SQL Injection Tutorial: Learn with Example Data is one of the most vital components of information systems. Database powered web applications are used by the organization to get data from customers. · Had same problem state 14, I am running SQL 2005 dev edition with SP1, after some playing around I my user account didn’t have access to the MSSQL folder.Network Footprinting (Reconnaissance) The tester would attempt to gather as much information as possible about the selected network. Reconnaissance can take two forms. Jonthis is an outstanding tutorial, even by your standards. Thank you, thank you, thank you. This alone is worth the price of the several excel reporting and. Edit Article wiki How to Hack a Database. Three Methods: Using a SQL Injection Cracking the Database Root Password Running Database Exploits Community Q&A. ![]() SQL is the acronym for Structured Query Language. It is used to retrieve and manipulate data in the database. What is a SQL Injection? SQL Injection is an attack that poisons dynamic SQL statements to comment out certain parts of the statement or appending a condition that will always be true. It takes advantage of the design flaws in poorly designed web applications to exploit SQL statements to execute malicious SQL code. In this tutorial, you will learn SQL Injection techniques and how you can protect web applications from such attacks. How SQL Injection Works The types of attacks that can be performed using SQL injection vary depending on the type of database engine. The attack works on dynamic SQL statements. A dynamic statement is a statement that is generated at run time using parameters password from a web form or URI query string. Let’s consider a simple web application with a login form. The code for the HTML form is shown below. Remember me"/>. Submit"/>. < /form> HERE, The above form accepts the email address, and password then submits them to a PHP file named index. It has an option of storing the login session in a cookie. We have deduced this from the remember_me checkbox. It uses the post method to submit data. This means the values are not displayed in the URL. Let’s suppose the statement at the backend for checking user ID is as follows SELECT * FROM users WHERE email = $_POST['email'] AND password = md. POST['password']); HERE, The above statement uses the values of the $_POST[] array directly without sanitizing them. The password is encrypted using MD5 algorithm. We will illustrate SQL injection attack using sqlfiddle. Open the URL http: //sqlfiddle. You will get the following window. Note: you will have to write the SQL statements Step 1) Enter this code in left pane. CREATE TABLE `users` (. INT NOT NULL AUTO_INCREMENT. VARCHAR(4. 5) NULL. VARCHAR(4. 5) NULL. PRIMARY KEY (`id`)). This email address is being protected from spambots. You need Java. Script enabled to view it.',md. Step 2) Click Build Schema Step 3) Enter this code in right pane select * from users; Step 4) Click Run SQL. You will see the following result Suppose user supplies This email address is being protected from spambots. You need Java. Script enabled to view it. The statement to be executed against the database would be SELECT * FROM users WHERE email = 'This email address is being protected from spambots. You need Java. Script enabled to view it.' AND password = md. The above code can be exploited by commenting out the password part and appending a condition that will always be true. Let’s suppose an attacker provides the following input in the email address field. This email address is being protected from spambots. You need Java. Script enabled to view it.' OR 1 = 1 LIMIT 1 - - ' ] xxx for the password. The generated dynamic statement will be as follows. SELECT * FROM users WHERE email = 'This email address is being protected from spambots. You need Java. Script enabled to view it.' OR 1 = 1 LIMIT 1 - - ' ] AND password = md. HERE,This email address is being protected from spambots. You need Java. Script enabled to view it. OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to only one record. AND … is a SQL comment that eliminates the password part. Copy the above SQL statement and paste it in SQL Fiddle. Run SQL Text box as shown below Hacking Activity: SQL Inject a Web Application We have a simple web application at http: //www. SQL Injection attacks for demonstration purposes only. The HTML form code above is taken from the login page. The application provides basic security such as sanitizing the email field. This means our above code cannot be used to bypass the login. To get round that, we can instead exploit the password field. The diagram below shows the steps that you must follow Let’s suppose an attacker provides the following input Step 1: Enter This email address is being protected from spambots. You need Java. Script enabled to view it. Step 2: Enter xxx') OR 1 = 1 - - ] Click on Submit button You will be directed to the dashboard The generated SQL statement will be as follows SELECT * FROM users WHERE email = 'This email address is being protected from spambots. You need Java. Script enabled to view it.' AND password = md. OR 1 = 1 - - ]'); The diagram below illustrates the statement has been generated. HERE, The statement intelligently assumes md. Completes the single quote and closing bracket Appends a condition to the statement that will always be true In general, a successful SQL Injection attack attempts a number of different techniques such as the ones demonstrated above to carry out a successful attack. Other SQL Injection attack types SQL Injections can do more