Scribd Logo
Upload

Welcome to Scribd!

  • 16 views

    Web Based SQL Injection

    Uploaded by

    Yagouba Diallo
    This document discusses SQL injection, including what it is, different classes and types of SQL injection, and methodology for exploiting SQL injection vulnerabilities. SQL injection occurs when code is injected into database queries via web forms. There are three classes: in-band extracts data via the same channel, out-of-band uses a different channel like email, and inferential does not transfer data directly but reconstructs information by observing server behavior. Types include error-based using errors to glean info, union-based combining query results, and blind-based asking true/false questions. The methodology identifies the injection, determines the type, then attacks using error, union, or blind techniques from easiest to hardest.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Web Based SQL Injection

    Uploaded by

    Yagouba Diallo
    16 views7 pages
    This document discusses SQL injection, including what it is, different classes and types of SQL injection, and methodology for exploiting SQL injection vulnerabilities. SQL injection occurs when code is injected into database queries via web forms. There are three classes: in-band extracts data via the same channel, out-of-band uses a different channel like email, and inferential does not transfer data directly but reconstructs information by observing server behavior. Types include error-based using errors to glean info, union-based combining query results, and blind-based asking true/false questions. The methodology identifies the injection, determines the type, then attacks using error, union, or blind techniques from easiest to hardest.

    Original Description:

    Web Based SQL Injection presnetation

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses SQL injection, including what it is, different classes and types of SQL injection, and methodology for exploiting SQL injection vulnerabilities. SQL injection occurs when code is injected into database queries via web forms. There are three classes: in-band extracts data via the same channel, out-of-band uses a different channel like email, and inferential does not transfer data directly but reconstructs information by observing server behavior. Types include error-based using errors to glean info, union-based combining query results, and blind-based asking true/false questions. The methodology identifies the injection, determines the type, then attacks using error, union, or blind techniques from easiest to hardest.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    16 views7 pages

    Web Based SQL Injection

    Uploaded by

    Yagouba Diallo
    This document discusses SQL injection, including what it is, different classes and types of SQL injection, and methodology for exploiting SQL injection vulnerabilities. SQL injection occurs when code is injected into database queries via web forms. There are three classes: in-band extracts data via the same channel, out-of-band uses a different channel like email, and inferential does not transfer data directly but reconstructs information by observing server behavior. Types include error-based using errors to glean info, union-based combining query results, and blind-based asking true/false questions. The methodology identifies the injection, determines the type, then attacks using error, union, or blind techniques from easiest to hardest.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 7

    WEB BASED SQL INJECTION

    Yagouba diallo WEK100734

    agenda
    What is qli Sql injection classes Sql injection typpe Methodology

    What is sql and sqli


    code injection technique that exploits a security vulnerability in application occurs at the database layer of an application SQL - Structured Query Language Used to communicate with the database

    SQL injection classes


    We have 3 classes INBAND:data is extracted by the same channel that si used to inject the code OUT OF BAND:data is retrieved using a different channel EX:email INFERENTIAL: there is not actual tranfer of data but the tester is able to reconstruct the info by sending partucular request and observing the resulting behavior of the DB server

    SQl injection types


    We have 3 typpes: Eror based:asking the DB a question that will cause an error and gleening info from the eror. Union based: is used to combine the results of 2 or more SELECT SQL. Blind: asking the DB a true/false question and using whether valid page returned or not or by using the time it took for your valid page to return as the answer of the question

    Methodology
    IDENTIFY: Identify the injection (tool or manual) Determine injection typpe (integer or string)

    ATTACK: Error based union based Blind based ressort)

    (easiest) (great for data extration) (worst case and last

    You might also like