lab2_DBA.pdf

Transcript

Learn about sql injection applications by website portSiwgger https://portswigger.net

Practical example application about sqlinjection using php and mysql

https://www.securityidiots.com/Web-Pentest/SQL-Injection/Basic-Union-Based-SQL-Injection.html

https://www.sqlinjection.net/union/

https://owasp.org/www-community/attacks/SQL_Injection
We will write briefly a small example at the beginning of how to bypass SQL Query, and we will not conclude
that we have a login form containing the username and password, when the content is sent for the executable
query in this way, for example, to find out the Root-X username and password Password:

SELECT * FROM users WHERE user='Root-X' AND pass='Password'

Now what happens if you want to inject the search username with:

Mark ' to close the alternate username brand
My tag -- Parliament remains the query as a comment (comment) that cannot be executed
So the query becomes like this:
Or the # sign can be used better than the -- like this:

Now why not bypass the authentication agreement and log in without using your username and password?

It will inject the username with

So the query becomes like this:

The quotation mark for the username variable is closed. Then you check the query, which is if 1 = 1, and this is
normal and correct. Then the query ends with the # sign to stop the query, from registering an entrance to bypass
authentication and login completely.
1. Staff Training :
2. Use the Latest Versions
3. Web Application Firewall
4. Encryption
5. Limit Privileges and Access
6. Eliminate Shared Databases
7. Avoid Displaying Error Messages
8. Use Stored Procedures
9. Deny Extended URLs
10. Monitor Database Communication
1. Students attempt SQLi to bypass authentication.

2. Implement input validation and parameterized queries to fix the vulnerability.