harm than just by passing the login algorithms. Some of the attacks include Deleting data Updating data Inserting data Executing commands on the server that can download and install malicious programs such as Trojans Exporting valuable data such as credit card details, email, and passwords to the attacker’s remote server Getting user login details etc The above list is not exhaustive; it just gives you an idea of what SQL Injection Automation Tools for SQL Injection In the above example, we used manual attack techniques based on our vast knowledge of SQL. There are automated tools that can help you perform the attacks more efficiently and within the shortest possible time. These tools include How to Prevent against SQL Injection Attacks An organization can adopt the following policy to protect itself against SQL Injection attacks. User input should never be trusted - It must always be sanitized before it is used in dynamic SQL statements. Stored procedures – these can encapsulate the SQL statements and treat all input as parameters. Prepared statements –prepared statements to work by creating the SQL statement first then treating all submitted user data as parameters. This has no effect on the syntax of the SQL statement. Regular expressions –these can be used to detect potential harmful code and remove it before executing the SQL statements. Database connection user access rights –only necessary access rights should be given to accounts used to connect to the database. This can help reduce what the SQL statements can perform on the server. Error messages –these should not reveal sensitive information and where exactly an error occurred. Simple custom error messages such as “Sorry, we are experiencing technical errors. The technical team has been contacted. Please try again later” can be used instead of display the SQL statements that caused the error. Hacking Activity: Use Havij for SQL Injection In this practical scenario, we are going to use Havij Advanced SQL Injection program to scan a website for vulnerabilities. Note: your anti- virus program may flag it due to its nature. You should add it to the exclusions list or pause your anti- virus software. The image below shows the main window for Havij The above tool can be used to assess the vulnerability of a web site/application. Summary SQL Injection is an attack type that exploits bad SQL statements SQL injection can be used to bypass login algorithms, retrieve, insert, and update and delete data. SQL injection tools include SQLMap, SQLPing, and SQLSmack, etc. A good security policy when writing SQL statement can help reduce SQL injection attacks. Power BI Analyze in Excel - What You Need to Know. Microsoft announced another awesome Power BI feature recently – Analyze in Excel. This feature was requested by Avi Singh from Power. Pivot. Pro. com and was heavily supported as a requirement by the community. You can read more about how you can influence future releases at the bottom of this post. But let’s get straight into this great new feature. Analyze in Excel is available for the free service offering as well as the paid service. Note however if you want to upload a workbook and share it with someone else in your organisation so they too can Analyze in Excel, you will need the paid service. But don’t despair- Power BI Pro is cheap and well worth the money. Power BI Service. The Power BI Service is a modern version of SQL Server Analysis Services fully hosted in the Cloud by Microsoft. What that means to you is you can have a powerful server to host your Power BI workbooks and distribute your reports without having to spend hundreds of thousands of dollars getting it all set up. You can get started today for free with just a few clicks. Once you have your Power BI workbook loaded in the Cloud, you can even share a fully interactive version of the workbook publicly using the Publish to Web feature (demo’d below). Note you should only do this with non- confidential data as this approach will make your data available publicly over the Internet. What is Analyze in Excel? Once you have your data loaded up in Power BI, the world somehow just seems better. Sometimes however you just want to get into the data and analyse it using good old fashioned Excel Pivot Tables. Now can do that with the new Analyze in Excel feature. To do this, you need to do the following: Log in to the Power BI Service with your account. Navigate to the report in question in the left hand panel of the Power BI Service. Click on the ellipsis next to the report name (shown as 1 below)Click Analyze in Excel (2 below). Updated Data Connector. The first time you do this, you will be prompted to download some updated software that is required for this feature to work. Make sure you select the correct version for your version of Excel. Excel = Install x. Excel shown as 2 below. Once you have installed this, you can click the “Don’t show this again” box (shown as 3 above) to prevent this dialogue appearing each time you go through this process. One thing to be aware of. After you click “Don’t show this again”, you can get to the download box again by clicking the downloads button (shown as 1 below) and then selecting “Analyze in Excel updates” (2 below). However when you do this, it currently ONLY DOWNLOADS the 3. I have logged a bug with Microsoft and will remove this comment from this blog once the problem is fixed. Building a Pivot Table. After you click the “Analyze in Excel” button, a small ODC file will be downloaded to your PC. Keep an eye out for the download in your browser – mine is shown below. When I click on the above ODC file, I get warning message as shown below. Just click Enable. After you click “Enable”, you will get a new blank Pivot Table connected to the Power BI Service as shown below. Now you have a new blank workbook connected to your Power BI data model in the cloud. You can build out a Pivot Table to analyse your data like any other Pivot Table, with a few minor differences. If you take a close look at the Pivot Table Fields list on the right, you will see that there are now 2 types of field groups. The first type (shown as 1 below) are the measures stored in your tables in Power BI. These “measure tables” are indicated by the Sigma symbol. The second type (shown as 2 below) are the actual tables (and columns) from the data model. You select the Values for your Pivot Table from the measures tables (1) and the Rows/Columns/Filters/Slicers from the actual tables (2). Now you just build out your Pivot Table as normal as shown below. Thin Workbooks. When you save this file, you will notice something really special. This is a “Thin Workbook”, in my example it is just 2. The data does not live in the workbook – it is only in the cloud. The only data that is in the workbook is the data that is visualised inside the Pivot Table(s). But there is a cost to this approach – you must have a live connection to the Internet to be able to interact with the data in the Pivot Table. Personally I think this is a small price to pay for all of the benefits, however if you want to interact with your workbook in a location that doesn’t have an Internet connection, then this is something you will need to be aware of. Also note that now the data is in the cloud there will be a small amount of latency (delay) when clicking on the Pivot Table compared to a local workbook on your PC. This will be most noticeable for small workbooks that are almost instantaneous on your PC. These small fast workbooks will move from being “instantaneous” on your PC to being “sub second” in the cloud – which is not that bad in my view. If you have very large workbooks on your PC (say 3. MB +), or if you have 3. Excel on your PC, then you may actually notice an overall improvement with these thin workbooks. This is because the processing of the cube is now pushed to the Power BI Service which has lots of powerful processors to complete the task. Distributing Thin Workbooks. Now that you have this “Thin” Excel workbook, you can distribute the Thin Workbook to other users and they can also interact with the data live directly in the Excel workbook connected to the cloud. You don’t need to distribute the ODC file, just the updated and saved Thin Workbook. There are some pre- requisites for this to work, including: You will need to send them the Thin Workbook once the connection has been established (of course). They will need their own Power BI Service Account. They will need access to the shared data via the Power BI Service, so you will need to share the Power BI report with them too from within Power BI. They will need to install the updated “Analyze with Excel update” described earlier. I have tested distributing this Thin Workbook to a Mac user with Excel 2. I haven’t tested it with Excel 2. Mac but would like to hear from anyone who does. Better Than Export to Excel. Rob Collie has a favourite joke. Qn. What is the 3rd most common button in all BI tools? Ans. Export to Excel (3rd after 1. OK and 2. Cancel). But Analyze with Excel is so much more than “Export to Excel”. The reason of course is that you don’t have to take a copy of your data to work with it. You create a live link to the data source and hence when the data is updated in the future, your “Analyze with Excel” workbook will also update. Cube Formulas Work Too. If you like using Cube Formulas, the good news is they will work too. When you type a cube formula (like shown below), you will be given a choice of data connections (1 being the Power BI service and 2 being the data model in the current workbook). So that got me wondering… Can I have 2 data models for a workbook, 1 in the Cloud and a second in the workbook? The answer is yes. I have 2 cube formulas below, the first is coming from the data model in the current workbook and the second is coming from the Power BI service connected to the same workbook. Common Errors. New Versions of Connector. The connector is being updated all the time. If you see this error (or any other connection error for that matter)The connection failed because user credentials are needed and Sign- In UI is not allowed. The first thing you should do is make sure you have the latest version of the connector installed. You can find the latest update online at the Power BI Service as shown below. Forbidden Error. If you have multiple Power BI accounts, you may come across the following error “The HTTP server returned the following error: Forbidden.” In fact some users that don’t have multiple accounts have also experienced this error. The issue is caused by “swapping” between accounts and potentially the login process trying to log into the wrong account. There is a manual work around to fix this problem. Navigate to the ODC file you downloaded. Right click the ODC file and edit it in Notepad. Find the section that starts with < odc: Connection. String> Add the following text immediately after this string. User ID = name@youremailaddress. Save the file, and then double click to open it again. You should now be taken to the correct login screen to give you access to the data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |