerabilities

SQL-slides Page 26
SQL Injection and Cross-Site Scripting
❖ SQL Injection

❖ Cross-Site Scripting (JavaScript Injection)

SQL-slides Page 27
Similarity with system()
❖ Vulnerability in using system() function (Shell Script Injection)

SQL-slides Page 28
End

SQL-slides Page 29
Countermeasures

SQL-slides Page 30
Turning Code Into Data
Encoding Special Characters

❖ Apache's configuration

"magic_quotes_gpc = On" in php.ini

❖ PHP's solution: mysqli::real_escape_string()

SQL-slides Page 31
Solving the Fundamental Problem
❖ Defense against the attacks on system()

❖ Defense against the XSS attack

SQL-slides Page 32
Prepared Statements
❖ Motivation behind prepared statements

SELECT * FROM mytable WHERE name='Alice' OR age>20;


SELECT * FROM mytable WHERE name='Bob' OR age>30;
SELECT * FROM mytable WHERE name='Charlie' OR age>40;

❖ Using prepared statements

SQL-slides Page 33
SQL-slides Page 34
Defense Using Prepared Statement
❖ The vulnerable approach

❖ Using prepared statement

SQL-slides Page 35
SQL-slides Page 36
End

SQL-slides Page 37
Review Questions
and Summary

SQL-slides Page 38
Review Question 1

SQL-slides Page 39
Review Question 2

SQL-slides Page 40
Summary
❖ SQL statement

❖ SQL injection

❖ Countermeasures

SQL-slides Page 41
End

SQL-slides Page 42

You might also like