Senin, 27 April 2020

panduan sql injection lengkap 2020

Injeksi SQL


Injeksi SQL

Injeksi SQL adalah teknik injeksi kode yang dapat merusak basis data Anda.
Injeksi SQL adalah salah satu teknik peretasan web yang paling umum.
Injeksi SQL adalah penempatan kode berbahaya dalam pernyataan SQL, melalui input halaman web.

SQL di Halaman Web

Injeksi SQL biasanya terjadi ketika Anda meminta input dari pengguna, seperti nama pengguna / pengguna mereka, dan alih-alih nama / id, pengguna memberi Anda pernyataan SQL bahwa Anda tanpa sadar akan berjalan di basis data Anda.
Lihatlah contoh berikut yang membuat pernyataan SELECT dengan menambahkan variabel (txtUserId) ke string yang dipilih. Variabel diambil dari input pengguna (getRequestString):

Contoh

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
Sisa bab ini menjelaskan potensi bahaya menggunakan input pengguna dalam pernyataan SQL.

Injeksi SQL Berdasarkan 1 = 1 Selalu Benar

Lihatlah contoh di atas lagi. Tujuan asli kode adalah untuk membuat pernyataan SQL untuk memilih pengguna, dengan id pengguna yang diberikan.
Jika tidak ada yang mencegah pengguna memasukkan input "salah", pengguna dapat memasukkan beberapa input "pintar" seperti ini:
Identitas pengguna: 
Kemudian, pernyataan SQL akan terlihat seperti ini:
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
SQL di atas adalah valid dan akan mengembalikan SEMUA baris dari tabel "Pengguna", karena OR 1 = 1 selalu BENAR.
Apakah contoh di atas terlihat berbahaya? Bagaimana jika tabel "Pengguna" berisi nama dan kata sandi?
Pernyataan SQL di atas hampir sama dengan ini:
SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;
Seorang hacker mungkin mendapatkan akses ke semua nama pengguna dan kata sandi dalam database, dengan hanya memasukkan 105 ATAU 1 = 1 ke dalam kolom input.

Injeksi SQL Berdasarkan "" = "" Selalu Benar

Berikut adalah contoh login pengguna di situs web:
Nama pengguna:
Kata sandi:

Contoh

uName = getRequestString("username");
uPass = getRequestString("userpassword");

sql = 'SELECT * FROM Users WHERE Name ="' + uName + '" AND Pass ="' + uPass + '"'

Hasil

SELECT * FROM Users WHERE Name ="John Doe" AND Pass ="myPass"
Seorang peretas mungkin mendapatkan akses ke nama pengguna dan kata sandi dalam database hanya dengan memasukkan "OR" "=" ke dalam nama pengguna atau kotak teks kata sandi:
Nama pengguna:
Kata sandi:
Kode di server akan membuat pernyataan SQL yang valid seperti ini:

Hasil

SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
SQL di atas adalah valid dan akan mengembalikan semua baris dari tabel "Users", karena OR "" = "" selalu BENAR.

Injeksi SQL Berdasarkan Pernyataan SQL Batched 

Sebagian besar database mendukung pernyataan SQL batch.
Kumpulan pernyataan SQL adalah sekelompok dua atau lebih pernyataan SQL, dipisahkan oleh titik koma.
Pernyataan SQL di bawah ini akan mengembalikan semua baris dari tabel "Pengguna", lalu hapus tabel "Pemasok".

Contoh

SELECT * FROM Users; DROP TABLE Suppliers
Lihatlah contoh berikut:

Contoh

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
Dan input berikut:
Identitas pengguna: 
Pernyataan SQL yang valid akan terlihat seperti ini:

Hasil

SELECT * FROM Users WHERE UserId = 105DROP TABLE Suppliers;

Gunakan Parameter SQL untuk Perlindungan

Untuk melindungi situs web dari injeksi SQL, Anda dapat menggunakan parameter SQL.
Parameter SQL adalah nilai yang ditambahkan ke kueri SQL pada waktu eksekusi, secara terkontrol.

Contoh Razor ASP.NET

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = @0";
db.Execute(txtSQL,txtUserId);
Perhatikan bahwa parameter diwakili dalam pernyataan SQL oleh tanda @.
Mesin SQL memeriksa setiap parameter untuk memastikan bahwa itu benar untuk kolomnya dan diperlakukan secara harfiah, dan bukan sebagai bagian dari SQL yang akan dieksekusi.

Contoh lain

txtNam = getRequestString("CustomerName");
txtAdd = getRequestString("Address");
txtCit = getRequestString("City");
txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)";
db.Execute(txtSQL,txtNam,txtAdd,txtCit);

Contohnya

Contoh berikut menunjukkan cara membuat kueri yang berparameter dalam beberapa bahasa web umum.
PERNYATAAN PILIHAN DI ASP.NET:
txtUserId = getRequestString("UserId");
sql = "SELECT * FROM Customers WHERE CustomerId = @0";
command = new SqlCommand(sql);
command.Parameters.AddWithValue("@0",txtUserID);
command.ExecuteReader();
Masukkan ke dalam pernyataan di ASP.NET:
txtNam = getRequestString("CustomerName");
txtAdd = getRequestString("Address");
txtCit = getRequestString("City");
txtSQL = "INSERT INTO Customers (CustomerName,Address,City) Values(@0,@1,@2)";
command = new SqlCommand(txtSQL);
command.Parameters.AddWithValue("@0",txtNam);
command.Parameters.AddWithValue("@1",txtAdd);
command.Parameters.AddWithValue("@2",txtCit);
command.ExecuteNonQuery();
Masukkan ke dalam pernyataan di PHP:
$stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City)
VALUES (:nam, :add, :cit)");
$stmt->bindParam(':nam', $txtNam);
$stmt->bindParam(':add', $txtAdd);
$stmt->bindParam(':cit', $txtCit);
$stmt->execute();

SQL Hosting

SQL Hosting

Jika Anda ingin situs web Anda dapat menyimpan dan mengambil data dari database, server web Anda harus memiliki akses ke sistem database yang menggunakan bahasa SQL.
Jika server web Anda di-host oleh Penyedia Layanan Internet (ISP), Anda harus mencari paket hosting SQL.
Database hosting SQL yang paling umum adalah MS SQL Server, Oracle, MySQL, dan MS Access.

MS SQL Server

Microsoft's SQL Server adalah perangkat lunak basis data yang populer untuk situs web yang digerakkan oleh basis data dengan lalu lintas tinggi.
SQL Server adalah sistem basis data SQL yang sangat kuat, kuat, dan berfitur lengkap.

Peramal

Oracle juga merupakan perangkat lunak basis data yang populer untuk situs web yang digerakkan oleh basis data dengan lalu lintas tinggi.
Oracle adalah sistem basis data SQL yang sangat kuat, kuat, dan berfitur lengkap.

MySQL

MySQL juga merupakan perangkat lunak basis data yang populer untuk situs web.
MySQL adalah sistem basis data SQL yang sangat kuat, kuat, dan berfitur lengkap.
MySQL adalah alternatif murah untuk solusi Microsoft dan Oracle yang mahal.

Mengakses

Ketika situs web hanya membutuhkan database sederhana, Microsoft Access dapat menjadi solusi.
Akses tidak cocok untuk lalu lintas sangat tinggi, dan tidak sekuat MySQL, SQL Server, atau Oracle.

Referensi Kata Kunci SQL

Referensi kata kunci SQL ini berisi kata-kata yang dicadangkan dalam SQL.

