Open navigation menu

Welcome to Scribd!

0% found this document useful (0 votes)

5 views

SQL Injection: Nisa Ali Roll#-22011556089

Uploaded by

melaibaabbas

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

SQL Injection: Nisa Ali Roll#-22011556089

Uploaded by

melaibaabbas

0% found this document useful (0 votes)

5 views20 pages

Original Title

sql

Copyright

Available Formats

PPTX, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Download as pptx, pdf, or txt

0% found this document useful (0 votes)

5 views20 pages

SQL Injection: Nisa Ali Roll#-22011556089

Uploaded by

melaibaabbas

Copyright:

Available Formats

Download as PPTX, PDF, TXT or read online from Scribd

Download as pptx, pdf, or txt

Jump to Page

You are on page 1of 20

Search inside document

SQL Injection

Nisa Ali

Roll#-22011556089
Introduction
 What is SQL Injection?

 Relation with sql and database

 Types of sqli

 Methodology of sqli

 what are the tools?

 How to perform?
Relationship with sql &
DB
 Importance of database for sql

 Security of a website depends on

 Overview of sql
Example Website
Example Website

Ali
1234

SELECT * FROM `login` WHERE `user`=‘ali’ AND `pass`=‘1234’

Let the name of the table is user_table

What is SQL Injection?
 Code Injection Technique

 Most common website attack

 Exploits Security Vulnerability

 Uses malicious sql code for backend

database manulplation
Syntax of query
Important Syntax
Select * from table where u=' ' & p=' '
LOGIC: ‘a’=‘a’
Example: SELECT * FROM `table` WHERE ‘a’=‘a’

MULTI STATEMENTS: S1; S2

Example: SELECT * FROM `table`; DROP TABLE `table`;
Example Hack

’ OR ‘a’=‘a
’ OR ‘a’=‘a

SELECT * FROM `login` WHERE `user`=‘’ OR ‘a’=‘a’ AND

`pass`=‘’ OR ‘a’=‘a’
All Queries are Possible
SELECT * FROM `login` WHERE `user`=‘’; INSERT INTO
`login` ('user','pass') VALUES ('haxor','whatever');--’ AND
`pass`=‘’

SELECT * FROM `login` WHERE `user`=‘’; UPDATE `login`

SET `pass`=‘pass123’ WHERE `user`=‘timbo317’;--’ AND
`pass`=‘’
Types of sqli
Types of sqli
Sqli

In-band sqli Inferential

sqli

1. Error based sqli 1.Bolean base sqli

2. Union based sqli 2.time based sqli

Error based sqli
 Relies on error messages
 Thrown by the database server
 To obtain information

 About the structure of the database

Union based
sqli

1. Leverages the Union sql

operator
2. To combine result of
two/more statement or
select statement.
3. Which is returned as
part of http response
Inferential Sqli / blind
sqli
 Also known as blind sqli

 It is more time taking

 Bolean-based blind sqli

 Time-base blind sqli

Bolean base
blind sqli
1.Relies on sending sql query
to the database

2.Which force the

application to return
different results

3.depend on query type

( true or false)
Time base
blind sqli
1. Forces the database to wait
for specific time

2. Response time will indicate

the result of true or false
query

3. This attract is typically slow

Sqli methodology

Understand
website Try to
working generate
Search for errors and
Prevention
 input valid and parametrized queries

