Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
269 views

SQL Injection Attack On SELECT Statement.

This document discusses SQL injection attacks on SELECT, UPDATE, and DELETE statements. It shows how injection code can be added to fields or URLs to inappropriately access or modify data. For example, adding "'; DELETE FROM credential WHERE name="Ryan"; #" could delete a user record. The document then recommends using prepared statements with bound parameters instead of concatenated queries to protect against injection. Prepared statements send a query template to the database separately from user-supplied inputs, replacing inputs with parameter markers for security.

Uploaded by

Alsharif Mohmd
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
269 views

SQL Injection Attack On SELECT Statement.

This document discusses SQL injection attacks on SELECT, UPDATE, and DELETE statements. It shows how injection code can be added to fields or URLs to inappropriately access or modify data. For example, adding "'; DELETE FROM credential WHERE name="Ryan"; #" could delete a user record. The document then recommends using prepared statements with bound parameters instead of concatenated queries to protect against injection. Prepared statements send a query template to the database separately from user-supplied inputs, replacing inputs with parameter markers for security.

Uploaded by

Alsharif Mohmd
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

SQL Injection Attack on SELECT Statement.

 Task 2.1: SQL Injection Attack from webpage.


By write the code (admin ' #) in the field.
 Task 2.2: SQL Injection Attack from command line.
We will load the page by using curl and then write the site. The information will be
appear.
r

 Task 2.3: Append a new SQL statement.


We will try the attack to delete a record from the database by using semicolon in
SQL. Write the code (admin' ; delete FROM credential WHERE name ="Ryan"; # )
When deleting using the previous code, it is not deleted and this is because we
are using MySQL I, which is protected and does not give the possibility of making
multiple MySQL statement and d'not take more than one query per request.

However, when we need to delete any record we can edit the code.

$conn = getDB();
$sql = "SELECT id, name, eid, salary, birth, ssn, phoneNumber, address,
email,nickname,Password
FROM credential
WHERE name= '$input_uname' and Password='$hashed_pwd'";
if (!$result = $conn->query($sql)) {

The new code we can delete the recorder is :

$conn = getDB();
$sql = "SELECT id, name, eid, salary, birth, ssn, phoneNumber, address,
email,nickname,Password
FROM credential
WHERE name= '$input_uname' and Password='$hashed_pwd'";
if (!$result = $conn->multi_query($sql)) {

}
3.3 Task 3: SQL Injection Attack on UPDATE Statement.
 Task 3.1: Modify your own salary.
1- Login as Alice account.

2- Go to the edit profile page.


3- We can choose any field to update the salary by writing this code :
(', Salry=' 50000 )

4- The result in Alice Profile page is


Task 3.2: Modify other people’ salary

1- From Alice profile edit page, we can modify the salary for Boby by write
the code ( ', Salary='1' where name='Boby'# ) in any filed.

2- We can show the result when we login as Boby account profile page.
Task 3.3: Modify other people’ password
1- In the first, We know all passwords are stored as a hash value. SO,
before updating the password, we must make a hash for the password.
Then we take the value of the hash and add it as a password to Bobby
during the process of changing the password. To do that we will go to
the terminal and make the hash.

2- Now, From Alice profile edit page, we can modify the password for
Boby by write the code
(',password='2096d9367b3c3cad7f9b957867f0024e2ef90a08'
where name='Boby'#) in any filed.
3- Login as Boby account and write the new password
3.4 Task 4: Countermeasure — Prepared Statement
In this code, we note that the query process is done quickly and directly,
but this method, as we have seen, is vulnerable to my sql injection.
$sql = "SELECT id, name, eid, salary, birth, ssn, phoneNumber,
address, email,nickname,Password
FROM credential
WHERE name= '$input_uname' and Password='$hashed_pwd'";
$result = $conn->query($sql)
To make the code more secure, we prepare an SQL statement using
Prepared statements, which is an excellent protection against SQL injections
attacks.
Using prepare to have a SQL statement template, this template is sent to the
database but without Parameters input, as we replace these inputs with
symbols denoting it.
We use the bind_param function which replaces the question marks in the
SQL query with the variables you pass to them in order.
$sql = $conn->prepare("SELECT id, name, eid, salary, birth, ssn,
phoneNumber, address, email,nickname,Password
FROM credential
WHERE name= ? and Password= ?");
$sql->bind_param("ss", $input_uname, $hashed_pwd);
$sql->execute();
$sql->bind_result($id, $name, $eid, $salary, $birth, $ssn, $phoneNumber, $address,
$email, $nickname, $pwd);
In addition, we can make the code more secure the source code to prevent
change in the Database.

You might also like