diff --git a/introduction-to-sql-injection/build-presentation.sh b/introduction-to-sql-injection/build-presentation.sh new file mode 100755 index 0000000..afc539d --- /dev/null +++ b/introduction-to-sql-injection/build-presentation.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +pandoc -s --mathml -i -t revealjs sql_injection.md -V theme=simple -o presentation.html --css=./robot-lung.css + +sed -i 's||\n
\n
\n
\n
\n|' presentation.html diff --git a/introduction-to-sql-injection/example/README.md b/introduction-to-sql-injection/example/README.md index 1685530..de45481 100644 --- a/introduction-to-sql-injection/example/README.md +++ b/introduction-to-sql-injection/example/README.md @@ -15,7 +15,15 @@ Dependencies can be found inside the `./pyproject.toml` file. After installation has been done, start the flask server. -### Usage +### Create the Database + +Execute the [create_db](./create_db.py) script to setup the database + +```sh +python3 ./create_db.py +``` + +### Run Flask ```sh poetry run python3 ./flask_sqli.py @@ -33,7 +41,7 @@ source venv/bin/activate pip install flask ``` -### Usage after manual installation +### Run Flask After Manual Installation Start the flask server without poetry in the following way. @@ -41,3 +49,13 @@ Start the flask server without poetry in the following way. source venv/bin/activate python3 ./flask_sqli.py ``` + +## Usage + +First start the server, open your browser and open the website on locahost and +the port displayed after starting the flask server. Using the default +configuration of flask, the port is `5000`. + +``` +http://localhost:5000 +``` diff --git a/introduction-to-sql-injection/presentation.html b/introduction-to-sql-injection/presentation.html index 71309e1..5c8526b 100644 --- a/introduction-to-sql-injection/presentation.html +++ b/introduction-to-sql-injection/presentation.html @@ -93,9 +93,15 @@ code span.vs { color: #4070a0; } /* VerbatimString */ code span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */ - + + +
+
+
+
+
@@ -122,30 +128,30 @@ Next Presentation

Number 1

-

An SQL Query as a string embedded in other languages

+

An SQL Query as a string embedded in other languages.

sql_query =
-  cursor.execute(
-    "SELECT * FROM users WHERE username = 'admin' \
-    AND password = 's3cur3P4ssw0rd'"
+class="sourceCode sql">sql_query =
+  cursor.execute(
+    "SELECT * FROM users WHERE username = 'admin' \
+    AND password = 's3cur3P4ssw0rd'"
   )

Number 2

-

User input is possible as a string and is a part of said SQL -query

+

User input is possible inside a value of type string as a part of +said SQL query.

sql_query =
-  cursor.execute(
-    "SELECT * FROM users WHERE username = '%s' AND password = '%s'" \
-    % (username, password)
+class="sourceCode sql">sql_query =
+  cursor.execute(
+    "SELECT * FROM users WHERE username = '%s' AND password = '%s'" \
+    % (username, password)
   )
-

How to Exploit an SQL -Injection

+

How to Exploit an SQLi +Vulnerability

  • Close the string through an ending quote
  • Continue the query with your own SQL code
    • @@ -178,9 +184,11 @@ class="sourceCode sql">Other Queries 
    ' UNION SELECT 'a',NULL,NULL,NULL -- -
-' UNION SELECT * FROM users WHERE user_id = 1 -- -
-' UNION SELECT * FROM users WHERE user_id != 1337 -- -
    +class="sourceCode sql">' UNION SELECT 'a',NULL,NULL,NULL -- -
+
' UNION SELECT * FROM users WHERE user_id = 1 -- -
+
' UNION SELECT * FROM users WHERE user_id != 1337 -- -
@@ -198,10 +206,17 @@ href="https://github.com/sqlmapproject/sqlmap">SQLMap

Try for Yourself

-

Use the provided example inside this -presentation’s repository. There is a +

  • Use the provided example +inside this presentation’s repository. There is a readme which guides you through the -setup.

    +setup.

    • +

  • Further, try Damn Vulnerable Web +Application which you can setup by yourself or use Tryhackme’s DVWA +Room.