 Conduct continuous scanning and penetrating testing

 Enforce least privilege access

SQL Injection
Document4 pages
SQL Injection
Abdulkerim
No ratings yet
Some Tutorials in Computer Networking Hacking
From Everand
Some Tutorials in Computer Networking Hacking
Dr. Hidaia Mahmood Alassouli
No ratings yet
Oracle Database Security Interview Questions, Answers, and Explanations: Oracle Database Security Certification Review
From Everand
Oracle Database Security Interview Questions, Answers, and Explanations: Oracle Database Security Certification Review
equitypress
No ratings yet
Ansible Basics
Document48 pages
Ansible Basics
shrinath bhat
0% (1)
Lab File (4) (It Security)
Document26 pages
Lab File (4) (It Security)
pandeyjiiiiii995
No ratings yet
SQL Injection PDF
Document6 pages
SQL Injection PDF
Siddiqui Siraj ali
No ratings yet
SQL Injection Complete Guide
Document45 pages
SQL Injection Complete Guide
John Doe
No ratings yet
Advanced SQL Injection 2
Document56 pages
Advanced SQL Injection 2
Domani Pinatti
No ratings yet
SQL Injection
Document22 pages
SQL Injection
R
No ratings yet
Web Application Security by (Abdallah Elsokary)
Document38 pages
Web Application Security by (Abdallah Elsokary)
morad
No ratings yet
SQL Injection Guide
Document9 pages
SQL Injection Guide
robparent38
No ratings yet
SQL Injection
Document10 pages
SQL Injection
k.k.deenadhayalan1410
No ratings yet
Introduction
Document5 pages
Introduction
moxida2615
No ratings yet
Quick Guide To SQL Injection Attacks and Defenses - English
Document31 pages
Quick Guide To SQL Injection Attacks and Defenses - English
savafut007
No ratings yet
Sqli Manual
Document86 pages
Sqli Manual
Luis
No ratings yet
SQL, SQL Injection, SQLi Types, Impact and Preventions
Document13 pages
SQL, SQL Injection, SQLi Types, Impact and Preventions
pandeyeicher
No ratings yet
WMS Exp3
Document5 pages
WMS Exp3
Sarthak Puri
No ratings yet
SQL Injection
Document37 pages
SQL Injection
Shimelis Abera
No ratings yet
SQL Injection
Document16 pages
SQL Injection
Ammar Mousa
No ratings yet
SQL Injection Attack
Document9 pages
SQL Injection Attack
anoha
No ratings yet
Mini Project On Information and Cyber Security: SQL (Structured Query Language) Injection
Document9 pages
Mini Project On Information and Cyber Security: SQL (Structured Query Language) Injection
cyan white
No ratings yet
Advanced SQL Injection Hacking and Guide
Document72 pages
Advanced SQL Injection Hacking and Guide
Pemuda Bhoncof
No ratings yet
CS - SQL Injection Attack (Discussion-2)
Document3 pages
CS - SQL Injection Attack (Discussion-2)
khushiyadav88400
No ratings yet
SQL Injection
Document6 pages
SQL Injection
a
No ratings yet
Unit 5 SQL Injection
Document4 pages
Unit 5 SQL Injection
Yash
No ratings yet
Google Dorks
Document39 pages
Google Dorks
muna cliff
No ratings yet
Networks Security SQL Injection
Document19 pages
Networks Security SQL Injection
mohammad zidan
No ratings yet
SQL Injection
Document14 pages
SQL Injection
mahendra.siem
No ratings yet
報告範本 DVWA網站安全
Document83 pages
報告範本 DVWA網站安全
梁卓健
No ratings yet
Task 12
Document5 pages
Task 12
Sridhar P
No ratings yet
SQL Injection Tutorial
Document21 pages
SQL Injection Tutorial
cmuchiri4612
0% (1)
Week 3 - SQL Injection
Document17 pages
Week 3 - SQL Injection
Paul Crane
No ratings yet
