sql injections (basic bypass authentication)
DESCRIPTION
The PPT gives a brief introduction about SQL Injactions, how it is exploited and the mechanisms which can be used to patch this vulnerability.TRANSCRIPT
BY :- RAVINDRA SINGH RATHORE
BRANCH :- COMPUTER SCIENCE
BATCH :- B3
SQL INJECTIONS
SQL Injections
The ability to inject SQL
commands into the database
engine
through an existing application
What is SQL Injection?
SQL Injection
Generally, the purpose of SQL injection is to convince the application to run SQL code that was not intended.
SQL injection occurs when an application processes user-provided data to create a SQL statement without first validating the input.
SQL Injection
The user input is then submitted to a web application database server for execution.
When successfully exploited, SQL injection can give an attacker access to database content or allow the hacker to remotely execute system commands.
In the worst-case scenario, the hacker can take control of the server that is hosting the database.
6
SQL Injection
This exploit can give a hacker access to a remote shell into the server file system.
The impact of a SQL injection attacks depends on – where the vulnerability is in the code, – how easy it is to exploit the vulnerability, – what level of access the application has to the
database. Theoretically, SQL injection can occur in any
type of application, but it is most commonly associated with web applications.
The web applications are easy targets because by their very nature they are open to being accessed from the Internet.
It is probably the most common Website vulnerability today!
It is a flaw in "web application" development, it is not a DB or web server problem Most programmers are still not aware of this problem A lot of the tutorials & demo “templates” are vulnerable Even worse, a lot of solutions posted on the Internet are
not good enough In our pen tests over 60% of our clients turn out
to be vulnerable to SQL Injection
HOW COMMON IS IT?
8
How does SQL Injection work?
Common vulnerable login query SELECT * FROM users WHERE login = ‘silent'AND password = ‘hexor'
(If it returns something then login!)
ASP/MS SQL Server login syntaxvar sql = "SELECT * FROM usersWHERE login = '" + formusr + “’ AND password = '" + formpwd + "'";
9
Injecting through Strings
formusr = ' or 1=1 – – formpwd = anything
Final query would look like this:SELECT * FROM usersWHERE username = ' ' or 1=1
– – AND password = 'anything'
10
SQL Injection Defense
It is quite simple: input validation The real challenge is making best
practices consistent through all your codeEnforce "strong design" in new applicationsYou should audit your existing websites and
source code Even if you have an air tight design,
harden your servers
11
Define data types for each field Implement stringent "allow only good" filters
If the input is supposed to be numeric, use a numeric variable in your script to store it
Reject bad input rather than attempting to escape or modify it
Input Validation
12
1. Run DB as a low-privilege user account.2. Remove unused stored procedures and
functionality or restrict access to administrators.
3. Change permissions and remove "public" access to system objects.
4. Audit password strength for all user accounts.5. Firewall the server so that only trusted clients
can connect to it (typically only: administrative network, web server and backup server).
Harden the Server
13
You may want to react to SQL injection attempts by: Logging the attempts Sending email alerts Blocking the offending IP Sending back intimidating error messages:
"WARNING: Improper use of this application has been detected. A possible attack was identified. Legal actions will be taken."
Check with your lawyers for proper wording
This should be coded into your validation scripts
Detection and Dissuasion
14
SQL Injection is a fascinating and dangerous vulnerability
All programming languages and all SQL databases are potentially vulnerable
Protecting against it requires strong design correct input validation hardening
Conclusion
THANK YOU…