    • +

    The End

    diff --git a/introduction-to-sql-injection/robot-lung.css b/introduction-to-sql-injection/robot-lung.css new file mode 100644 index 0000000..5d94683 --- /dev/null +++ b/introduction-to-sql-injection/robot-lung.css @@ -0,0 +1,340 @@ +/** + + [ robot-lung ] + + A hot pink theme for Reveal.js with Roboto fonts and a colorful border. + By Josh Dzielak, https://dzello.com/, License MIT + + The bold border is optional and requires some HTML. To use it: + + 1. Add 4 divs to your HTML page: +
    +
    +
    +
    + + 2. Set { margin: 0.2 } in the Reveal.js initializer to make sure + your presentation content doesn't collide with the frame. + + Like the theme but don't like the colors? Don't fret. Just change + $borderColor and/or $linkColor below to something else and rebuild. + + Or if you don't want to rebuild the theme just override the .line background + property with some CSS: + + .line { + background: ; + } + +*/ +@import url(https://fonts.googleapis.com/css?family=Roboto+Slab:300,700); +@import url(https://fonts.googleapis.com/css?family=Roboto:700); +section.has-light-background, section.has-light-background h1, section.has-light-background h2, section.has-light-background h3, section.has-light-background h4, section.has-light-background h5, section.has-light-background h6 { + color: #141414; } + +.reveal .controls { + right: 50px; + bottom: 50px; } + +.line { + content: ''; + position: fixed; + background: #FF4081; + z-index: 105; } + .line.top { + left: 0; + top: 0; + width: 100%; + height: 30px; } + @media (max-width: 840px) { + .line.top { + height: 15px; } } + .line.bottom { + left: 0; + top: auto; + bottom: 0; + width: 100%; + height: 30px; } + @media (max-width: 840px) { + .line.bottom { + height: 15px; } } + .line.left { + left: 0; + top: 0; + width: 30px; + height: 200%; } + @media (max-width: 840px) { + .line.left { + width: 15px; } } + .line.right { + left: auto; + right: 0; + top: 0; + width: 30px; + height: 200%; } + @media (max-width: 840px) { + .line.right { + width: 15px; } } + +.reveal.has-dark-background .line { + display: none; } + +/********************************************* + * GLOBAL STYLES + *********************************************/ +body { + background: #fff; + background-color: #fff; } + +.reveal { + font-family: "Roboto Slab", serif; + font-size: 32px; + font-weight: normal; + color: #363636; } + +::selection { + color: #fff; + background: #ffc0d5; + text-shadow: none; } + +::-moz-selection { + color: #fff; + background: #ffc0d5; + text-shadow: none; } + +.reveal .slides > section, +.reveal .slides > section > section { + line-height: 1.3; + font-weight: inherit; } + +/********************************************* + * HEADERS + *********************************************/ +.reveal h1, +.reveal h2, +.reveal h3, +.reveal h4, +.reveal h5, +.reveal h6 { + margin: 0 0 20px 0; + color: #141414; + font-family: "Roboto", sans-serif; + font-weight: 700; + line-height: 1.2; + letter-spacing: normal; + text-transform: uppercase; + text-shadow: none; + word-wrap: break-word; } + +.reveal h1 { + font-size: 2.6em; } + +.reveal h2 { + font-size: 2.2em; } + +.reveal h3 { + font-size: 1.7em; } + +.reveal h4 { + font-size: 1.4em; } + +.reveal h1 { + text-shadow: none; } + +/********************************************* + * OTHER + *********************************************/ +.reveal p { + margin: 20px 0; + line-height: 1.3; } + +/* Ensure certain elements are never larger than the slide itself */ +.reveal img, +.reveal video, +.reveal iframe { + max-width: 95%; + max-height: 95%; } + +.reveal strong, +.reveal b { + font-weight: bold; } + +.reveal em { + font-style: italic; } + +.reveal ol, +.reveal dl, +.reveal ul { + display: inline-block; + text-align: left; + margin: 0 0 0 1em; } + +.reveal ol { + list-style-type: decimal; } + +.reveal ul { + list-style-type: disc; } + +.reveal ul ul { + list-style-type: square; } + +.reveal ul ul ul { + list-style-type: circle; } + +.reveal ul ul, +.reveal ul ol, +.reveal ol ol, +.reveal ol ul { + display: block; + margin-left: 40px; } + +.reveal dt { + font-weight: bold; } + +.reveal dd { + margin-left: 40px; } + +.reveal blockquote { + display: block; + position: relative; + width: 70%; + margin: 20px auto; + padding: 5px; + font-style: italic; + background: rgba(255, 255, 255, 0.05); + box-shadow: 0px 0px 2px rgba(0, 0, 0, 0.2); } + +.reveal blockquote p:first-child, +.reveal blockquote p:last-child { + display: inline-block; } + +.reveal q { + font-style: italic; } + +.reveal pre { + display: block; + position: relative; + width: 90%; + margin: 20px auto; + text-align: left; + font-size: 0.55em; + font-family: monospace; + line-height: 1.2em; + word-wrap: break-word; + box-shadow: 0px 0px 6px rgba(0, 0, 0, 0.3); } + +.reveal code { + font-family: monospace; + text-transform: none; } + +.reveal pre code { + display: block; + padding: 5px; + overflow: auto; + max-height: 400px; + word-wrap: normal; } + +.reveal table { + margin: auto; + border-collapse: collapse; + border-spacing: 0; } + +.reveal table th { + font-weight: bold; } + +.reveal table th, +.reveal table td { + text-align: left; + padding: 0.2em 0.5em 0.2em 0.5em; + border-bottom: 1px solid; } + +.reveal table th[align="center"], +.reveal table td[align="center"] { + text-align: center; } + +.reveal table th[align="right"], +.reveal table td[align="right"] { + text-align: right; } + +.reveal table tbody tr:last-child th, +.reveal table tbody tr:last-child td { + border-bottom: none; } + +.reveal sup { + vertical-align: super; } + +.reveal sub { + vertical-align: sub; } + +.reveal small { + display: inline-block; + font-size: 0.6em; + line-height: 1.2em; + vertical-align: top; } + +.reveal small * { + vertical-align: top; } + +/********************************************* + * LINKS + *********************************************/ +.reveal a { + color: #FF4081; + text-decoration: none; + -webkit-transition: color .15s ease; + -moz-transition: color .15s ease; + transition: color .15s ease; } + +.reveal a:hover { + color: #ff8db3; + text-shadow: none; + border: none; } + +.reveal .roll span:after { + color: #fff; + background: #f30053; } + +/********************************************* + * IMAGES + *********************************************/ +.reveal section img { + margin: 15px 0px; + background: rgba(255, 255, 255, 0.12); + border: 4px solid #363636; + box-shadow: 0 0 10px rgba(0, 0, 0, 0.15); } + +.reveal section img.plain { + border: 0; + box-shadow: none; } + +.reveal a img { + -webkit-transition: all .15s linear; + -moz-transition: all .15s linear; + transition: all .15s linear; } + +.reveal a:hover img { + background: rgba(255, 255, 255, 0.2); + border-color: #FF4081; + box-shadow: 0 0 20px rgba(0, 0, 0, 0.55); } + +/********************************************* + * NAVIGATION CONTROLS + *********************************************/ +.reveal .controls { + color: #FF4081; } + +/********************************************* + * PROGRESS BAR + *********************************************/ +.reveal .progress { + background: rgba(0, 0, 0, 0.2); + color: #FF4081; } + +.reveal .progress span { + -webkit-transition: width 800ms cubic-bezier(0.26, 0.86, 0.44, 0.985); + -moz-transition: width 800ms cubic-bezier(0.26, 0.86, 0.44, 0.985); + transition: width 800ms cubic-bezier(0.26, 0.86, 0.44, 0.985); } + +.reveal .progress { + z-index: 1000; + color: #FF80A1; } diff --git a/introduction-to-sql-injection/sql_injection.md b/introduction-to-sql-injection/sql_injection.md index b4172ba..173cb0c 100644 --- a/introduction-to-sql-injection/sql_injection.md +++ b/introduction-to-sql-injection/sql_injection.md @@ -20,9 +20,9 @@ An SQL injection occurs when two things come together. ### Number 1 -An SQL Query as a string embedded in other languages +An SQL Query as a string embedded in other languages. -```python +```sql sql_query = cursor.execute( "SELECT * FROM users WHERE username = 'admin' \ @@ -34,9 +34,9 @@ sql_query = ### Number 2 -User input is possible as a string and is a part of said SQL query +User input is possible inside a value of type string as a part of said SQL query. -```python +```sql sql_query = cursor.execute( "SELECT * FROM users WHERE username = '%s' AND password = '%s'" \ @@ -46,7 +46,7 @@ sql_query = --- -## How to Exploit an SQL Injection +## How to Exploit an SQLi Vulnerability * Close the string through an ending quote * Continue the query with your own SQL code @@ -79,7 +79,13 @@ SELECT * FROM users WHERE username = '' or '1' = '1' -- - AND password '%s' ```sql ' UNION SELECT 'a',NULL,NULL,NULL -- - +``` + +```sql ' UNION SELECT * FROM users WHERE user_id = 1 -- - +``` + +```sql ' UNION SELECT * FROM users WHERE user_id != 1337 -- - ``` @@ -95,9 +101,13 @@ SELECT * FROM users WHERE username = '' or '1' = '1' -- - AND password '%s' ## Try for Yourself -Use the provided [example](./example) inside this presentation's repository. +* Use the provided [example](./example) inside this presentation's repository. There is a [readme](./example/README.md) which guides you through the setup. +* Further, try [Damn Vulnerable Web +Application](https://github.com/digininja/DVWA) which you can setup by yourself +or use [Tryhackme's DVWA Room](https://tryhackme.com/r/room/dvwa). + --- # The End