SLIDE 1
Last Few Lectures
- XSS - Cross-site scripting
- XSRF/CSRF - Cross-site request forgery
SQL Injection Last Few Lectures XSS - Cross-site scripting - - PowerPoint PPT Presentation
SQL Injection Last Few Lectures XSS - Cross-site scripting - - PowerPoint PPT Presentation
SQL Injection Last Few Lectures XSS - Cross-site scripting XSRF/CSRF - Cross-site request forgery Code Injection Attacks Attacker executes arbitrary code on server Programming the program Not sanitizing user
SLIDE 2
SLIDE 3
Code Injection Attacks
- Attacker executes arbitrary code on server
- “Programming the program”
- Not sanitizing user inputs/outputs
SLIDE 4
SQL Injection
- Attacker enters bad information which is sent to the
server
- Server executes a SQL query with unintended
- utcomes.
SLIDE 5
Sample SQL query
- dogs(name, breed, owner name)
- Danger, lab, Fred
- Tinkerbell, poodle, Teri
- select * from dogs where owner=‘$name’;
- select name from dogs where breed=‘$btype’;
SLIDE 6
Problem?
- $name and $btype are directly passed to the
function
- select * from dogs where owner=‘$name’;
- select name from dogs where breed=‘$btype';
SLIDE 7
SQL Injection
- 1. Post malicious input to form
- 2. Requests unintended
SQL query
- 3. Returns unintended
data to attacker
SLIDE 8
Malicious Input
https://xkcd.com/327/
SLIDE 9
Malicious Input
- select * from dogs where owner=‘$name’;
- suppose $name was ‘or 1=1- -
- or even ′ ; drop table dogs --
SLIDE 10
How to Thwart
- Don’t build SQL commands yourself.
- Use parameterized functions where you specify
what input you expect.
SLIDE 11
Demo
- hackthissite.org