Scribd
Upload
35 views

CS - SQL Injection (Discussion-1) ) & Buffer Overflow Attack

Cyber security

Uploaded by

khushiyadav88400
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
35 views

CS - SQL Injection (Discussion-1) ) & Buffer Overflow Attack

Cyber security

Uploaded by

khushiyadav88400
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

SQL Injection

SQL Injection (SQLi) is a type of attack where an attacker can execute malicious SQL statements (also known as payloads)
that control a web application's database server. This is made possible by inserting or "injecting" arbitrary SQL code into
a query. The impact can range from unauthorized data viewing to complete control over the database server.

How is an SQL Injection Attack Performed?

1. Identify Input Points:


o The attacker first finds input fields in a web application (such as login forms, search boxes, or URL
parameters) that are used to construct SQL queries.
2. Craft Malicious SQL:
o The attacker crafts input data that includes malicious SQL code. For example, entering ' OR '1'='1 in a
login form could alter the intended SQL query.
3. Execute the Payload:
o The malicious input is sent to the web server, which integrates it into the SQL query. If the input is not
properly sanitized or validated, the database will execute the malicious code.
4. Retrieve Results:
o The attacker then observes the application's response to determine if the attack was successful. For
instance, gaining unauthorized access or retrieving sensitive data.

Example of SQL Injection

Vulnerable Code

SELECT * FROM users WHERE username = '$username' AND password = '$password';

Malicious Input

 Username: ' OR '1'='1


 Password: anything

Resulting Query

SELECT * FROM users WHERE username = '' OR '1'='1' AND password = 'anything';

This query would return all rows from the users table because '1'='1' is always true.

Types of SQL Injection Attacks with Examples

1. Classic SQL Injection


o Description: Basic injection where the attacker alters the SQL query by injecting malicious SQL directly.
o Example:

' OR '1'='1

2. Blind SQL Injection


o Description: The attacker gets no direct feedback from the database server. Instead, they infer data
based on the application's responses.
o Example:

' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE (SELECT 1 UNION SELECT 2) END)--
3. Error-based SQL Injection
o Description: The attacker uses database error messages to gather information about the structure of
the database.
o Example:

' AND 1=CONVERT(int, (SELECT @@version))--

4. Union-based SQL Injection


o Description: The attacker uses the UNION SQL operator to combine the results of two or more SELECT
statements into a single result.
o Example:

' UNION SELECT username, password FROM users--

5. Time-based Blind SQL Injection


o Description: The attacker sends queries that cause a time delay in the database response, inferring
information based on the delay.
o Example:

' OR IF(1=1, SLEEP(5), 0)--

Prevention from SQL Injection Attacks

1. Use Prepared Statements and Parameterized Queries:


o Ensure that SQL queries are written using parameterized statements.
o Example (PHP PDO):

$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ? AND password = ?');


$stmt->execute([$username, $password]);

2. Use Stored Procedures:


o Encapsulate SQL queries within stored procedures.
o Example (SQL Server):

CREATE PROCEDURE spGetUser


@username NVARCHAR(50),
@password NVARCHAR(50)
AS
BEGIN
SELECT * FROM users WHERE username = @username AND password = @password;
END;

3. Input Validation and Sanitization:


o Validate and sanitize user inputs to ensure they conform to expected formats (e.g., using regular
expressions).
4. Least Privilege Principle:
o Ensure that the database user has the minimum permissions required to perform its tasks.
5. Use Web Application Firewalls (WAF):
o Deploy WAFs to detect and block malicious input patterns.
6. Error Handling:
o Implement proper error handling to avoid exposing sensitive information in error messages.
7. Regular Security Audits:
o Conduct regular security audits and code reviews to identify and fix potential vulnerabilities.
Buffer Overflow Attack

A buffer overflow attack occurs when an attacker sends more data to a buffer (a temporary storage area in memory)
than it can handle. This excess data can overwrite adjacent memory, potentially allowing the attacker to execute
arbitrary code or crash the system.