SQL Injection CyberSecurity
Document26 pages
SQL Injection CyberSecurity
Alex Jésus Moreira Arias
No ratings yet
Interview Preparation Part-1
Document53 pages
Interview Preparation Part-1
Abdul Mateen Ukkund
No ratings yet
SQL Injection
Document12 pages
SQL Injection
Melchor Gaerlan
No ratings yet
Defcon 17 Joseph Mccray Adv SQL Injection
Document72 pages
Defcon 17 Joseph Mccray Adv SQL Injection
RoSilenT
No ratings yet
18bit0236 Ism Lab Da 6
Document13 pages
18bit0236 Ism Lab Da 6
Rohit.M. Somani
No ratings yet
SQL Injection
Document9 pages
SQL Injection
fatma
No ratings yet
SQL Injection
Document4 pages
SQL Injection
gullinkalaveerababu.uk
No ratings yet
SQL Injection
Document10 pages
SQL Injection
Technocrawl
100% (1)
SQL Injection Presentation by Vivek Pancholi
Document13 pages
SQL Injection Presentation by Vivek Pancholi
Er Vivek Pancholi
No ratings yet
Advanced SQL Injection: Dmitry Evteev (Positive Technologies) Web Application Security Consortium (WASC) Contributor
Document62 pages
Advanced SQL Injection: Dmitry Evteev (Positive Technologies) Web Application Security Consortium (WASC) Contributor
Arshid Amin
No ratings yet
Input Validation Vulnerabilities
Document18 pages
Input Validation Vulnerabilities
Soumya Saridena
No ratings yet
Chapter 7 Application Vulnerabilities
Document73 pages
Chapter 7 Application Vulnerabilities
md5fxz9ths
No ratings yet
Experiment 4
Document4 pages
Experiment 4
Kshitiz Sharma
No ratings yet
Advanced SQL IntectionV3
Document83 pages
Advanced SQL IntectionV3
Joseph McCray
100% (1)
Review Vijitha Presentation2
Document14 pages
Review Vijitha Presentation2
vt vuyyuru
No ratings yet
Cyber Presentation
Document10 pages
Cyber Presentation
komalzaeem03
No ratings yet
Assignment MS 681
Document12 pages
Assignment MS 681
shuvo.cste
No ratings yet
SQ L Injection 1
Document26 pages
SQ L Injection 1
2205101260039
No ratings yet
Guide To Thinking
Document98 pages
Guide To Thinking
davelnx2291
No ratings yet
OWASP Backend Security
Document198 pages
OWASP Backend Security
Nano Lima
No ratings yet
SQLi Blocker
Document5 pages
SQLi Blocker
seventhsensegroup
No ratings yet
SQL Injection - Wikipedia, The Free Encyclopedia PDF
Document10 pages
SQL Injection - Wikipedia, The Free Encyclopedia PDF
xdownloadx
No ratings yet
DauHoang WebSecurity Chapter 2 Web Common Attacks PDF
Document153 pages
DauHoang WebSecurity Chapter 2 Web Common Attacks PDF
Lâm Nguyễn
No ratings yet
10.Web Application Security-SQL Injection
Document42 pages
10.Web Application Security-SQL Injection
zaghambajwa57
No ratings yet
SQL Injection
Document5 pages
SQL Injection
vukicevic.djordjedva
No ratings yet
CEHv6.1 Module 19 SQL Injection
Document77 pages
CEHv6.1 Module 19 SQL Injection
Mer Liss
No ratings yet
SQL Injection - Wikipedia
Document72 pages
SQL Injection - Wikipedia
Vaibhav Majgaonkar
No ratings yet
Prevention of SQL Injection Using Whitelisting
Document7 pages
Prevention of SQL Injection Using Whitelisting
IJRASETPublications
No ratings yet
Sql Injection Best Method for Begineers
From Everand
Sql Injection Best Method for Begineers
Kishor Sarkar X
No ratings yet
Go Tooling Cheat Sheet
Document2 pages
Go Tooling Cheat Sheet
Ali Esam Dabes
No ratings yet
Log 20231225
Document45 pages
Log 20231225
Tiago
No ratings yet
Outline: Unit - 4
