sql is used to build and communicate with a database. thegbhackers.com/advancesqli.pdf · sql is...

SQL is used to build and communicate with a database. The communicating sections are typically a "front end" which transmit a SQL Statement across a connection to a "back end" that having the database.

Ex: Oracle, MS SQL Server, MS Access, Ingres, DB2, Sybase, Informix, etc.

)

SELECT

UPDATE

INSERT INTO

DELETE

CREATE TABLE ALTER TABLE DROP TABLE

)

GRANT

REVOKE

COMMIT ROLL BACK

CREATE DATABASE.

CREATE TABLE.

ALTER TABLE.

DROP DATABASE.

DROP TABLE.

UPDATE.

SELECT

' or " Character string indicators

-- or # Single-line comment

/*…*/ Multiple-line comment

+ Addition, concatenate (or space in url)

|| (Double pipe) concatenate

% Wildcard attribute indicator

?Param1=foo&Param2=bar Url parameter

@variable Local variable

@@variable Global variable

‘’ “” Character string indicators

. Identifier qualifier separator

“” Quoted identifier indicators

-- Single-line comment delimiter

3) Dumping Data

2) Bypass attack 6) Expand Influence

5) RCE

1) Info. Gathering

4)OS Interaction

Output mechanism

Understand the query

Determine database type

Find out user privilege level

Determine OS interaction level

Union based injection (Parameter& Post)

Error based injection

Blind SQL injection

Single, double quote injection

Integer, Boolean

Time based

Header, Cookie based

Union based injection is merging multiple column to

identify the how many columns .

Already told how to break sql query, When We break the

query It’ll shows an error message so that we can able get

interact with db.

Web Content page with integer input in URL; id

parameter is used to code injection. That will helps to

SQLi.

It is far to be a kind of Cookie Poisoning. A SQL

injection attack consists of modification of cookies

via cookie editor will used to exploit the web app.

-ref: wikipedia

It’s a general class of web application

security vulnerability It occurs when Hypertext

Transfer Protocol (HTTP) headers are

dynamically generated based on user input.

Time-Based Blind SQL

Injection Attacks. Perform

tests by injecting time delays

It doesn’t displays any error’s but some

actions occurs on the web page

• Hashing • Different case • Bypass keyword removal filters • URL-encoding • SQL comments • String Building

• Reading and writing system files from disk

• Find passwords and configuration files

• Execute commands by overwriting initialization or configuration

files

• Direct command execution We can do anything Both are

restricted by the database's running privileges and permissions

Stored DB query

Whitelisting the query

Firewall,IDS

vijay@tphinfosec.com