Scribd Logo
Upload

Welcome to Scribd!

  • 39 views

    SQL Injection: Prof. Kirtankumar Rathod Dept. of Computer Science ISHLS, Indus University

    Uploaded by

    kirtan71
    This document provides an overview of SQL injection and how to prevent it. It defines SQL injection as malicious code inserted into SQL statements via web page input. This can allow attackers to read sensitive data like usernames and passwords from databases. The document demonstrates how SQL injection works by inserting statements like "1=1", which is always true, to return all rows. It recommends using input validation, prepared statements, and whitelisting to prevent SQL injection by never directly using untrusted user input in SQL queries.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    SQL Injection: Prof. Kirtankumar Rathod Dept. of Computer Science ISHLS, Indus University

    Uploaded by

    kirtan71
    39 views13 pages
    This document provides an overview of SQL injection and how to prevent it. It defines SQL injection as malicious code inserted into SQL statements via web page input. This can allow attackers to read sensitive data like usernames and passwords from databases. The document demonstrates how SQL injection works by inserting statements like "1=1", which is always true, to return all rows. It recommends using input validation, prepared statements, and whitelisting to prevent SQL injection by never directly using untrusted user input in SQL queries.

    Original Description:

    Original Title

    SQL_Injection.pptx

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides an overview of SQL injection and how to prevent it. It defines SQL injection as malicious code inserted into SQL statements via web page input. This can allow attackers to read sensitive data like usernames and passwords from databases. The document demonstrates how SQL injection works by inserting statements like "1=1", which is always true, to return all rows. It recommends using input validation, prepared statements, and whitelisting to prevent SQL injection by never directly using untrusted user input in SQL queries.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    39 views13 pages

    SQL Injection: Prof. Kirtankumar Rathod Dept. of Computer Science ISHLS, Indus University

    Uploaded by

    kirtan71
    This document provides an overview of SQL injection and how to prevent it. It defines SQL injection as malicious code inserted into SQL statements via web page input. This can allow attackers to read sensitive data like usernames and passwords from databases. The document demonstrates how SQL injection works by inserting statements like "1=1", which is always true, to return all rows. It recommends using input validation, prepared statements, and whitelisting to prevent SQL injection by never directly using untrusted user input in SQL queries.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pptx, pdf, or txt
    of 13

    SQL INJECTION

    Prof. Kirtankumar Rathod


    Dept. of Computer science
    ISHLS, Indus University
    https://www.hacksplaining.com/e
    xercises/sql-injection
    Demo of SQL injection
    What is SQL Injection?
    • SQL injection is a code injection technique that might destroy your
    database.

    • SQL injection is one of the most common web hacking techniques.

    • SQL injection is the placement of malicious code in SQL statements,


    via web page input.
    SQL in Web Pages:
    • SQL injection usually occurs when you ask a user for input, like their
    username/userid, and instead of a name/id, the user gives you an SQL statement
    that you will unknowingly run on your database.

    • Look at the following example which creates a SELECT statement by adding a


    variable (txtUserId) to a select string. The variable is fetched from user input
    (getRequestString):

    Example
    • txtUserId = getRequestString("UserId");
    txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
    SQL Injection Based on 1=1 is Always True
    • Look at the example above again. The original purpose of the code
    was to create an SQL statement to select a user, with a given user id.
    • If there is nothing to prevent a user from entering "wrong" input, the
    user can enter some "smart" input like this:
    • UserId: 105 or 1=1
    • Then, the SQL statement will look like this:
    • SELECT * FROM Users WHERE UserId = 105 OR 1=1;
    SQL Injection Based on 1=1 is Always True
    • The SQL above is valid and will return ALL rows from the "Users" table, since
    OR 1=1 is always TRUE.

    • Does the example above look dangerous? What if the "Users" table contains
    names and passwords?
    • The SQL statement above is much the same as this:
    • SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

    • A hacker might get access to all the user names and passwords in a database, by
    simply inserting 105 OR 1=1 into the input field.
    SQL Injection Based on ""="" is Always
    True
    • Here is an example of a user login on a web site:

    • Example
    • uName = getRequestString("username");
    uPass = getRequestString("userpassword");

    sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND
    Pass ="' + uPass + '"'
    • Result
    • SELECT * FROM Users WHERE Name ="John Doe" AND Pass ="myPass"
    • A hacker might get access to user names and passwords in a database by simply
    inserting " OR ""=" into the user name or password text box:

    • Result
    • SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
    • The SQL above is valid and will return all rows from the "Users" table, since
    OR ""="" is always TRUE.
    Here, in this example the query will return all the
    values of student name based on the SQL injection
    “1=1” which is always TRUE..
    How to Prevent an SQL Injection
    • The only sure way to prevent SQL Injection attacks is input validation and
    parametrized queries including prepared statements.

    • The application code should never use the input directly. The developer must
    sanitize all input, not only web form inputs such as login forms.

    • They must remove potential malicious code elements such as single quotes.

    • It is also a good idea to turn off the visibility of database errors on your
    production sites. Database errors can be used with SQL Injection to gain
    information about your database.
    How to Prevent SQL Injections (SQLi) –
    Generic Tips
    Step 1: Train and maintain awareness
    • To keep your web application safe, everyone involved in building the web application
    must be aware of the risks associated with SQL Injections. You should provide suitable
    security training to all your developers, QA staff, DevOps, and SysAdmins.

    Step 2: Don’t trust any user input


    • Treat all user input as untrusted. Any user input that is used in an SQL query introduces
    a risk of an SQL Injection. Treat input from authenticated and/or internal users the same
    way that you treat public input.
    Step 3: Use whitelists, not blacklists
    • Don’t filter user input based on blacklists. A clever attacker will almost always find a
    way to by-pass your blacklist. If possible, verify and filter user input using strict
    whitelists only.

    Step 4: Adopt the latest technologies


    • Older web development technologies don’t have SQLi protection. Use the latest version
    of the development environment and language and the latest technologies associated
    with that environment/language. For example, in PHP use PDO instead of MySQLi.

    Step 5: Employ verified mechanisms


    • Don’t try to build SQLi protection from scratch. Most modern development
    technologies can offer you mechanisms to protect against SQLi. Use such mechanisms
    instead of trying to reinvent the wheel. For example, use parameterized queries or
    stored procedures.
    Thank you…

    You might also like