SQL injection
Download
Report
Transcript SQL injection
談談SQL Injection與系統安全
你的網站正在裸奔嗎?
STOP !
如果你身為網站設計人員卻不知道什麼是
SQL Injection
你最好立即請假佯裝出國度假或雙手打上
石膏裝殘 !!
務必暫停手邊的開發工作,以免在系統埋
下更多的炸彈,遺害千年!
什麼是 SQL Injection ?
中文翻譯→資料隱碼
為一種攻擊手法,並非病毒
利用SQL程式碼進行攻擊
帳號、密碼
搜尋、查詢
網址列、隱藏的輸入框
SQL Injection 會影響哪些系統?
應該只有微軟的系統會有問題吧?!
所有有使用資料庫的系統都有可能有問題
影響的範圍:
Apache、IIS、ASP、JSP、PHP
MSSQL、MySQL、Oracle、Sybase
SQL Injection 運用原理
常見的帳號密碼確認SQL語法:
$sqlstr="select * from user where account =
'".$account."' and password = '".$password."';";
當輸入正確的帳號密碼時:
$sqlstr="select * from user where account =
‘test' and password = ‘test';";
SQL Injection 運用原理(cont’d)
常見的帳號密碼確認SQL語法:
$sqlstr="select * from user where account =
'".$account."' and password = '".$password."';";
當輸入惡意的帳號密碼時:
$sqlstr="select * from user where account =
‘admin' and password = ‘' + password + '';";
SQL Injection 運用原理(cont’d)
常見的帳號密碼確認SQL語法:
$sqlstr="select * from user where account =
'".$account."' and password = '".$password."';";
當輸入惡意的帳號密碼時:
$sqlstr="select * from user where account =
‘admin' and password = ‘' or 1 = 1 or ‘’ = '';";
SQL Injection 運用原理(cont’d)
常見的帳號密碼確認SQL語法:
$sqlstr="select * from user where account =
'".$account."' and password = '".$password."';";
當輸入惡意的帳號密碼時:
$sqlstr="select * from user where account =
‘admin' and password = ‘' ;DELETE FROM user
where account != 0;-- ';";
SQL Injection 運用原理(cont’d)
常見的帳號密碼確認SQL語法:
$sqlstr="select * from user where account =
'".$account."' and password = '".$password."';";
當輸入惡意的帳號密碼時:
$sqlstr="select * from user where account =
‘admin' and password = ‘'; SHUTDOWN; -- ';";
SQL Injection DEMO
TARGET :
Virtual Website : Localhost
逢甲大學課外活動組
逢甲大學教與學
TOOL :
SQL Inject Me (Detection Tool)
http://www.securitycompass.com/exploit_me/sqlime/
sqlime-0.4.0.shtml
Firefox Add-ons
Solution
好像有好多字元要防,該如何防起?
不要將輸入的資料直接丟到SQL中
用replace(xx, " ' ", " ' ' ")
修正後變數 = replace(修正前變數, " ' ", " ' ' “);
應時常檢查程式是否存在有非預期輸入資
料的漏洞。