Quines: A Self Producing Syndrome

[Music]

yes very well thank you very well and uh where are you calling in from i'm from india here lastly kerala okay excellent excellent so you're talking about is it quines or queens coins yeah it's okay and it's sql injection right i know much there we go well i mean sql injection has been around for about 15 years right so yeah yeah it's in the os top 10 forever so um okay so um please uh get your presentation uh up and ready in the meantime can i just remind everybody the left uh sorry the left of their screen now that way the left of their screen i'm gonna rephrase that again the right of your screen is where the

comments are and where you can place your questions if you have any questions you'd like to discuss later on uh please jump on to the slack channel where i hope you'll be able to um jump into the chat yeah sure yeah fantastic so is my screen being shared now yes it has uh yeah you are ready to go take it away uh don't forget okay so hello ron i hope everyone is sick and safe and secure uh i'm gonna and today i'll be doing a presentation on coins and quiet sql injections so i think the topic finds a self-producing syndrome itself is making it pretty self-explanatory but again let's see a little bit about myself i'm bachelor

and technology student at amrita university amrita puri and i'm an avid ctf player of team bios which is the number one ctf team of india and also the member of team shakti which is one of the three women only ctf team in the world i focus on web exploitation and web security we are also the hosts of shakti city which is an upcoming ctf for women and various other cool ctfs okay so as i mentioned our team is ranked number one ctf team in india which started in 2008 by our mentor vipin pavitran sir we take upon security researches vulnerabilities and its mitigations and so we are the host of in ctf international which is pretty popular in ctf national which

is like the national level ctf for college students then it's like the first one in india and institute of junior which is the national level city for school students okay a little bit about team shakti team shakti is a only ctf team we started our team in 2018 we conduct work workshops and see other programs to bring more women into this field of security yeah as i said we have an upcoming ctf exclusively for women cool set of challenges okay so let's look into the agenda of today's talk so starting off personally i feel like i prefer more examples and demonstrations than theories or definitions to understand the concept and i'm gonna make this beginner friendly as much as

possible so i'll start from the basics and increase the level okay so i'll begin with a briefing on sql queries for those who are new to it i mean yeah i'll brush up on the syntax and how the queries are used to manipulate the database add delete change and so on um then i'll give a quick explanation on sql injection since without the basic concept it's going to be really difficult for me to explain what i intend to it just for my satisfaction i'll explain a bit on what sql injection is like how it happens why it happens when and so on and then what are the types of sql injections we will check a few examples for clarity

then we look at a few prevention methods and also uh yeah the cool thing we can see like check a bit on the bypass of web application firewalls with sql injections okay so for those who already know this hold on patiently because i'll be taking a short sqli 101 before getting into coins i want to make sure things are presented clearly to each and every audience okay so next we'll get into coins practically what how when why and that sort of stuff what is the whole purpose of coin like uh how it is interesting so it's like something about coin it's what friedman said it's like coins are practically something that popped out of biology

the whole concept so unless and until you look at it in a curious perspective it's actually really really interesting and exciting but it can feel very useless if not understood properly okay i'm being brutally frank here in the beginning yeah in the beginning i was like what's going on here like what even is the point of it but yeah it's pretty fun okay so we will look into the uses and a few examples on how it works and then talk about injections like in coin called an endurance this is not a squinosphere injection but a method of injecting in coins finally we will talk about coin sql injections it's pretty neat and fun again what

where how and all then a demonstration payload i'll break it down into small small pieces where they it's easier to digest okay we will yeah we'll also discuss on the impact severity of this attack how it can be mitigated because that's an important thing and check a demonstration of coin sql injection in a weak authentication check so the whole prevention part can be understood from the vulnerable check the vulnerable authentication check we're seeing in the demonstration itself okay so starting off sql is a domain specific language it's like used in programming and it's basically designed for managing data held in any sort of relational database management systems so let's just say we have a login system

