SEMINAR CS-681

SQL INJECTIONANDGREEN SQL

ABHISHEK KUMAR PRASAD (25500111003)

DEBLINA CHOWDHURY (25500111018)

KAUSTAV SENGUPTA (25500111024)

CONTENTS:-

Internet in daily life Code injectionSQl injectionGreenSQL

“Life has become easy by

INTERNET…”

It is a computer- based global information system.

Composed of many interconnected computer networks.

Each network links with thousands of computers.

Enabling links to share information and processing power.

Wonderful tool provides information at our finger tips.

INTRODUCTION TO INTERNET

EXTREME IMPACTS OF INTERNET

► Saved the world a great deal of time and money.

► There is a big influence of technique on our daily life.

► It is one of the newest and most forward-looking media

HOW INTERNET MADE LIFE EASY

INTERNET MADE CHANGES IN….

Bill payments

Railway

Reservations

Banking

Business

Entertainment

Information

Weather Reports

Education

Job Search Engine

Shopping

DISADVANTAGES

Hacking

Code Injection

Spamming

Virus

In Appropriate websites

Isolation

Inaccurate information

What is code injection?

• Code injection is the exploitation of a computer bug that is caused by processing invalid data.

• Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution.

• The results of a code injection attack can be disastrous

Code injection

Different types of Code injection

• SQL injection

• LDAP Injection

• OS Command Injection

• Cross-Site Scripting (“XSS”)

Many web applications take user input from a form

Often this user input is used literally in the construction of a SQL query submitted to a database. For example: SELECT productdata FROM table WHERE productname = ‘user input

product name’;

A SQL injection attack involves placing SQL statements in the user input

What is a SQL Injection Attack?

SQL injection

Input contains special characters and hidden SQL commands

Server accidentally passes hidden SQL commands to database.

Product Search:

This input is put directly into the SQL statement within the Web application: $query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘” .

$_POST[‘prod_search’] . “’”;

Creates the following SQL: SELECT prodinfo FROM prodtable WHERE prodname = ‘blah‘ OR ‘x’ = ‘x’

Attacker has now successfully caused the entire database to be returned.

An Example SQL Injection Attack

‘blah‘ OR ‘x’ = ‘x’

Sample SQL injection

User Input Chris’; DROP TABLE USER_TABLE;--

Query SELECT password FROM USER_TABLE WHERE username=‘Chris’; DROP TABLE USER_TABLE;--’

Result USER_TABLE is deleted by the hacker.

Example 1: Data Loss

Example 2: Data Leakage

User Input ‘AND 1=0 UNIONSELECT card_number AS uid,card_holder_name AS uname,expiry_date AS password FROM CREDITCARD’

Query SELECT uid,uname,password FROM USERS WHERE uname=‘AND 1=0 UNIONSELECT card_number AS uid,card_holder_name AS uname,expiry_date AS password FROM CREDITCARD’

Examples of SQL injection

These attacks noted on the Eastern European website started early in March and by Wednesday March 12, 2008, 10,000 Web pages were compromised. Here is a diagram of how it is done

Examples of SQL injection

Here is a diagram of how to protect against it

Using SQL injections, attackers can:

Add new data to the database

Could be embarrassing to find yourself selling politically incorrect items on an e-Commerce site

Perform an INSERT in the injected SQL

Modify data currently in the database

Could be very costly to have an expensive item suddenly be deeply ‘discounted’

Perform an UPDATE in the injected SQL

Often can gain access to other user’s system capabilities by obtaining their password

Other injection possibilities

Use provided functions for escaping strings Many attacks can be thwarted by simply using the SQL string

escaping mechanism ‘ \’ and “ \”

mysql_real_escape_string() is the preferred function for this

Not a silver bullet! Consider:

SELECT fields FROM table WHERE id = 23 OR 1=1

No quotes here!

Defenses

Check syntax of input for validity Many classes of input have fixed languages

Email addresses, dates, part numbers, etc. Verify that the input is a valid string in the language Sometime languages allow problematic characters (e.g., ‘*’ in

email addresses); may decide to not allow these If you can exclude quotes and semicolons that’s good

Not always possible: consider the name Bill O’Reilly Want to allow the use of single quotes in names

Have length limits on input Many SQL injection attacks depend on entering long strings

More Defenses

Scan query string for undesirable word combinations that indicate SQL statements INSERT, DROP, etc. If you see these, can check against SQL syntax to see if

they represent a statement or valid user input Limit database permissions and segregate users

If you’re only reading the database, connect to database as a user that only has read permissions

Never connect as a database administrator in your web application

More Defenses

Configure database error reporting

Default error reporting often gives away information that is valuable for attackers (table name, field name, etc.)

Configure so that this information is never exposed to a user

If possible, use bound variables

Some libraries allow you to bind inputs to variables inside a SQL statement

PERL example (from http://www.unixwiz.net/techtips/sql-injection.html)

$sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;");

$sth->execute($email);

More Defenses

GreenSQL

SQL Injection

Code injection technique

Gain Unauthorized access to database

Web Application Architecture

GreenSQL

Known as database firewall

Works as a proxy for SQL commands

Calculates risks of queries

Supports different modes for protection

Key features of GreenSQL 

• SQL Injection protection• Full separation of duties• Database Activity Monitoring ( DAM )• IPS/IDS• Learning mode• Flexible deployment options• Highly granular rules• Real time e-mail alerts

Calculation of Risky Queries

Fingerprinting of database

Stack-based queries

SQL tautology

Modes of GreenSQL

IDS Mode

IPS Mode

Learning Mode

Database Firewall Mode

GreenSQL Architecture

GreenSQL Login

GreenSQL Dashboard

GreenSQL Database List

GreenSQL Whitelist Configuration

GreenSQL Database Settings

GreenSQL Database Overview

GreenSQL Mail Alerts

Conclusion

Provides great security regarding different sql attacks

Can be used as a penetration tool !!!

ThanK YoU