SQL Injection Attacks
#1

[attachment=11272]
What is a SQL Injection Attack?
• Many web applications take user input from a form
• Often this user input is used literally in the construction of a SQL query submitted to a database. For example:
– SELECT productdata FROM table WHERE productname = ‘user input product name’;
• A SQL injection attack involves placing SQL statements in the user input
• An Example SQL Injection Attack
Product Search:
• This input is put directly into the SQL statement within the Web application:
– $query = “SELECT prodinfo FROM prodtable WHERE prodname = ‘” . $_POST[‘prod_search’] . “’”;
• Creates the following SQL:
– SELECT prodinfo FROM prodtable WHERE prodname = ‘blah‘ OR ‘x’ = ‘x’
– Attacker has now successfully caused the entire database to be returned.
A More Malicious Example
• What if the attacker had instead entered:
– blah‘; DROP TABLE prodinfo; --
• Results in the following SQL:
– SELECT prodinfo FROM prodtable WHERE prodname = ‘blah’; DROP TABLE prodinfo; --’
– Note how comment (--) consumes the final quote
• Causes the entire database to be deleted
– Depends on knowledge of table name
– This is sometimes exposed to the user in debug code called during a database error
– Use non-obvious table names, and never expose them to user
• Usually data destruction is not your worst fear, as there is low economic motivation
Other injection possibilities
• Using SQL injections, attackers can:
– Add new data to the database
• Could be embarrassing to find yourself selling politically incorrect items on an eCommerce site
• Perform an INSERT in the injected SQL
– Modify data currently in the database
• Could be very costly to have an expensive item suddenly be deeply ‘discounted’
• Perform an UPDATE in the injected SQL
– Often can gain access to other user’s system capabilities by obtaining their password
Defenses
• Use provided functions for escaping strings
– Many attacks can be thwarted by simply using the SQL string escaping mechanism
• ‘ à \’ and “ à \”
– mysql_real_escape_string() is the preferred function for this
• Not a silver bullet!
– Consider:
• SELECT fields FROM table WHERE id = 23 OR 1=1
• No quotes here!
More Defenses
• Check syntax of input for validity
– Many classes of input have fixed languages
• Email addresses, dates, part numbers, etc.
• Verify that the input is a valid string in the language
• Sometime languages allow problematic characters (e.g., ‘*’ in email addresses); may decide to not allow these
• If you can exclude quotes and semicolons that’s good
– Not always possible: consider the name Bill O’Reilly
• Want to allow the use of single quotes in names
• Have length limits on input
– Many SQL injection attacks depend on entering long strings
Even More Defenses
• Scan query string for undesirable word combinations that indicate SQL statements
– INSERT, DROP, etc.
– If you see these, can check against SQL syntax to see if they represent a statement or valid user input
• Limit database permissions and segregate users
– If you’re only reading the database, connect to database as a user that only has read permissions
– Never connect as a database administrator in your web application
More Defenses
• Configure database error reporting
– Default error reporting often gives away information that is valuable for attackers (table name, field name, etc.)
– Configure so that this information is never exposed to a user
• If possible, use bound variables
– Some libraries allow you to bind inputs to variables inside a SQL statement
– PERL example (from http://unixwiztechtips/sql-injection.html)
$sth = $dbh->prepare("SELECT email, userid FROM members WHERE email = ?;");
$sth->execute($email);
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: sql injection attacks ppt, ppt of approach to detect and prevent sql injection attacks in database using web service, dushkal quotes, quotes on ganesh vandna, wasp against sql injection attacks in java, semippu quotes, dushkal helping quotes,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  SQL INJECTION A SEMINAR REPORT Computer Science Clay 10 12,100 18-10-2014, 09:50 PM
Last Post: jaseela123d
  BLACK HOLE ATTACKS IN AD HOC NETWORKS USING TRUST VALUE EVALUATION SCHEME full report seminar presentation 2 9,813 02-11-2012, 12:28 PM
Last Post: seminar details
  SQL INJECTION AND PREVENTION seminar class 3 2,086 24-10-2012, 01:09 PM
Last Post: seminar details
  SQL Memory Management in Oracle9i seminar class 1 1,590 05-03-2012, 09:20 AM
Last Post: seminar paper
  INFORMATION SECURITY AND ATTACKS project topics 1 1,454 13-02-2012, 02:48 PM
Last Post: seminar paper
  Network Attacks seminar class 0 1,408 25-04-2011, 02:09 PM
Last Post: seminar class
  INFORMATION SECURITY AND ATTACKS computer science topics 2 1,841 18-03-2011, 11:06 PM
Last Post: praveenHD
  Oracle SQL Tuning seminar class 0 1,359 12-03-2011, 03:38 PM
Last Post: seminar class
  DDOS ATTACKS AND DEFENSE MECHANISMS: A CLASSIFICATION Wifi 0 2,073 31-10-2010, 08:35 PM
Last Post: Wifi
  Introduction to SQL Server 2000 & Relational Databases seminar surveyer 0 1,162 12-10-2010, 02:05 PM
Last Post: seminar surveyer

Forum Jump: