Академический Документы
Профессиональный Документы
Культура Документы
Presentation Outline
• SQL Injection Attacks
Intent
Input Source
Type
• Countermeasures
• Conclusion
Introduction
• What is SQL?
What is SQL Injection?
• Forename: jo'hn
• Surname: smith
• The 'query string' becomes this:
• select id, forename, surname from authors where
forename = 'jo'hn' and surname = 'smith'
Cont’ ..
• Error:
Server: Msg 170, Level 15, State 1, Line 1
Line 1: Incorrect syntax near 'hn'.
• Input modified:
Forename: jo'; drop table authors--
Vulnerable Application
Attack scenario
• Normal Usage
¬User submits login “doe” and pin “123”
¬SELECT info FROM users WHERE login=
`doe’ AND pin= 123
Attack scenario
• Malicious Usage
¬Attacker submits “admin’ -- ” and pin of “0”
¬SELECT info FROM users WHERE login=‘admin’ -- ’ AND
pin=0
Intent
• Extracting data
• Adding or modifying data
• Performing denial of service
• Bypassing authentication
• Executing remote commands
Sources of SQL Injection