1 / 16

SQL-Injection attacks

SQL-Injection attacks. Damir Lizdek & Dan Rundlöf Language-based security. What is an SQL-injection attack?. It is an attack that is performed on an SQL database. It abuses the fact that some implementations do not check for special characters in the input.

nelston
Download Presentation

SQL-Injection attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security

  2. What is an SQL-injection attack? • It is an attack that is performed on an SQL database. • It abuses the fact that some implementations do not check for special characters in the input. • Different types of attacks possible.

  3. The goals of the project • Learn about SQL-injection attacks. • Present how an attack is performed. • Present some protective measures.

  4. What we have done • Read up on SQL injection attacks. • Determined the steps needed to perform an attack. • Written a guide for the simplest attacks. • Presented some protective measures that can be taken to prevent injection attacks.

  5. Different types of attacks • Bypassing authentication • Abusing SELECT queries • Abusing INSERT queries • Smashing the database

  6. SQL attacks • The first thing to try is to enter a single quote as part of the data. • If an SQL error is produced the server does not sanitize the input. • This means that the server might be vulnerable to injection attacks.

  7. SELECT * FROM users WHERE username= ’".$_POST[’username’]."’ AND pwd= ’".$_POST[’password’]."’ Bypassing authentication SELECT * FROM users WHERE username=’kalle’ AND pwd=’secret’

  8. Bypassing authentication Now the user enters kalle’-- instead of kalle as username. SELECT * FROM users WHERE username=’kalle’--’ AND pwd=’secret’ SELECT * FROM users WHERE username=’kalle’--’ AND pwd=’secret’

  9. Bypassing authentication If a username is not known it might still be possible to bypass a login form. Suppose you write the following as username: ’ OR 1=1-- SELECT Name FROM Users WHERE Name = ’’ OR 1=1--AND Password = ’’

  10. Abusing SELECT queries • Can be used to determine the structure of the database. • Used to gather secret information.

  11. Sample SELECT query SELECT FirstName, LastName, Title FROM Employees WHERE City = ‘" & strCity & "‘ ‘ UNION ALL SELECT OtherField FROM OtherTable WHERE ‘‘=‘ SELECT FirstName, LastName, Title FROM Employees WHERE City = ‘‘ UNION ALL SELECT OtherField FROM OtherTable WHERE ‘‘=‘‘

  12. Protection techniques • Work around the problem in the programming language that use SQL. • Setting security privileges on the database to the least-required.

  13. DEMO TIME

  14. Conclusions • We achieved our goals • We learned a lot about SQL injection attacks. SQL injection attacks are rather easy to protect aginst… BUT, many servers are still vulnerable to SQL injection attacks. Therefore it is important to know about them and how to protect against them.

  15. Questions/applauds ;-)

More Related