Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download SQL-Injection attacks
Document related concepts
Transcript
SQL-Injection attacks Damir Lizdek & Dan Rundlöf Language-based security What is an SQL-injection attack? • It is an attack that is performed on an SQL database. • It abuses the fact that some implementations do not check for special characters in the input. • Different types of attacks possible. The goals of the project • Learn about SQL-injection attacks. • Present how an attack is performed. • Present some protective measures. What we have done • Read up on SQL injection attacks. • Determined the steps needed to perform an attack. • Written a guide for the simplest attacks. • Presented some protective measures that can be taken to prevent injection attacks. Different types of attacks • Bypassing authentication • Abusing SELECT queries • Abusing INSERT queries • Smashing the database SQL attacks • The first thing to try is to enter a single quote as part of the data. • If an SQL error is produced the server does not sanitize the input. • This means that the server might be vulnerable to injection attacks. Bypassing authentication SELECT * FROM users WHERE username= ’".$_POST[’username’]."’ AND pwd= ’".$_POST[’password’]."’ SELECT * FROM users WHERE username=’kalle’ AND pwd=’secret’ Bypassing authentication Now the user enters kalle’-- instead of kalle as username. SELECT * FROM users WHERE username=’kalle’--’ AND pwd=’secret’ SELECT * FROM users WHERE username=’kalle’--’ AND pwd=’secret’ Bypassing authentication If a username is not known it might still be possible to bypass a login form. Suppose you write the following as username: ’ OR 1=1-SELECT Name FROM Users WHERE Name = ’’ OR 1=1-- AND Password = ’’ Abusing SELECT queries • Can be used to determine the structure of the database. • Used to gather secret information. Sample SELECT query SELECT FirstName, LastName, Title FROM Employees WHERE City = ‘" & strCity & "‘ ‘ UNION ALL SELECT OtherField FROM OtherTable WHERE ‘‘=‘ SELECT FirstName, LastName, Title FROM Employees WHERE City = ‘‘ UNION ALL SELECT OtherField FROM OtherTable WHERE ‘‘=‘‘ Protection techniques • Work around the problem in the programming language that use SQL. • Setting security privileges on the database to the least-required. DEMO TIME Conclusions • We achieved our goals • We learned a lot about SQL injection attacks. SQL injection attacks are rather easy to protect aginst… BUT, many servers are still vulnerable to SQL injection attacks. Therefore it is important to know about them and how to protect against them. Questions/applauds ;-)