you type in your name and password and at the back end it fetches the details with respect to the data you like with the data sent and it sends back the response so the mechanism which selects the content where username equal to s and password is equal to y that's where sql comes into play right so we have the accessibility to manipulate data unlike our files which can be disorganized and you know less secure when compared to like when considering data handling right so some common relational database management systems that use sql are oracle microsoft sql servers access ingress etc although most databases like systems use sql most of them also have uh would say

their own additional proprietor extensions that are not only used on their system like it's like exclusive to them it's not it's not common for everything however there are standard sql commands just select insert drop delete update create and all that can accomplish almost everything one needs to do in a database it's like you know manipulation complete it's all the manipulation needed okay so the basics basic you know the basic function of sql is to query data contained in a relational database as you see start and yeah on the contrary every functionality comes with the flow right so no method in this world would be 100 efficient so there comes the attack to destroy sql functionality

and to all the people who say sql is old school and not fun anymore it's hard how they miss the wide variety of the attack okay next slide okay so injections sql injection is a code injection technique yeah which is used to you know attack data-driven applications which is like very much malicious sql statements are inserted into entry field or where the input is taken for execution like yeah like the input fields so yeah like injection has made a like yeah like our host said injection has made a constant appearance in top 10 web application security vulnerabilities for over 10 years sql injections like it allows an attacker to spoof identity or tamper with existing data cause

repudiation issues that could be like voiding transactions or maybe changing balances allow disclosure of data in even many cases destroy data like make it completely unavailable and there are also cases where they can get a privilege escalation they could become like administrators of the whole database server okay so as i said sql injection must exploit a security vulnerability in an application software so for example when a user is either incorrectly filtered for string literal escapes characters which is embedded in sql or use input in you know which is not strongly typed or unexpectedly executed or like you know accidentally run or so it's most known as attack worked around websites but yeah it can be used in

you know any any type of sql database too next slide yeah okay this is an example sql injections vary yeah definitely but mostly it it's like using the input and closing the query running in the back adding a few queries and removing off every bit of the rest of the query with commenters so here we have our inject in red this is like very basic injection where we inject malicious code in the input comment of the rest whatever comes in yeah for those of you are new to this i hope that's clear yeah let's go for a short demo so what's happening here is it's selecting uh the output where username and password provided with what is provided provided with what

is there in the database

okay so it's like normal authentication checks it if it finds the correct one it prints welcome else it prints valid so here i'm giving them valid ones and it's it prints welcome if i give an invalid password or username it gives invalid as easy as that

okay so let's say we wanna login as admin to you know get his or her privileges and we don't know what the password for admin is what we do is inject a query which comments the rest of your rest of what is there on the back end rest of the select statements so finally it becomes select it just selects your username is equal to admin without asking the password simple as that that's like very basic form of sql injection yeah next getting into the types of sql injection they can be classified into three main categories uh in banned sql injections in feral sql injection or blind skill injections and out of band sql injections okay

inbound sql injections is usually the most common and easy to exploit kind of sql injection attacks like in inband uh skills usually it occurs when an attacker you know is able to or say you see you know the same communication channel use the same communication channel to both launch the attack and also to gather results right so the two most common types of inband sql injection attacks are error-based sql injections and union-based skill injections error-based sql injections usually relies on the error messages thrown by the database servers so if you use mysql or something if there is an error it it pops like okay there is a syntax error so the errors are thrown back union base depends on

the union sql operator which is like the combinational operator like it's pretty self-explanatory so it combines the results of two or more select statements right okay in blind sql injection it's practically a pretty long down right for an attacker to exploit the attacker would not be able to see the result of an attack in an inband which perhaps explains blind as in the attacker closely examines like indirect loss in behavior like when we try to get an error fix it try again sort of say you know try an error if trial and error stuff the injection doesn't you know reveal data from the database directly so clues can be like http responses blank web pages for certain user inputs

and how long it takes you know for the database to respond to certain user inputs are those other things that can be you know close depending on the goals that occur and yeah the two types of blind sql injections are blue blind boolean based and blind time base yeah boolean based sql injections depend on whether the query returns true or false statements as the name suggests boolean yeah in time based the query you know to the database which forces the database to kindly wait for a specified amount of time and the response time explains true or false like let's say wait for five minutes five seconds if it waits for five seconds it's true something like that okay next yeah out

of band out of band sql injection occurs when an attacker you know is unable to use the same channel as the law to launch the attack and gather results like it's the opposite of in-band this is pretty you know common one of the fan okay this is the fun part of sql injection yeah it's like when we get to break the exclusive rules like it's particularly given that don't do it and the first thing is like do it so of office of a web application firewall helps to protect the web application by filtering and monitoring http traffic between the publication and the internet it typically protects web applications from like crosstalk scripting cross site foreign

file inclusion secure injections and other kind of cool attacks so as i was saying a wolf operates through a set of rules called policies these policies aims you know to protect against vulnerabilities in the application by filtering out just the malicious traffic right so in applications prone to sql injections they tend to create a web application firewall that sanitizer blacklist the common sql keywords in the input okay so uh sql injection worf is generally like yeah same as the policies it has it follows a bunch of rules to prevent speed injections so most common filters supplied by warps are by possibly it's easy to bypass let's discuss a bit in the common ones okay so union blacklist can be trashed

by blind sequels so it actually uses the method of requesting a true or false statements as i said before uh as the responses from the database using and operator or or operators to brute force the data okay this can be used when the database does not give out any output right next is buffer overflow by fasting so while writing into the buffer with a huge value with huge values surpass the buffers boundary like overwriting the memory of an application because most of the valves right are mostly written and combined in c crlf is carriage return line feed okay these control characters can be used to subtract substitute for spaces for comments which are blacklisted hpp is http parameter pollution

okay the parameters in the http request like is like maliciously you know malibu dated with maliciously you know unlimited different unintended malicious statements methods to or methods to achieve sensitive information uh it's like you know multiple parameters of the same name are interpreted differently in different languages of frameworks i said so to give an example php or apache it's like controls the last occurrence occurrence of the parameter so if we give user name equal to kim jong-un and username equal to pass admin it would consider the second one so we get the access of the admin and if the you know framework the server is jsp servlet or apache tomcat it contrasts the first occurrence so we

swap it right to what our requirement is okay so character substitutes it's like we using characters like uh parallel question marks double quotes single quotes uh percentage like yeah ampersand and dot usually the wolf would consider these kind of special characters as spaces and completely ignore them okay so which is like which is like a help for us to bypass various keywords which are blacklisted links so be it space a lot hex in coding yeah when particular keywords are you know blacklisted we could substitute with the hex encoder value because after the url is passed it obviously decodes and turns the hex value to plain text right okay so unicode encoding yeah in this encoding standards like

some of the characters can be you know used as the substitute for ascii character values if at all it's blocked and thus by we can bypass it and dump the database okay lexis base conversions by base conversion i think they are that's self-explanatory it's like by representing values that are blacklisted in different basis it's like yeah zero x base is bait base 16 and base 8 values are differently printed but it's the same value right so yeah what we can do is represent values that are blacklisted in different basis would help bypass that filter yeah when we provide a url encoded null byte which is like percentage 0 0 before the string to be bypassed

it will remove everything after the null byte so that can be used as you know maybe comments substitute and so next is ascii substitute it's similar to unicode substitute it's like these ascii characters can have you know multiple alternatives which has a different value but their functions would be similar and can be used to bypass any blacklist that's created right changing is okay this is this is not that common but yeah it's quite i mean i don't think servers are that's that them to you know keep let you know keep a walk that can bypass okay changing cases we can bypass with the changing case so the sql keywords are obviously case insensitive and hence

when a waff blocks a particular case of string you can bypass it by giving varied cases right okay url encoding it's also similar to hex encoding by substituting hex values to all the blacklisted words and bypass it once the url gets decoded replace by bus i don't think this is very common but yeah the works that replace you know all occurrences of particular keywords with empty strings can be bypassed by giving a keyword in the middle of the same key keyword and hence getting the same keyword after the work replaces the keyword in between so practically these are just a few methods like the letter is just a huge wide ocean of exploits and methods

