The online community for software testing & quality assurance professionals
 
 
Calendar   Today's Topics
Sponsors:




Lost Password?

Home
BetaSoft
Blogs
Jobs
Training
News
Links
Downloads



Software Testing >> Security Testing

Pages: 1
AtishSupakar
Member


Reged: 07/29/10
Posts: 28
SQL Injection
      #637265 - 08/04/10 02:15 AM

Has any one performed SQL Injection Testing?
if yes, other than the known points as given below

1.'OR 1=1 -- and 'OR a=a --

Can any one let me know what other aspects, you have Tested?
because in a real application with stored procedure ,its hard to get things as given above.
So what else could be the ways to test?


Post Extras: Print Post   Remind Me!   Notify Moderator  
hafeez
Member


Reged: 04/15/09
Posts: 106
Re: SQL Injection [Re: AtishSupakar]
      #637768 - 08/07/10 07:30 AM

There may be variation in sql statements and my sql statement, better to google it . you find a lot

--------------------
regards,
hafeez
SQA Knowledge Bank


Post Extras: Print Post   Remind Me!   Notify Moderator  
AtishSupakar
Member


Reged: 07/29/10
Posts: 28
Re: SQL Injection [Re: hafeez]
      #638038 - 08/10/10 12:43 AM

Hi Hafeez, if something we need to google,we know where to do it just to post something please don't keep a note here...if you have done testing then please give comments else please don't.

Post Extras: Print Post   Remind Me!   Notify Moderator  
yok
Member


Reged: 03/24/09
Posts: 45
Re: SQL Injection [Re: AtishSupakar]
      #638089 - 08/10/10 05:05 AM

Hi AtishSupakar

SQL injection means can enter the login details for using front end instead of we can use to enter the database in odd code the login details to entire the application. any clarification ask the qurey from this thread..

Regards
YOK


Post Extras: Print Post   Remind Me!   Notify Moderator  
Joe Strazzere
Moderator


Reged: 05/15/00
Posts: 12344
Loc: Massachusetts, USA
Re: SQL Injection [Re: yok]
      #638095 - 08/10/10 05:18 AM

Atish,

OWASP is a good resource.

And their article at http://www.owasp.org/index.php/Testing_for_SQL_Injection_(OWASP-DV-005) would probably be a good place for you to start.

Good luck.

--------------------
- Joe
Visit AllThingsQuality.com to learn more about quality, testing, and QA!

I speak only for me. I do not speak for my employer, nor for anyone else.


Post Extras: Print Post   Remind Me!   Notify Moderator  
brentpaine
Veteran


Reged: 03/09/07
Posts: 3755
Loc: Waterloo, Ontario, Canada
Re: SQL Injection [Re: Joe Strazzere]
      #638103 - 08/10/10 05:51 AM

Actually SQL Injection is probably the easiest thing to test for. I would suggest using the Web Goat tool there. It's like a virtual training environment for security testing and will allow you to actually attempt various attacks against a local machine. It's actually really useful and educational.

--------------------
Brent
--------------------
9 out of 10 people I prove wrong agree that I'm right. The other person is my wife.
--------------------


Post Extras: Print Post   Remind Me!   Notify Moderator  
Gaurang_Shah
Advanced Member


Reged: 02/11/08
Posts: 558
Loc: Ahmedabad, India
Re: SQL Injection [Re: AtishSupakar]
      #638202 - 08/10/10 09:42 PM

Following are some of the cheat sheets i got while surfing on net.

admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--

--------------------
GauranG Shah
I don't make the software, Rather I make it better.
My Blogs:
All About Automation
Spell Checker


Post Extras: Print Post   Remind Me!   Notify Moderator  
AtishSupakar
Member


Reged: 07/29/10
Posts: 28
Re: SQL Injection [Re: yok]
      #638264 - 08/11/10 04:22 AM

Hi yok thanks for your valudable time...but we are not here to get definitions...we know what SQL Injection means ,all we need to get is how to inject when your Application is using SQL Stored procedures...Is there any method to do that?have you ever implemented?

Thank You


Post Extras: Print Post   Remind Me!   Notify Moderator  
AtishSupakar
Member


Reged: 07/29/10
Posts: 28
Re: SQL Injection [Re: Joe Strazzere]
      #638266 - 08/11/10 04:26 AM

Hi Joe Strazzere ,

Thanks for the URL, but if you could give some practical examples it would be great.

It might happen you have practically use some of the methods when Your application is already bullet proof say ,it has used stored procedures and all...

Just wanted to know,if the application is not using nay string queries,then how you are going to test for SQL Injection?

Thanks


Post Extras: Print Post   Remind Me!   Notify Moderator  
pkbstar002
Newbie


Reged: 01/06/11
Posts: 1
Re: SQL Injection [Re: AtishSupakar]
      #655148 - 01/06/11 11:56 PM

You can make your own webpage for testing and leave the parameters without any filterations ,
suppose if you say you wanna do $var = $_POST['id'];

where database has a query [select * from table_name where name='$var' ;]

that could lead to sql injections .
I would always suggest to do it locally .


Post Extras: Print Post   Remind Me!   Notify Moderator  
twhitehouse
Newbie


Reged: 04/15/11
Posts: 1
Re: SQL Injection [Re: pkbstar002]
      #668368 - 04/15/11 01:54 PM

So, I had come to the same conclusion to build my own mysql database and to put a php page in front of that. Then, I could start doing the SQL injections to see how they worked.

I agree with AtishSupakar in the fact that from googling the majority of what I have found is theory on this topic. I have found some specific examples, but that was through a lot of digging. OWASP is a great starting point as noted by Joe already.

I have a few specific questions that I have not found information about yet. Does anyone have a guideline or something on this topic? For example, if you do not know anything about a site, where do you start? What happens if you try some of the suggested injections and do not get any useful information back? What if you are trying to do an SQL injection against a flash / flex page? Would tools like Charles and Wireshark prove useful against external sites?

Thanks in advance,
Toolmania1


Post Extras: Print Post   Remind Me!   Notify Moderator  
dlai
Junior Member


Reged: 05/02/06
Posts: 1041
Loc: CA, USA
Re: SQL Injection [Re: twhitehouse]
      #686131 - 09/21/11 04:03 PM

IBM appscan will try different common SQL injections. But it's also a good idea to monitor your DB logs for the calls to make sure they don't reach DB, as appscan might not know if a query has gone through if it doesn't see garbage coming back.

--------------------
David Lai
Sr. QA / Test Lead
LinkedIn profile


Post Extras: Print Post   Remind Me!   Notify Moderator  
dlai
Junior Member


Reged: 05/02/06
Posts: 1041
Loc: CA, USA
Re: SQL Injection [Re: twhitehouse]
      #686132 - 09/21/11 04:11 PM

Quote:


I have a few specific questions that I have not found information about yet. Does anyone have a guideline or something on this topic? For example, if you do not know anything about a site, where do you start? What happens if you try some of the suggested injections and do not get any useful information back? What if you are trying to do an SQL injection against a flash / flex page? Would tools like Charles and Wireshark prove useful against external sites?

Thanks in advance,
Toolmania1




where do you start?
A: Use a tool proxy your web request and see what get/post vars are being passed. These are things that potentially need to be sanitized on the backend. There are tools like IBM appscan that analyzes a page and perform a variety of generic attacks.

What if you are trying to do an SQL injection against a flash / flex page?
A:Since input into a flash/flex page can come for a differnt sources, not just get/post variables. Tools such as AppScan will not work as well. It's best to use a static code analysis tool such as FlexPMD to find areas that are potentially unsanitized. From there you'll have to construct specific tests against those entry points. (actually this is more for session hijacking, as someone can load their flex app into yours) Look at any outgoing request and connections, verify the data is sanitized on the server end.

Would tools like Charles and Wireshark prove useful against external sites?
A: you can use those, but those are a bit overkill. Since they inspect packets, you'll get TMI. A web request proxing tool such as TamperData plugin for firefox is a good one for http based attacks.

--------------------
David Lai
Sr. QA / Test Lead
LinkedIn profile

Edited by dlai (09/21/11 04:19 PM)


Post Extras: Print Post   Remind Me!   Notify Moderator  
prasanth_ratakonda
Newbie


Reged: 09/27/11
Posts: 4
Loc: India
Re: SQL Injection [Re: dlai]
      #688308 - 10/12/11 12:21 PM

SQL injection tools might be useful when you are going for blind injection(That is when you are not sure about the database server and server side script language used for building application)

When you say Security testing i hope you should be knowing your DB.You can have a look at developers SQL queries or stored procedures and craft a injection query. Dont waste your time blindly trying all available formats like a hacker


Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1



Extra information
0 registered and 1 anonymous users are browsing this forum.

Moderator:  icruiser, AJ, Walen 

Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      UBBCode is enabled

Rating:
Topic views: 9114

Rate this topic

Jump to

Contact Us | Privacy statement SQAForums

Powered by UBB.threads™ 6.5.5