View
234
Download
2
Category
Preview:
Citation preview
SQL Injections
SQL Injections
SQL Injection is a code injection technique in which malicious SQL statements are inserted into an entry field for execution (i.e. to dump the database contents to the attacker)
History First public discussions of SQL injection appeared around 1998
Specifically in an article in Phrack Magazine (magazine articles posted on line in bulletin board form)
November 2005: A hacker broke into the site of a Taiwanese information security magazine, stealing customer information
May 2008: A server farm inside China used automated queiries to Google to find SQL server websites that are vulnerable to SQL inj.
March 2011: Mysql.com was compromised by a hacker using SQL blind injection
October 2012: a hacker group published personal records of students, faculty, employees, and alumni from 53 universities including, Harvard, Stanford, and the University of Zurich.
SQL Basics: Create
CREATE TABLE `weather` (
`city` VARCHAR(32) NOT NULL,
`state` VARCHAR(16) NOT NULL,
`high` INT(11) NOT NULL,
`low` INT(11) NOT NULL,
);
Weather
city state high low
SQL Basics: Insert
INSERT INTO `weather` (`city`, `state`, `high`, `low`)
VALUES (‘Austin’, ‘Texas’, ‘102’, ’70’);
Weather
city state high low
Austin Texas 102 70
SQL Basics: Select
SELECT * FROM `weather`;
Weather
city state high low
Austin Texas 102 70
Madison Wisconsin 45 0
New York New York 90 25
Las Vegas Nevada 200 100
SQL Basics: Select
SELECT high,low FROM `weather` WHERE state=`Wisconsin`
Weather
city state high low
Austin Texas 102 70
Madison Wisconsin 45 0
New York New York 90 25
Las Vegas Nevada 200 100
SQL Basics: Update
UPDATE `weather` SET high=110 WHERE city=‘Austin’;
Weather
city state high low
Austin Texas 110 70
Madison Wisconsin 45 0
New York New York 90 25
Las Vegas Nevada 200 100
SQL Basics: Delete
DELETE FROM weather WHERE city=‘Las Vegas’ AND state=‘Nevada’;
Weather
city state high low
Austin Texas 102 70
Madison Wisconsin 45 0
New York New York 90 25
Las Vegas Nevada 200 100
SQL Basics: Drop
DROP TABLE weather;
Weather
city state high low
Austin Texas 102 70
Madison Wisconsin 45 0
New York New York 90 25
Typical Query for an Application
SELECT * FROM users WHERE username=‘$username’
AND password=‘$password’;
SQL Injection
SELECT * FROM users WHERE username=‘jhenn’#
AND password=‘$password’;
$username = jhenn’#
$password = herpderp
SQL Injection
SELECT * FROM users WHERE username= ‘jhenn’; DROP TABLE users;#
AND password=‘$password’;
$username = jhenns’; DROP TABLE users;#
$password = herpderp
SQL Injection: Prevention
Parametrized Queries
mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$query = $db -> prepare(“SELECT * FROM users WHERE username=:username AND
password=:password”);
$db -> bindParam(‘:username’, $username, PDO::PARAM_STR);$db -> bindParam(‘:password’, $password, PDO::PARAM_STR);
Events This Week:
Cryptocurrency Club Meeting on Thursday
EGaDS Game Night this Friday
ANY OTHERS?
Recommended