Module15 SQL Injection

Thursday, February 29, 2024 0 Comments

 Module 15: SQL Injections

Learn about SQL injection attack techniques, injection detection tools, and

countermeasures to detect and defend against SQL injection attempts.

Hands-On Lab Exercises: Over 4 hands-on exercises with real-lif e simulated

targets to build skills on how to:

> Perform an SQl injection attack against MSSQL to extract databases

> Detect SQL injection vulnerabilities using various SQL injection detection tools

Key topics covered:

> SQL Injection

> Types of SQL injection

> Blind SQL Injection

> SQL Injection Methodology

> SQL Injection Tools

> Signature Evasion Techniques

> SQL Injection Detection Tools

Section 01: SQL Injection Concepts

Structured query language (SQL)

Structured Query Language, abbreviated as SQL,(/ˈsiːkwəl/ "sequel", /ˌɛsˌkjuːˈɛl/ (listen) S-Q-L; )[4][5] is a domain-specific language used in programming and designed for managing data held in a relational database management system (RDBMS), or for stream processing in a relational data stream management system (RDSMS).

Structured query language (SQL) injection

In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Error based SQLi

The attacker performs actions that cause the database to produce error messages. The attacker can potentially use the data provided by these error messages to gather information about the structure of the database.

Union based SQLi

This technique takes advantage of the UNION SQL operator, which fuses multiple select statements generated by the database to get a single HTTP response. This response may contain data that can be leveraged by the attacker.

Boolean based SQLi

That attacker sends a SQL query to the database prompting the application to return a result. The result will vary depending on whether the query is true or false. Based on the result, the information within the HTTP response will modify or stay unchanged. The attacker can then work out if the message generated a true or false result.

Time based SQLi

Attacker sends a SQL query to the database, which makes the database wait (for a period in seconds) before it can react. The attacker can see from the time the database takes to respond, whether a query is true or false. Based on the result, an HTTP response will be generated instantly or after a waiting period.

Remote code execution (RCE)

In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution.

Section 02: Types of SQL Injection

Section 03: Evading Techniques

Intrusion detection system (IDS):

An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations.

Encoding:

Character encoding is the process of assigning numbers to graphical characters, especially the written characters of human language, allowing them to be stored, transmitted, and transformed using digital computers.

Obfuscation:

In software development, obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements.

Concatenation

In formal language theory and computer programming, string concatenation is the operation of joining character strings end-to-end. For example, the concatenation of "snow" and "ball" is "snowball". In certain formalisations of concatenation theory, also called string theory, string concatenation is a primitive notion.

Null byte

The null character (also null terminator) is a control character with the value zero. It is present in many character sets, including those defined by the Baudot and ITA2 codes, ISO/IEC 646 (or ASCII), the C0 control code, the Universal Coded Character Set (or Unicode), and EBCDIC. It is available in nearly all mainstream programming languages. A null character can be placed in a URL with the percent code %00.