Professional Documents
Culture Documents
Presented By
Guided By
Dr. Juby Mathew Sidharth s Rajeev
Titty Mareena George
SQL Injection
Loss of Confidentiality
Loss Of authentication
Loss of authorization
Lack of Integrity
SQL Injection Threats
S.no Threat Description
1 Identity Spoofing In this attack people are duped to believe that
the respective mail or website is genuine while
actually not.
2 Changing the price In this attack hacker modifies the original data
of original data
3 Modifying the Attacker either detects the data from the
records resent in database or completely replaces the existing
the database data.
4 Gaining access over Once the hacker gets successful in gaining
administrative access on the system then to gain complete
privileges access on both the system and the network he
seeks for the high privileges which are used by
the administrative number.
5 Denial of Service Multiple bugs request are sent to the server
which cannot be handle by the server as a
result there is a temporary halt in the service
and thus user is unable to access the system.
6 Gaining access over highly sensitive Once the hacker gain
information access on the network,
the attacker obtain
access on the highly
sensitive information
such as credit card
number and other
monetary information.
7 Destroys the existing data present in the After gaining the
database complete access over the
system the attacker
destroys the existing data
completely resulting into
huge loss.
8 Attacks machine’s performance The attacker halts all the
important transactions
which is performed by
the system.
9 Modifies the existing data present in the Once attacker obtains
record complete access over the
system, he modifies the
existing data resulting
into huge losses
SQL Injection Attacks
Authentication Bypass
Leaking sensitive information
Loss of Data Integrity
Loss of availability of Data
Remote Code Execution
Types of SQL Injection
SQL Injection
Step by Step
Steps involved are:
1. Information Gathering
2. SQL injection Vulnerability Detection
First attacker lists all the input fields, hidden fields and posts requests
Then attacker injects codes into the input field to generate an error
Attacker enter ('), (;), (––), AND and/or in input field, if it generates an
error page then it means that the website is vulnerable towards the SQL
injection.
3. Launch SQL injection attack
4. Extract the data
5. Interact with operating system
6. Compromise the system
SQL Injection Queries