next slide okay now the pretty mystical one in injections coin sql injections but before that what is coins okay let's get a good idea of coins before we move on to coin injections a coin is a computer program which prints its own listing okay the concept is actually as i told from buyers it's actually from cell multiplication concept in living beings as in in molecular biology dna replication is the biological process of you know producing identical replicas of dna from one original dna molecule we got that right okay as in how dna and other protein stuff is replicated as well as in the new cell okay so that's self uh replicating programs it's similar like that's what

coin does that's the characteristics of coin this may sound either impossible trivial or trivial and stuff like that like what's printing its own listing okay what is the point of it like this means that when a program is run right it must print out precisely those instructions which programmer wrote as you know as a part of the program alone so okay let's just say we have a program print hello so the output is obviously gonna be hello right so for coins it's like if the program is print hello the output output will also be print hello rather than just hello okay the easiest way to do that of course is like go seek the source file on the disk open

it print its content okay what's the use of it that may be that may be done but that's definitely not a program which is printing itself besides the program might not know where the source file is it may have access to the you know only the compiled data of programming languages may simply forbid that sort of operations right so coins are actually you know it's something that's possible in any during complete programming languages it's like a direct consequence of claims recursion theorem okay claims recursion theorem uh it's like a pair of fundamental results about application of computable functions it's like to their own descriptions so uh to their own descriptions and sense it's related to what

say a fixed points determined by enumeration operators so which are like computable kind of you know a computable correlate okay and the comfort part of coin is that in all general purpose programming languages coins can be developed like mixing the programming programs and data and all for example escaping quotes inside strings of characters okay so there there is some difficulty like the difficulty of programming these languages and you know lengths can be reduced this these you know reducing the difficulty of programming these quant languages to get the particular fixed point and you know you're reducing the length because there's gonna be a you know multiple recursive copying of data and code in this so that can be reduced if the

program so you know the program language that we use has features supporting structural reflection right that is like uh the ability of the language to provide complete refrigeration you know it's like complete verification when the program is run or executed okay so refrigeration means that you know the program is you know during the execution it can be encoded as data right in our cases what we're gonna use for now we're you know with our programming languages javascript skill or whichever we check with reflection features and not using them okay yeah next thing about coins coins take no inputs right and it prints its source code as output generally coins don't take any kind of input

they are allowed to you know they are not allowed themselves they are not allowed to step out of itself which is like it can print its source code alone but there can't be anything any stuff like buffer overflow or getting out of the bond and print anything more than the source code very restricted okay yeah the interesting thing the advantage is obviously the interesting thing is that writing coin does not depend on any kind of stuff like being able to read the source file or able to represent you know codes in several different ways and that sort of stuff and it's like um let's just say we have a code it to printed store source okay we might be

just having the binary to run and not the program right so we might not know where the store and all so for coins they don't depend on any of this it's like you run the program and you get the source printed no strings attached okay yeah so here we see different examples of and types of points so first is constructive coins in general the method you know is used to create a coin in any program from a language you know is to have within the program two pieces it's like code and data i think i've mentioned before code and data so code is used to do the actual printing okay it's like in print hello print

print is the code part hello is the data part right so there are data that represents the textual form of the code it's usually inside codes okay okay so the code functions you know by using the data to print the code which makes use of the data in sense it's like it represents the textual form of the code but it also uses the data processed in a very simple way to print you know the textual representation of the data itself right so it's like you know summarizing it's like code prints the data and the data has the code which prints itself eventually again the same reference to cells where when it replicates the dna is in it also replicates as the data in