Kata kunci SQL

KeywordDescription
ADDAdds a column in an existing table
ADD CONSTRAINTAdds a constraint after a table is already created
ALTERAdds, deletes, or modifies columns in a table, or changes the data type of a column in a table
ALTER COLUMNChanges the data type of a column in a table
ALTER TABLEAdds, deletes, or modifies columns in a table
ALLReturns true if all of the subquery values meet the condition
ANDOnly includes rows where both conditions is true
ANYReturns true if any of the subquery values meet the condition
ASRenames a column or table with an alias
ASCSorts the result set in ascending order
BACKUP DATABASECreates a back up of an existing database
BETWEENSelects values within a given range
CASECreates different outputs based on conditions
CHECKA constraint that limits the value that can be placed in a column
COLUMNChanges the data type of a column or deletes a column in a table
CONSTRAINTAdds or deletes a constraint
CREATECreates a database, index, view, table, or procedure
CREATE DATABASECreates a new SQL database
CREATE INDEXCreates an index on a table (allows duplicate values)
CREATE OR REPLACE VIEWUpdates a view
CREATE TABLECreates a new table in the database
CREATE PROCEDURECreates a stored procedure
CREATE UNIQUE INDEXCreates a unique index on a table (no duplicate values)
CREATE VIEWCreates a view based on the result set of a SELECT statement
DATABASECreates or deletes an SQL database
DEFAULTA constraint that provides a default value for a column
DELETEDeletes rows from a table
DESCSorts the result set in descending order
DISTINCTSelects only distinct (different) values
DROPDeletes a column, constraint, database, index, table, or view
DROP COLUMNDeletes a column in a table
DROP CONSTRAINTDeletes a UNIQUE, PRIMARY KEY, FOREIGN KEY, or CHECK constraint
DROP DATABASEDeletes an existing SQL database
DROP DEFAULTDeletes a DEFAULT constraint
DROP INDEXDeletes an index in a table
DROP TABLEDeletes an existing table in the database
DROP VIEWDeletes a view
EXECExecutes a stored procedure
EXISTSTests for the existence of any record in a subquery
FOREIGN KEYA constraint that is a key used to link two tables together
FROMSpecifies which table to select or delete data from
FULL OUTER JOINReturns all rows when there is a match in either left table or right table
GROUP BYGroups the result set (used with aggregate functions: COUNT, MAX, MIN, SUM, AVG)
HAVINGUsed instead of WHERE with aggregate functions
INAllows you to specify multiple values in a WHERE clause
INDEXCreates or deletes an index in a table
INNER JOINReturns rows that have matching values in both tables
INSERT INTOInserts new rows in a table
INSERT INTO SELECTCopies data from one table into another table
IS NULLTests for empty values
IS NOT NULLTests for non-empty values
JOINJoins tables
LEFT JOINReturns all rows from the left table, and the matching rows from the right table
LIKESearches for a specified pattern in a column
LIMITSpecifies the number of records to return in the result set
NOTOnly includes rows where a condition is not true
NOT NULLA constraint that enforces a column to not accept NULL values
ORIncludes rows where either condition is true
ORDER BYSorts the result set in ascending or descending order
OUTER JOINReturns all rows when there is a match in either left table or right table
PRIMARY KEYA constraint that uniquely identifies each record in a database table
PROCEDUREA stored procedure
RIGHT JOINReturns all rows from the right table, and the matching rows from the left table
ROWNUMSpecifies the number of records to return in the result set
SELECTSelects data from a database
SELECT DISTINCTSelects only distinct (different) values
SELECT INTOCopies data from one table into a new table
SELECT TOPSpecifies the number of records to return in the result set
SETSpecifies which columns and values that should be updated in a table
TABLECreates a table, or adds, deletes, or modifies columns in a table, or deletes a table or data inside a table
TOPSpecifies the number of records to return in the result set
TRUNCATE TABLEDeletes the data inside a table, but not the table itself
UNIONCombines the result set of two or more SELECT statements (only distinct values)
UNION ALLCombines the result set of two or more SELECT statements (allows duplicate values)
UNIQUEA constraint that ensures that all values in a column are unique
UPDATEUpdates existing rows in a table
VALUESSpecifies the values of an INSERT INTO statement
VIEWCreates, updates, or deletes a view
WHEREFilters a result set to include only records that fulfill a specified condition

Fungsi MySQL

MySQL memiliki banyak fungsi bawaan.
Referensi ini berisi string, numerik, tanggal, dan beberapa fungsi lanjutan di MySQL.

