Restructured SQL Injection introduction lesson and created new required lesson-pages.
This commit is contained in:
Benedikt - Desktop
Nanne Baars
parent
2334b3c02d
commit
2fdde982eb
@ -3,27 +3,27 @@
|
||||
<html xmlns:th="http://www.thymeleaf.org">
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_plan.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_plan.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content1.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content1.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content2.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content2.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content3.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content3.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content4.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content4.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content5_before.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content5_before.adoc"></div>
|
||||
<div>
|
||||
<label for="username-preview">Username:</label>
|
||||
<input id="preview-input" type="text" name="username" val=""/>
|
||||
@ -40,11 +40,19 @@
|
||||
});
|
||||
</script>
|
||||
</div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content5_after.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content5_after.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content5a.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content6.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content7.adoc"></div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content8.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
@ -66,7 +74,7 @@
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_content5b.adoc"></div>
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content9.adoc"></div>
|
||||
<div class="attack-container">
|
||||
<div class="assignment-success"><i class="fa fa-2 fa-check hidden" aria-hidden="true"></i></div>
|
||||
<form class="attack-form" accept-charset="UNKNOWN"
|
||||
@ -94,4 +102,8 @@
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="lesson-page-wrapper">
|
||||
<div class="adoc-content" th:replace="doc:SqlInjection_introduction_content10.adoc"></div>
|
||||
</div>
|
||||
|
||||
</html>
|
||||
|
||||
@ -1,63 +0,0 @@
|
||||
== What is SQL
|
||||
|
||||
SQL is a standardized (ANSI in 1986, ISO in 1987) programming language which is used for managing relational databases and performing various operations on the data in them.
|
||||
|
||||
A database is a collection of data. Data is organized into rows, columns and tables, and it is indexed to make it easier to find relevant information.
|
||||
|
||||
Example SQL table with employees:
|
||||
|
||||
Employees Table
|
||||
|===
|
||||
|IdNum |LName |FName |JobCode |Salary |Phone |
|
||||
|
||||
|1876 |CHIN |JACK |TA1 |42400 |212/558-5634 |
|
||||
|
||||
|1114 |GREENWALD |JANICE |ME3 |38000 |212/558-1092 |
|
||||
|
||||
|1556 |PENNINGTION|MICHAEL |ME1 |29860 |718/383-5681 |
|
||||
|
||||
|1354 |PARKER |MARY |FA3 |65800 |914/455-2337 |
|
||||
|
||||
|1130 |WOOD |DEBORAH |PT2 |36514 |212/587-0013 |
|
||||
|===
|
||||
|
||||
Each employee has an index (IdNum), lastname, firstname, job title (JobCode), salary and a phone number. All his data from this table is represented in a single row.
|
||||
|
||||
By using SQL queries you can modify a database table and its index structures, add, update and delete rows of data.
|
||||
|
||||
There are three types of SQL commands in the SQL database language:
|
||||
|
||||
=== Data Manipulation Language (DML)
|
||||
* DML commands are used for storing, retrieving, modifying, and deleting data.
|
||||
* SELECT, INSERT, UPDATE, DELETE, …
|
||||
* Example:
|
||||
** Retrieve data:
|
||||
** SELECT Phone +
|
||||
FROM Employees +
|
||||
WHERE IdNum = 1354;
|
||||
** This statement delivers the phone number of the employee with the number 1354.
|
||||
|
||||
=== Data Definition Language (DDL)
|
||||
* DDL commands are used for creating, modifying, and dropping the structure of database objects.
|
||||
* CREATE, ALTER, DROP,TRUNCATE,…
|
||||
* Example:
|
||||
** CREATE TABLE Customers( +
|
||||
IdNum INT NOT NULL, +
|
||||
LName VARCHAR (20) NOT NULL, +
|
||||
FName VARCHAR (20) NOT NULL, +
|
||||
JobCode VARCHAR (3) NOT NULL, +
|
||||
Salary DECIMAL (18, 2), +
|
||||
Phone VARCHAR (20), +
|
||||
PRIMARY KEY (IdNum) +
|
||||
);
|
||||
** This statement creates the employees example table given above.
|
||||
|
||||
=== Data Control Language (DCL)
|
||||
* DCL commands are used for providing security to database objects.
|
||||
* GRANT, REVOKE, …
|
||||
* Example:
|
||||
** GRANT CREATE TABLE +
|
||||
TO operator;
|
||||
** This statement gives all users of the operator-role the privilege to create new tables in the database.
|
||||
|
||||
If you are still struggling with SQL and need more information or practice you can visit http://www.sqlcourse.com/ for an interactive and free online training.
|
||||
@ -1,7 +0,0 @@
|
||||
== What is SQL Injection?
|
||||
|
||||
SQL Injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have an serious impact on e.g. data integrity and security.
|
||||
|
||||
SQL Injections can occur, when unfiltered data from the client, e.g. the input of a search field, gets into the SQL-Interpreter of the application itself. If the input from the client does not get checked for containing SQL Commands, hackers can easily manipulate the underlying SQL-Statement to their advantages. +
|
||||
Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL-query and that way can be used to chain them)
|
||||
|
||||
@ -0,0 +1,30 @@
|
||||
== What is SQL
|
||||
|
||||
SQL is a standardized (ANSI in 1986, ISO in 1987) programming language which is used for managing relational databases and performing various operations on the data in them.
|
||||
|
||||
A database is a collection of data. Data is organized into rows, columns and tables, and it is indexed to make it easier to find relevant information.
