1 / 29

CODE INJECTION

CODE INJECTION. b y Esra Erdin. Outline. What is Code Injection? Types of Code Injection SQL Injection Script Injection Shell Injection Dynamic Evaluation Attacks Conclusion References. What is Code Injection?.

emanuelu
Download Presentation

CODE INJECTION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CODE INJECTION by EsraErdin

  2. Outline • What is Code Injection? • Types of Code Injection • SQL Injection • Script Injection • Shell Injection • Dynamic Evaluation Attacks • Conclusion • References

  3. What is Code Injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data

  4. Types of Code Injection • SQL Injection • Script Injection • Shell Injection • Dynamic Evaluation Attacks

  5. SQL Injection SQL injection is a technique employed to manipulate a legitimate database query in order to return falsified data.

  6. SQL Injection

  7. SQL Injection Examples Consider a webpage that has two fields to allow users to enter a name and password

  8. SQL Injection Examples To authenticate against this form, a programmer might do something like : SELECT * FROM `users` WHERE `username` = 'someusername' AND `password` = 'somepassword

  9. SQL Injection Examples Username : anything Password : ' OR 1=1 #  The resulting SQL will be:                     SELECT * FROM `users`                      WHERE `username` = 'anything'                      AND `password` = '' OR 1=1 #'; With the resulting SQL, we are retrieving all the information from the users table where 1=1

  10. SQL Injection Examples Now, what would happen if the following login details were used? Username : admin' # Password : _ The resulting SQL will be: SELECT * FROM `users`  WHERE `username` = 'admin' #';

  11. SQL Injection Examples Retrieving Plaintext Passwords Step 1: Find the table with the login details Username : admin Password : ' UNION  SELECT CONVERT (table_name USING latin1)‏ FROM INFORMATION_SCHEMA.TABLES WHERE table_name LIKE 'u%' AND NOT table_name = 'USER_PRIVILEDGES

  12. SQL Injection Examples The resulting SQL :SELECT * FROM `users` WHERE `username` = 'admin' AND `password` = ''UNION SELECT CONVERT (table_name USING latin1)FROM INFORMATION_SCHEMA.TABLES WHERE table_name LIKE 'u%' AND NOT table_name = 'USER_PRIVILEDGES'. -- > From the output we can determine the table with the login data.

  13. SQL Injection Examples Step 2: Get the password Username : admin' Password : ' UNION SELECT  CONCAT(`user`, '=', `pass`)  FROM `users`  WHERE `username` = 'admin

  14. SQL Injection Examples The Resulting SQL is : SELECT * FROM `users` WHERE `username` = 'admin' AND `password` = ''UNION SELECT CONCAT (`user`, '=', `pass`)FROM `users`WHERE `username` = 'admin'. We then will see something like this on the landing page: " Welcome admin=AdminPassword "

  15. Script Injection Attacks Various types of code injection attacks which allow an attacker to supply code to the server side scripting engine.

  16. Cross Site Scripting Cross-site Scripting (“XSS“) is a type of injection attack, in which malicious scripts are introduced into the trusted websites. These attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user

  17. Cross Site Scripting Types of XSS • Persistent- Type 2 XSS vulnerability; stored/second-order vulnerability. A user's data is displayed to other users. • Non-Persistent - Type 1 XSS hole; reflected vulnerability; very common. Occurs when malicious HTML code is inserted into a form, whose data is redisplayed to the user; Social Engineering. • Document Object Mode-based - Type 0 XSS vulnerabilities; local XSS; exploits the DOM.

  18. Cross Site Scripting Examples Scripting via a malicious link In this scenario, the attacker sends a specially crafted e-mail message to a victim containing malicious link scripting such as one shown below: <AHREF=http://legitimateSite.com/registration.cgi?clientprofile=<SCRIPT>malicious code</SCRIPT>>Click here</A>

  19. Cross Site Scripting Examples Stealing users' cookies

  20. Unvalidated File Upload Vulnerabilities When a user is able to upload a file which is not validated by the server, a potential exists to upload malicious code to the server and execute it remotely. Example : Uploading a php script when asked to upload a profile picture. To execute this malicious php script, one simply needs to point the browser to the location of the php script in the publically accessible location where the other profile pictures are stored.

  21. Shell Injection Attacks It is also called “OS Command Attacks” This class of attacks exploits applications which use input to formulate commands that are executed by the OS.

  22. The user supplies all or part of malformed OS command through a web interface. If the web interface is not properly sanitised the input is vulnerable to this exploit. With the ability to execute OS commands, the user can inject unexpected and dangerous commands, upload malicious programs or even obtain passwords directly from the operating system.

  23. Shell Injection Examples • Server Side Scripts (PHP, Perl, etc..) • KDE and Gnome launchers • Buffer Overflow attacks

  24. Dynamic Evaluation Attacks Dynamic Code Evaluation Arbitrary code is inserted in place of standard input, resulting in that code being executed as part of the application. Example Php'seval(); command will execute PHP code passed to it as a parameter. Also, watch out for dynamic function and variable evaluation.

  25. Conclusion • SQL Injection • Script Injection • Shell Injection • Dynamic Evaluation Attacks

  26. References • http://www.istf.jucc.edu.hk/newsletter/IT_04/IT-4_Code_Injection.pdf • www.ralfepoisson.com • http://en.wikipedia.org/wiki/Code_injection • http://www.ibm.com/developerworks/tivoli/library/s-csscript/

  27. QUESTIONS ?

  28. Cross Site Scripting Examples Sending an unauthorized request

More Related