Fungsi String MySQL

FunctionDescription
ASCIIReturns the ASCII value for the specific character
CHAR_LENGTHReturns the length of a string (in characters)
CHARACTER_LENGTHReturns the length of a string (in characters)
CONCATAdds two or more expressions together
CONCAT_WSAdds two or more expressions together with a separator
FIELDReturns the index position of a value in a list of values
FIND_IN_SETReturns the position of a string within a list of strings
FORMATFormats a number to a format like "#,###,###.##", rounded to a specified number of decimal places
INSERTInserts a string within a string at the specified position and for a certain number of characters
INSTRReturns the position of the first occurrence of a string in another string
LCASEConverts a string to lower-case
LEFTExtracts a number of characters from a string (starting from left)
LENGTHReturns the length of a string (in bytes)
LOCATEReturns the position of the first occurrence of a substring in a string
LOWERConverts a string to lower-case
LPADLeft-pads a string with another string, to a certain length
LTRIMRemoves leading spaces from a string
MIDExtracts a substring from a string (starting at any position)
POSITIONReturns the position of the first occurrence of a substring in a string
REPEATRepeats a string as many times as specified
REPLACEReplaces all occurrences of a substring within a string, with a new substring
REVERSEReverses a string and returns the result
RIGHTExtracts a number of characters from a string (starting from right)
RPADRight-pads a string with another string, to a certain length
RTRIMRemoves trailing spaces from a string
SPACEReturns a string of the specified number of space characters
STRCMPCompares two strings
SUBSTRExtracts a substring from a string (starting at any position)
SUBSTRINGExtracts a substring from a string (starting at any position)
SUBSTRING_INDEXReturns a substring of a string before a specified number of delimiter occurs
TRIMRemoves leading and trailing spaces from a string
UCASEConverts a string to upper-case
UPPERConverts a string to upper-case

Fungsi Numerik MySQL

FunctionDescription
ABSReturns the absolute value of a number
ACOSReturns the arc cosine of a number
ASINReturns the arc sine of a number
ATANReturns the arc tangent of one or two numbers
ATAN2Returns the arc tangent of two numbers
AVGReturns the average value of an expression
CEILReturns the smallest integer value that is >= to a number
CEILINGReturns the smallest integer value that is >= to a number
COSReturns the cosine of a number
COTReturns the cotangent of a number
COUNTReturns the number of records returned by a select query
DEGREESConverts a value in radians to degrees
DIVUsed for integer division
EXPReturns e raised to the power of a specified number
FLOORReturns the largest integer value that is <= to a number
GREATESTReturns the greatest value of the list of arguments
LEASTReturns the smallest value of the list of arguments
LNReturns the natural logarithm of a number
LOGReturns the natural logarithm of a number, or the logarithm of a number to a specified base
LOG10Returns the natural logarithm of a number to base 10
LOG2Returns the natural logarithm of a number to base 2
MAXReturns the maximum value in a set of values
MINReturns the minimum value in a set of values
MODReturns the remainder of a number divided by another number
PIReturns the value of PI
POWReturns the value of a number raised to the power of another number
POWERReturns the value of a number raised to the power of another number
RADIANSConverts a degree value into radians
RANDReturns a random number
ROUNDRounds a number to a specified number of decimal places
SIGNReturns the sign of a number
SINReturns the sine of a number
SQRTReturns the square root of a number
SUMCalculates the sum of a set of values
TANReturns the tangent of a number
TRUNCATETruncates a number to the specified number of decimal places

Fungsi Tanggal MySQL

FunctionDescription
ADDDATEAdds a time/date interval to a date and then returns the date
ADDTIMEAdds a time interval to a time/datetime and then returns the time/datetime
CURDATEReturns the current date
CURRENT_DATEReturns the current date
CURRENT_TIMEReturns the current time
CURRENT_TIMESTAMPReturns the current date and time
CURTIMEReturns the current time
DATEExtracts the date part from a datetime expression
DATEDIFFReturns the number of days between two date values
DATE_ADDAdds a time/date interval to a date and then returns the date
DATE_FORMATFormats a date
DATE_SUBSubtracts a time/date interval from a date and then returns the date
DAYReturns the day of the month for a given date
DAYNAMEReturns the weekday name for a given date
DAYOFMONTHReturns the day of the month for a given date
DAYOFWEEKReturns the weekday index for a given date
DAYOFYEARReturns the day of the year for a given date
EXTRACTExtracts a part from a given date
FROM_DAYSReturns a date from a numeric datevalue
HOURReturns the hour part for a given date
LAST_DAYExtracts the last day of the month for a given date
LOCALTIMEReturns the current date and time
LOCALTIMESTAMPReturns the current date and time
MAKEDATECreates and returns a date based on a year and a number of days value
MAKETIMECreates and returns a time based on an hour, minute, and second value
MICROSECONDReturns the microsecond part of a time/datetime
MINUTEReturns the minute part of a time/datetime
MONTHReturns the month part for a given date
MONTHNAMEReturns the name of the month for a given date
NOWReturns the current date and time
PERIOD_ADDAdds a specified number of months to a period
PERIOD_DIFFReturns the difference between two periods
QUARTERReturns the quarter of the year for a given date value
SECONDReturns the seconds part of a time/datetime
SEC_TO_TIMEReturns a time value based on the specified seconds
STR_TO_DATEReturns a date based on a string and a format
SUBDATESubtracts a time/date interval from a date and then returns the date
SUBTIMESubtracts a time interval from a datetime and then returns the time/datetime
SYSDATEReturns the current date and time
TIMEExtracts the time part from a given time/datetime
TIME_FORMATFormats a time by a specified format
TIME_TO_SECConverts a time value into seconds
TIMEDIFFReturns the difference between two time/datetime expressions
TIMESTAMPReturns a datetime value based on a date or datetime value
TO_DAYSReturns the number of days between a date and date "0000-00-00"
WEEKReturns the week number for a given date
WEEKDAYReturns the weekday number for a given date
WEEKOFYEARReturns the week number for a given date
YEARReturns the year part for a given date
YEARWEEKReturns the year and week number for a given date