the code too right okay next is oroboros in auroburs the coin concept can be extended you know to multiple levels of recursion originating aurora's programs or you can also call it coin relays these coin relays or roboros programs which produce a chain of you know continuous files in different programming languages eventually coming back to the original source code okay it does you know it does its recursion and pops back to getting the source getting to the source so the next is multi coins multi coins and auroboros coins is not the same thing there might be a confusion at some points but it's not the same thing like multi coins one run normally it's a coin

but if you know if it is called with a particular command line argument it will print a different program completely different program let's say it's a relative program it's a relative program that's which is also a coin but then again in a different programming language okay so the second one prints its own listings when run normally right but when it's run with a different command line argument or let's say a fixed particular command line argument it prints listing of the original program that's the parent program the first relative okay so summarizing multi coin is a set of two pro two programs or maybe two made to be two or more which is able to print either

of the two like it's it's a set of n different programs like not just two in n different languages each of which is able to print any of the n programs it can also be including itself the parent parent coin according to the command line argument which is passed okay so summarizing it's like multiple recursive probability of coins of number of languages right okay so another misunderstanding is polygon coins is a coin that can be read right and is up is also a coin in several different languages right so this might sound same as multi coins but no it's not multi coin it's it's you know if you think about it it's it pretty much

fits in the definition of multi coins it can be a subset but it's completely not a multi coin okay so polygon coin could be thought of generalization of a multi coil it does the same thing but it doesn't need you know command line arguments and all you know of the programs that are identical or the child coin or something like that right so the next one is a radiation hardened i have no idea who's keeping these names radius and hard hardened or worse okay a radiation haran coin is like a coin that can be you know have a single character removed and it still produces the original program the original data that we inputted with no like

literally no missing characters this seems like magic like how you just lost a part of your body and again you come up with this complete part of your body how does that happen but yeah it's that particular fixed point as i discussed in clean's recursion theorem it's that what makes you know still makes it a coin difficult to get there but yeah fun okay so eval points something you know some programming languages might have the ability to evaluate a string as a program not many but there are yeah a few that has that functionality running okay coins can take advantage of this feature val is actually one of the easiest way to you know write the coin since it reduces the

need to continuously copy the code and paste it the copy the data part put it in the code copy the code bar and put in the data stuff like that so like before we had a loop of you know code running data and data having code and all as in the majority of the coins require two copies of code as i said one to be executed one as data right so this can end up in doubling the length of the source code making it harder to maintain obviously so trying to treat your code as data is often not possible right treating data score can be done in many languages using eval your coin basically consists of storing

the main body of your coin in a variable then evaluating that variable that's pretty you know basic kind of coin basic instance easy quite a coin okay that's something that's more easier and i don't know why it's in you know in the classification it's cheat coins they seem self-explanatory as i mentioned on how you know coins don't need location or file or have the physical file files accessibility and auto reproduce the source so what is the point of not coding and directly you know getting the print of the source code but again you know those cheat points fit perfectly under the definition of coins it it's a program that's run and you know it prints the output so i'll just

give it that acknowledgement to them okay so yeah two types so source code inspect it's like coins per definition cannot receive any form of input including reading file which means that a coin is considered to be cheating right it if it looks at its own source code in many functional you know functional languages like numbers are self-evaluating it's like when you print one it's like a one byte coin if you know the last line of the program is returning the returned value is displaced displayed on the screen therefore and it's like in such language programming is right containing a single digit result in a one byte coin since such score does not construct itself it's like

it's like a proper tapes it doesn't construct itself this is often considered cheating so that's not a proper coin i'll try to give a few examples or demos if time permits is the end of the dock yeah okay so we will take an example of this python coin which prints itself okay so as i mentioned it has a code part and a data part here the data part is inside the codes okay so and the rest is the code part which runs the whole thing and gets the code replicated as it is all right let's just take a look at how this work i start with the skeleton and then add on explaining it to explain

the oh okay okay so we give the variable no value printed nothing happens there right we give the variable the data part in string here we've given a variable with you know the first program we wrote to print that you know and we call it recursively the percent is r is to call it recursively again usually usually it prints the data now we have to you know print the print function that should come out as output right so we add that data next is like we have to print this as string i add yeah we've added percentage s along now that we have added a percentage s we have to have a you know something that to print