Document39 pages
Outline: Unit - 4
ShivamSkyler
No ratings yet
The Answer Is Yes, Worst Case
Document4 pages
The Answer Is Yes, Worst Case
4708 Jothika
No ratings yet
C.S 1st Year and 2nd Year Quarterly Exam Q.P SEP 2024
Document6 pages
C.S 1st Year and 2nd Year Quarterly Exam Q.P SEP 2024
zulian.bussiness
No ratings yet
Visual C++ 5.0 Symbolic Debug Information Specification
Document89 pages
Visual C++ 5.0 Symbolic Debug Information Specification
stk.stoyanov
No ratings yet
CSE 101 Ujwgd
Document10 pages
CSE 101 Ujwgd
AbhilashReddy
No ratings yet
VB 2019 Console Developer
Document105 pages
VB 2019 Console Developer
Ashwin Narayan
No ratings yet
Interest Rate Calculate
Document5 pages
Interest Rate Calculate
Niket Patel
No ratings yet
Class XII Study Material KV 2022-23
Document183 pages
Class XII Study Material KV 2022-23
Probably Arth
No ratings yet
Convolution in Convolutional Neural Networks: Dot Product
Document2 pages
Convolution in Convolutional Neural Networks: Dot Product
Natarajan Selladurai
No ratings yet
Implement Data Manipulation Language Commands - Insert, Select, Update, and Delete
Document3 pages
Implement Data Manipulation Language Commands - Insert, Select, Update, and Delete
Manendra
No ratings yet
SQL Script
Document10 pages
SQL Script
Shumaila Kousar
No ratings yet
CC101 Lesson Proper For Week 1 To 5
Document27 pages
CC101 Lesson Proper For Week 1 To 5
Alejandro Francisco Jr.
No ratings yet
I PUC Unit B
Document22 pages
I PUC Unit B
Aman kekkar
No ratings yet
Simulink Model Management and Architecture: Course Title
Document3 pages
Simulink Model Management and Architecture: Course Title
P Praveen Kumar
No ratings yet
CS3461 Set 3
Document3 pages
CS3461 Set 3
Kaviya S
No ratings yet
Lab Session 02 Objective:: Assembly Language: An Assembly Language Is A Low-Level Programming Language For A
Document8 pages
Lab Session 02 Objective:: Assembly Language: An Assembly Language Is A Low-Level Programming Language For A
Hafsa Awan
No ratings yet
C-Lab Manual PDF
Document93 pages
C-Lab Manual PDF
Buddy India
No ratings yet
Dms Lab Manual Updated
Document87 pages
Dms Lab Manual Updated
Muhammad Ali
No ratings yet
Lab Task Junit
Document5 pages
Lab Task Junit
Saima Khan
No ratings yet
PLC m1
Document11 pages
PLC m1
Goutham K
No ratings yet
(PDF Download) Practical Vaadin: Developing Web Applications in Java 1st Edition Alejandro Duarte Fulll Chapter
Document64 pages
(PDF Download) Practical Vaadin: Developing Web Applications in Java 1st Edition Alejandro Duarte Fulll Chapter
deniisasaba
100% (3)
Regular Expressions: Python For Everybody
Document34 pages
Regular Expressions: Python For Everybody
Anusha Vedanabhatla
No ratings yet
Chapter7 (Page 16 To 94)
Document23 pages
Chapter7 (Page 16 To 94)
tbijle
No ratings yet
Assignment 1: Chiranjeev Sharma A2324717001 Btech Cse+ Mba 7cse3
Document13 pages
Assignment 1: Chiranjeev Sharma A2324717001 Btech Cse+ Mba 7cse3
chiranjeev sharma
100% (1)
Lab Manual 12 DSA
Document20 pages
Lab Manual 12 DSA
inft18111035 KFUEIT
No ratings yet
Visual Foxpro 6.0 Seminar: Presented by Jim Booth
Document68 pages
Visual Foxpro 6.0 Seminar: Presented by Jim Booth
Viraj Kumar
No ratings yet
Node - Js Essentials - Sample Chapter
Document17 pages
Node - Js Essentials - Sample Chapter
Packt Publishing
No ratings yet