|
||||
|
||||
Example SQL table with employees:
|
||||
|
||||
Employees Table
|
||||
|===
|
||||
|IdNum |LName |FName |JobCode |Salary |Phone |
|
||||
|
||||
|1876 |CHIN |JACK |TA1 |42400 |212/558-5634 |
|
||||
|
||||
|1114 |GREENWALD |JANICE |ME3 |38000 |212/558-1092 |
|
||||
|
||||
|1556 |PENNINGTION|MICHAEL |ME1 |29860 |718/383-5681 |
|
||||
|
||||
|1354 |PARKER |MARY |FA3 |65800 |914/455-2337 |
|
||||
|
||||
|1130 |WOOD |DEBORAH |PT2 |36514 |212/587-0013 |
|
||||
|===
|
||||
|
||||
Each employee has an index (IdNum), lastname, firstname, job title (JobCode), salary and a phone number. All his data from this table is represented in a single row.
|
||||
|
||||
By using SQL queries you can modify a database table and its index structures, add, update and delete rows of data.
|
||||
|
||||
There are three types of SQL commands in the SQL database language:
|
||||
|
||||
If you are still struggling with SQL and need more information or practice you can visit http://www.sqlcourse.com/ for an interactive and free online training.
|
||||
@ -0,0 +1 @@
|
||||
Availiability
|
||||
@ -0,0 +1,10 @@
|
||||
=== Data Manipulation Language (DML)
|
||||
* DML commands are used for storing, retrieving, modifying, and deleting data.
|
||||
* SELECT, INSERT, UPDATE, DELETE, …
|
||||
* Example:
|
||||
** Retrieve data:
|
||||
** SELECT Phone +
|
||||
FROM Employees +
|
||||
WHERE IdNum = 1354;
|
||||
** This statement delivers the phone number of the employee with the number 1354.
|
||||
|
||||
@ -0,0 +1,14 @@
|
||||
=== Data Definition Language (DDL)
|
||||
* DDL commands are used for creating, modifying, and dropping the structure of database objects.
|
||||
* CREATE, ALTER, DROP,TRUNCATE,…
|
||||
* Example:
|
||||
** CREATE TABLE Customers( +
|
||||
IdNum INT NOT NULL, +
|
||||
LName VARCHAR (20) NOT NULL, +
|
||||
FName VARCHAR (20) NOT NULL, +
|
||||
JobCode VARCHAR (3) NOT NULL, +
|
||||
Salary DECIMAL (18, 2), +
|
||||
Phone VARCHAR (20), +
|
||||
PRIMARY KEY (IdNum) +
|
||||
);
|
||||
** This statement creates the employees example table given above.
|
||||
@ -0,0 +1,7 @@
|
||||
=== Data Control Language (DCL)
|
||||
* DCL commands are used for providing security to database objects.
|
||||
* GRANT, REVOKE, …
|
||||
* Example:
|
||||
** GRANT CREATE TABLE +
|
||||
TO operator;
|
||||
** This statement gives all users of the operator-role the privilege to create new tables in the database.
|
||||
@ -1,3 +1,11 @@
|
||||
== What is SQL Injection?
|
||||
|
||||
SQL Injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have an serious impact on e.g. data integrity and security.
|
||||
|
||||
SQL Injections can occur, when unfiltered data from the client, e.g. the input of a search field, gets into the SQL-Interpreter of the application itself. If the input from the client does not get checked for containing SQL Commands, hackers can easily manipulate the underlying SQL-Statement to their advantages. +
|
||||
Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL-query and that way can be used to chain them)
|
||||
|
||||
|
||||
== Example of SQL Injection
|
||||
|
||||
Think of a web application, that allows to display user information, by typing a username into an input field.
|
||||
@ -9,7 +9,7 @@
|
||||
* Recover the content of a given file present on the DBMS file system
|
||||
* Issue commands to the operating system
|
||||
|
||||
=== SQL injection attacks allow attackers to
|
||||
=== SQL injection attacks allow attackers to
|
||||
* Spoof identity
|
||||
* Tamper with existing data
|
||||
* Cause repudiation issues such as voiding transactions or changing balances
|
||||
@ -1,6 +1,6 @@
|
||||
== Severity of SQL Injection
|
||||
|
||||
=== The severity of SQL Injection attacks is limited by
|
||||
=== The severity of SQL Injection attacks is limited by
|
||||
* Attacker’s skill and imagination
|
||||
* Defense in depth countermeasures
|
||||
** Input validation
|
||||
@ -18,5 +18,5 @@
|
||||
* Early adopters of web technology (i.e. Old Code)
|
||||
|
||||
=== Not all databases are equal (SQL Server)
|
||||
* Command shell: `master.dbo.xp_cmdshell 'cmd.exe dir c:'`
|
||||
* Reqistry commands: `xp_regread`, `xp_regdeletekey`, …
|
||||
* Command shell: `master.dbo.xp_cmdshell 'cmd.exe dir c:'`
|
||||
* Reqistry commands: `xp_regread`, `xp_regdeletekey`, …
|
||||
@ -1,3 +1,5 @@
|
||||
Confidentiality
|
||||
|
||||
== Try It! String SQL Injection
|
||||
|
||||
The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating strings making it susceptible to String SQL injection:
|
||||
@ -1,3 +1,5 @@
|
||||
Integrity
|
||||
|
||||
== Try It! Numeric SQL Injection
|
||||
|
||||
The query in the code builds a dynamic query as seen in the previous example. The query in the code builds a dynamic query by concatenating a number making it susceptible to Numeric SQL injection:
|
||||
Loading…
x
Reference in New Issue
Block a user