percentages so that's where we use percentage percentages to print percentages and there we go we have a super easy coin program separate which prints itself right next slide okay so let's just say we have this is a fun thing it's not again what i said it's not sql queen sql injection but it's a type of attack it's a type of injection in coins okay so let's just say we have we would like to add viral payloads to the coin but we we do not want to harm its self uh you know reproductive ability right so to achieve this we can use introns which are like uh you know pieces of coin data that are not used to output the coin

code but there are also you know copied when the data is returned the output it's like non-essential coin data but you know the portions of data that are not used in the dna to produce proteins it's like you get 88 percentage of your parents yeah dna but the rest is like i don't know what rest is i don't know biology yeah it's like it's useless but it gets copy copied right you know it's not useless it could go it's get it gets copied so that's introns like it's copied but it doesn't affect the product productive ability of coins okay so yeah as i said uh coins uh coins in drones are reproduced along with the

coin but they're not necessary to be you know to the self-reproducing ability of the coin yeah so therefore an intron can be you know modified without a reproductive penalty making entrance the perfect place to put sql injection attacks right and yeah that it doesn't contribute directly to the functionality of a coin as it and it placed no part in replication but it just gets copied next slide yeah let's see uh okay so basic intron injecting somehow it responds like yeah now this is an input method which takes input from users and injects it in coins right so like it prints the coin and also prints the input user gives okay so it's waiting so we have an intro

and it's waiting for an input right because for us it's waiting for us input something because because of the input function it was waiting for us so when we don't keep anything it just prints the whole coin as it is no inject part it just does the self-replication and inputs it i mean uh produces the replication replicated code this is practically the main source code so now that we give hello or something right what happens is it's printed along as i told the data is also printed along it's like just that we've what the same it is yeah it's printed along with the coin here the function of the coin is still doing fine just that we've injected a few bits

which are practically useless in the replication process the hello part is practically useless in the replication process without which it can replicate also with with if even if it's there it can replicate also but can be of great use in lots of grey areas

okay so now coming to coin sql injections so basically we've checked on sql injections and coins right okay and you put them in a box together and we get coin sql ejections like if it's a select name from table the output is also select name from table so the first thing will be like where does this work or like how does this how is this going to be useful so i missed out one cool thing about coins coin school injection you know can all be like yes it's it has a very certain purpose which is concerning but what about what you know something about coins is that we have competitions as to who can build

the perfect kind of coin or let's just say radius inherent coins it's like what to say who can construct a coin without cheat coins by omitting two characters three characters or n number of characters that print the parent coin and stuff but a sql injection coins is more than just you know fun programming and like you know other kinds of physical injections doesn't need any kind you know any control on data where it is or how it is put up on the table the arrangement or that sort of stuff so even if it's a ghost table or like even if the whole table is empty or returns null values for queries these coins right you know it can still work it's like

it's amazing it can still work so one thing is like it's not very common like you cannot see this injection everywhere it's not a severe bug or so and why does it work this way this can you know without any dependence of that actually can be understood from where it works okay so here we can see that the resultant array of the query is you know in the variable r and they are checking if the resultant password and the password is same as the input we've given right so which is like yeah the right password to crack it so basically what we have to give is that sir it should be something same as a

resultant of the output of the input we give right so simple as that input a coin and check you know the check will be satisfied since coin will produce itself and the authentication is done but how does this work in an empty table of you know something which responds null statements practically oh am i running out of time okay practically this whole check only depends on if the input and results are you know same and the authentication is done okay no matter what's in the table database or date tables where it is organized you know we don't have to go to all that get the you know get the database name from schema table names column names row

names and thoughts are said no it's like a direct win win okay so coins are not you know only the option here right obviously there's a lot of possibilities sql injection attacks that can be done here like you can actually find the password through blind sql ejection it's like it's as i told it's pretty difficult it's a darn long ride for an attacker you know let's just say it's attack of the row does not actually exist in the database or the password is a whole hash or something right so with two or four statements how long can we sit it's like uh you know tiring right yeah next thing next possible attack this could be like a union

