seminar report on Sql injection
Download as PPTX, PDF2 likes3,091 views
This document discusses SQL injection, including what it is, how it works, and its impacts. It defines SQL injection as a dangerous web attack that leverages vulnerabilities in web applications to bypass authentication and modify or delete database data. The summary explains that SQL injection works by manipulating SQL queries passed to a backend database, such as by appending additional SQL statements or modifying the structure of the original query. Some impacts of successful SQL injection attacks mentioned are leakage of sensitive information, reputation decline, data loss, and denial of service. Tools for finding SQL injection vulnerabilities like sqlmap and uniscan are also briefly described.
seminar report on Sql injection
- 1. SHEKHAWATI INSTITUTE OF ENGINEERING AND TECHNOLOGY A Project Presentation On SQL injection Submitted to:- Mrs. Suman Singh HOD of CSE Dept. Submitted by:- Vikash Saini B.Tech CSE 8th sem
- 2. CONTENTS • What is SQL? • What is SQL injection? • SQL Injection Attacks on the rise • Impact • Tools to find SQL Injection • How SQL injection work • Error based SQL injection • Uniscan • sqlmap
- 3. What is SQL • Structured Query language(SQL) is actually the standard language for dealing with relational databases • SQL programming can be effectively used to insert ,search,update,delete database records • In fact it can do lot of things including,but not limited to,optimizing and maintenance of database. • SQL Example SELECT * FROM Members WHERE Age>30
- 4. What is SQL injection SQL injection is probably the most dangerous known web attack. Sometimes it could lead to remote code execution that gives the hacker a full control By levering SQL injecton, an attacker could bypass authentication access ,modify and delete data within a database
- 5. SQL Injection Attacks on the rise
- 6. impact 1. Leakage of sensitive information. 2. Reputation decline. 3. Modification of sensitive information. 4. Loss of control of db server. 5. Data loss. 6. Denial of service.
- 7. Some massive attacks • Yahoo! Voices was hacked in July 2003,The attack acquired 453,000 user email addresses and passwords. The perpetrators claimed to have used SQL injection to break in. • LinkedIn.com leaked 6.5 million user credentials in June. • the attack was accomplished with SQL injection.
- 8. Tools to find SQL Injection • Netsparker (Web) • Matrixay (Web) • HP Webinspect (Web) • IBM Rational AppScan (Web) • Pangolin (Web) • SQLMap (Web) • Fuzzer (PL/SQL)
- 9. How SQL injection work DB Server User Pass ‘ or 1=1-- • Attacker Application server
- 10. SQL Injection Attack #1 Unauthorized Access Attempt: password = ’ or 1=1 -- SQL statement becomes: select count(*) from users where username = ‘user’and password = ‘’or 1=1 -- Checks if password is empty OR 1=1, which is always
- 11. Some SQL injection strings
- 12. Error based SQL injection • In this case database simply send error messeage to the user • Response : syntax error converting the nvarchar value
- 13. Checking of vulnerable sites 1. by using google search engine
- 14. By using Uniscan kali tool
- 15. Some popular vulunrable site
- 16. sqlmap • Sqlmap is one of the most popular and powerful sql injection automation tool out there. • Given a vulnerable http request url, sqlmap can exploit the remote database and do a lot of hacking like extracting database names, tables, columns, all the data in the tables etc.
- 21. SQL injection Conclusion • SQL injection is technique for exploiting applications that use relational databases as their back end. • Applications compose SQL statements and send to database. • SQL injection use the fact that many of these applications concatenate the fixed part of SQL statement with user- supplied data that forms WHERE predicates or additional sub-queries.
- 23. THANK YOU