SQL injections en meer... - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

SQL injections en meer...

Description:

Title: Recommendation of a Strategy Author: Alfred Heitink Description: Introducing developments and alternatives, recommending one or more strategies – PowerPoint PPT presentation

Number of Views:103
Avg rating:3.0/5.0
Slides: 15
Provided by: Alfre161
Category:

less

Transcript and Presenter's Notes

Title: SQL injections en meer...


1
SQL injections en meer...
  • PERU

2
web application vulnerabilities
  • Cross Site Scripting (21.5)
  • SQL Injection (14)
  • PHP includes (9.5)
  • Buffer overflows (7.9)

3
SQL injections
  • Geen input validation
  • Hoe gaat het in zijn werk?
  • Voorbeeld code

4
PHP voorbeeld
  • wachtwoord _POST'wachtwoord'
  • // maak verbinding met DB
  • result query("SELECT geheimeinfo FROM tabel
    WHERE
  • wachtwoord'wachtwoord'")
  • Wat gebeurd er nu wanneer er a' OR '1 wordt
    ingevoerd?

5
Hoe te voorkomen?
  • escape de 'wachtwoord' variabele met
    'addslashes' of beter 'mysql_real_escape_string'.
  • wachtwoord _POST'wachtwoord'
  • // maak verbinding met DB
  • result query("SELECT geheimeinfo FROM tabel
    WHERE
  • wachtwoord'" . mysql_real_escape_string(wachtw
    oord) . "'")

6
Hoe te voorkomen ? (II)
  • gebruik prepared statements met de mysqli of de
    PDO Mysql extensies. Bijvoorbeeld (met mysqli)
  • wachtwoord _POST'wachtwoord'
  • // maak verbinding met DB
  • stmt DB-gtprepare("SELECT geheimeinfo FROM
    tabel WHERE wachtwoord ?")
  • stmt-gtbind_param("s", wachtwoord)
  • stmt-gtbind_result(geheimeinfo)
  • if (stmt-gtexecute stmt-gtfetch()) // OK
    else // niet OK
  • stmt-gtclose()

7
Validate input!
  • Het leek eenvoudig...
  • Maar we weten..
  • Validate input!
  • Probeer niet te detecteren wat incorrect is
  • Check of het correct is.
  • Artikel IBM

8
XSS
  • Cross Site Scripting XSS
  • 3 soorten XSS aanvallen
  • Dom-Based
  • Non-Persistent
  • Persistent

9
Een filmpje..
  • voorbeeld

10
De plot.
  • Mallory posts a message to a social network.
  • When Bob reads the message, Mallory's XSS steals
    Bob's cookie.
  • Mallory can hijack Bob's session and impersonate
    Bob

11
Dom-Based attack
  • Mallory sends the URL of a maliciously
    constructed web page to Alice, using email or
    another mechanism.
  • Alice clicks on the link.
  • The malicious web page's JavaScript opens a
    vulnerable HTML page installed locally on Alice's
    computer.
  • The vulnerable HTML page contains JavaScript
    which executes in Alice's computer's local zone.
  • Mallory's malicious script now may run commands
    with the privileges Alice holds on her own
    computer.

12
Non-Persisent
  • Alice often visits a particular website, which is
    hosted by Bob. Bob's website allows Alice to log
    in with a username/password pair and store
    sensitive information, such as billing
    information.
  • Mallory observes that Bob's website contains a
    reflected XSS vulnerability.
  • Mallory crafts a URL to exploit the
    vulnerability, and sends Alice an email, making
    it look as if it came from Bob (i.e., the email
    is spoofed).
  • Alice visits the URL provided by Mallory while
    logged into Bob's website.
  • The malicious script embedded in the URL executes
    in Alice's browser, as if it came directly from
    Bob's server. The script can be used to email
    Alice's session cookie to Mallory. Mallory can
    then use the session cookie to steal sensitive
    information available to Alice (authentication
    credentials, billing info, etc) without Alice's
    knowledge.

13
Persistent
  • Bob hosts a web site which allows users to post
    messages and other content to the site for later
    viewing by other members.
  • Mallory notices that Bob's website is vulnerable
    to a type 2 XSS attack.
  • Mallory posts a message, controversial in nature,
    which may encourage many other users of the site
    to view it.
  • Upon merely viewing the posted message, site
    users' session cookies or other credentials could
    be taken and sent to Mallory's webserver without
    their knowledge.
  • Later, Mallory logs in as other site users and
    posts messages on their behalf....

14
Hoe te voorkomen?
  • Escaping and filtering
  • Input validation
  • Cookie security
  • Eliminating scripts
Write a Comment
User Comments (0)
About PowerShow.com