injection right so this is yeah this is not that tiring this is let's just say you see you have considering the info column of the information schema process it can't con you know it contains the currently executing queries right so we can make use of that so mysql process actually indicates operations that are performed you know performed currently it's like by the set of threads executing within the cell so the info part of the process list like that contains the statements the you know the thread is executing okay or null if no statement is executed the statement might be the one sent to the server or the innermost statement okay so here we've used union select one

admin database from information schema dot process list so this invokes the process list and obviously it would print the same query executed as in the query wave given input right so here we'll see how the process list works so i'm running the statement to show how the full process list and info you see in the process is printed so i've written show process list and it's given okay yeah here in the info it actually prints show process list so it's like the process that's executed is run i mean uh process that ex has been run is executed as the output okay so we hop on to this demo and last demonstration part that's quite an sql injection that's one

of the easy thing on our hands now so this might this look disturbingly confusing right but i'll break it down and make it look easier so here we are just recursively you know replacing to put back to the same initial query right and the data part according to if we need a single quote or double quote so if we need a single quote we replace you know replace double quotes to make uh turn back to single quotes just like that so i'll show you the breakdown so yeah here when we in this breakdown when we pass the innermost data part the replace statement will do its work and we see that double quotes are converted to single quotes

in like the in the second inner replace we replace character of 36 our of our last output but the new statement and end up bouncing back to our input program that's like the source program right so i'll show up this query and the

this is basically our query run so we've given the same input and gives the same output right so that's a coin we have the coin with us so let's try this demo so here in this check let's just try a basic attack and see how the server you know responds to it so we close the codes and do a union select or something right okay i'll show the demonstration directly okay yeah here we can see that we close the codes and do a union select one or something it's it's like you know when we give it us password so basically the initial check on what kind of sql can be spent injection can be used

if we if at all you know we don't have the source code or authentication you don't know what the authentication or it's a blackboard box testing something like that but what's going on is not known so basically start off with something basic queries to put out you know errors or hints which can help us you know fi find what kind of injection can be done error based or flying base so yeah here we have the response as password equals one the one we gave in the query right so basically we're gonna make one equals to the inject query that we provide obviously our new favorite option coins here in the point query we add the in you know the input code

and put a code combine the union and comment down the comment of the rest right so it's like we clear the authentication check easily with this coin okay we can we have to encode it yeah when we give it us the password input yeah it's it's the same what we gave as input is output and we've cleared that the authentication check is clear and clear right so finally yeah finally it's prevention it's like our host said expedition has been there it's it's still going on and it's not gonna stop anytime soon so i'm gonna be talking about prevention and mitigation for you know the disaster management system disaster management right so oneness input validation the validation process

you know is aimed at verifying whether or not the type of input you know submitted is you know by the user is allowed right so input validation is like sanitizing the inputs it makes sure you know is it's the of the right type right length format etc escaping you user input right in that you know always use character escaping functions for user supplier input providing like you know each database management system this can be done you know to make sure dbms never confuses it with sql statements provided by the developer okay so yeah next is like never connect your application to the database using an account with root access this should be done only if

it's absolutely necessary you know it you know if the attacker gains that you know against that accessibility it's like the whole system the whole integrity of the system is ruined right uh yeah and that that's administrative privileges okay next is parameterized queries which are like means of pre-combining and sql statement so that you can you know then supply the parameters in order to for the statement to be executed okay the user input is automatically quoted and the supplied input will not cost you know that's what the same the change of the intent right so that's another prevention method that can be used and it's like stored procedures you know that requires the developer to group

you know one or more sql statements into a logical unit to create an execution plan it's like so whenever you know you need to execute a query instead of writing it on over and over again you just you can just call the store produce process right okay so that's that we've ended this discussion is there any questions wow that's