How is a Buffer Overflow Attack Performed?

1. Identify Vulnerability:
o The attacker finds a vulnerable program where user input is copied into a fixed-size buffer without
proper bounds checking.
2. Craft Malicious Input:
o The attacker crafts input that exceeds the buffer's capacity. This input includes data that will overwrite
critical parts of memory, such as the return address of a function.
3. Inject Payload:
o The malicious input includes a payload (typically shellcode) that the attacker wants to execute. This
payload is placed in the overflowed buffer.
4. Trigger Overflow:
o The attacker sends the crafted input to the vulnerable program, causing the buffer overflow. The
overflowed data overwrites the return address on the stack with the address of the payload.
5. Gain Control:
o When the function returns, it uses the overwritten return address, redirecting execution to the
attacker's payload, granting control to the attacker.

Example of Buffer Overflow:

Vulnerable Code (C):

#include <stdio.h>
#include <string.h>

void vulnerable_function(char *input) {


char buffer[64];
strcpy(buffer, input); // No bounds checking
}

int main(int argc, char *argv[]) {


if (argc > 1) {
vulnerable_function(argv[1]);
}
return 0;
}

Malicious Input:

 Input: A string longer than 64 characters, including a payload such as shellcode.

Types of Buffer Overflow Attacks with Examples

1. Stack-based Buffer Overflow


o Description: The overflow occurs in the stack memory, usually by overwriting the return address of a
function.
o Example:
char buffer[64];
strcpy(buffer, "A long string that exceeds 64 characters...<shellcode>");

The return address is overwritten, redirecting execution to the shellcode.

2. Heap-based Buffer Overflow


o Description: The overflow occurs in the heap memory, affecting dynamically allocated memory.
o Example:

char *buffer = (char *)malloc(64);


strcpy(buffer, "A long string that exceeds 64 characters...<shellcode>");

o The overflow may overwrite adjacent heap data structures, potentially allowing control over the
program flow.
o
3. Integer Overflow
o Description: An integer overflow can lead to buffer overflow when arithmetic operations result in
unexpected values.
o Example:

int len = get_user_input_length();


char *buffer = (char *)malloc(len);
strcpy(buffer, user_input);

o If len is calculated incorrectly due to an integer overflow, the allocated buffer might be too small,
leading to overflow.
4. Format String Vulnerability
o Description: Improper handling of format strings can lead to buffer overflows.
o Example:

printf(user_input);

o If user_input contains format specifiers, it can lead to arbitrary memory access and buffer overflow.

Prevention from Buffer Overflow Attacks

1. Bounds Checking:
o Always check the size of input data before copying it to a buffer.
o Example:

strncpy(buffer, input, sizeof(buffer) - 1);


buffer[sizeof(buffer) - 1] = '\0'; // Ensure null-termination

2. Use Safe Functions:


o Use safer alternatives to standard library functions that perform bounds checking.
o Example:
 strcpy -> strncpy
 sprintf -> snprintf
3. Stack Canaries:
o Implement stack canaries (special values placed on the stack) that are checked for integrity before a
function returns. If a buffer overflow overwrites the canary, the program detects it and terminates.
o Example:

__attribute__((stack_protector)) void function() {


char buffer[64];
// Function logic
}

4. Address Space Layout Randomization (ASLR):


o Randomize the memory address space layout to make it harder for attackers to predict the location of
specific memory regions.
o Example:
 Enable ASLR in the operating system settings.
5. Non-Executable Stack:
o Mark stack memory as non-executable to prevent execution of injected code.
o Example:
 Enable the NX (No-eXecute) bit in modern CPUs and configure the operating system accordingly.
6. Code Reviews and Static Analysis:
o Regularly review code for potential vulnerabilities and use static analysis tools to detect buffer
overflows.
o Example:
 Tools like Coverity, Fortify, or Clang Static Analyzer.
7. Use Modern Programming Languages:
o Use languages that provide built-in protections against buffer overflows, such as Python, Java, or Rust.

You might also like