Fungsi Lanjutan MySQL

FunctionDescription
BINReturns a binary representation of a number
BINARYConverts a value to a binary string
CASEGoes through conditions and return a value when the first condition is met
CASTConverts a value (of any type) into a specified datatype
COALESCEReturns the first non-null value in a list
CONNECTION_IDReturns the unique connection ID for the current connection
CONVConverts a number from one numeric base system to another
CONVERTConverts a value into the specified datatype or character set
CURRENT_USERReturns the user name and host name for the MySQL account that the server used to authenticate the current client
DATABASEReturns the name of the current database
IFReturns a value if a condition is TRUE, or another value if a condition is FALSE
IFNULLReturn a specified value if the expression is NULL, otherwise return the expression
ISNULLReturns 1 or 0 depending on whether an expression is NULL
LAST_INSERT_IDReturns the AUTO_INCREMENT id of the last row that has been inserted or updated in a table
NULLIFCompares two expressions and returns NULL if they are equal. Otherwise, the first expression is returned
SESSION_USERReturns the current MySQL user name and host name
SYSTEM_USERReturns the current MySQL user name and host name
USERReturns the current MySQL user name and host name
VERSIONReturns the current version of the MySQL database

Fungsi SQL Server

SQL Server memiliki banyak fungsi bawaan.
Referensi ini berisi string, numerik, tanggal, konversi, dan beberapa fungsi lanjutan di SQL Server.

Fungsi String SQL Server

FunctionDescription
ASCIIReturns the ASCII value for the specific character
CHARReturns the character based on the ASCII code
CHARINDEXReturns the position of a substring in a string
CONCATAdds two or more strings together
Concat with +Adds two or more strings together
CONCAT_WSAdds two or more strings together with a separator
DATALENGTHReturns the number of bytes used to represent an expression
DIFFERENCECompares two SOUNDEX values, and returns an integer value
FORMATFormats a value with the specified format
LEFTExtracts a number of characters from a string (starting from left)
LENReturns the length of a string
LOWERConverts a string to lower-case
LTRIMRemoves leading spaces from a string
NCHARReturns the Unicode character based on the number code
PATINDEXReturns the position of a pattern in a string
QUOTENAMEReturns a Unicode string with delimiters added to make the string a valid SQL Server delimited identifier
REPLACEReplaces all occurrences of a substring within a string, with a new substring
REPLICATERepeats a string a specified number of times
REVERSEReverses a string and returns the result
RIGHTExtracts a number of characters from a string (starting from right)
RTRIMRemoves trailing spaces from a string
SOUNDEXReturns a four-character code to evaluate the similarity of two strings
SPACEReturns a string of the specified number of space characters
STRReturns a number as string
STUFFDeletes a part of a string and then inserts another part into the string, starting at a specified position
SUBSTRINGExtracts some characters from a string
TRANSLATEReturns the string from the first argument after the characters specified in the second argument are translated into the characters specified in the third argument.
TRIMRemoves leading and trailing spaces (or other specified characters) from a string
UNICODEReturns the Unicode value for the first character of the input expression
UPPERConverts a string to upper-case

Fungsi SQL Server Matematika / Numerik

FunctionDescription
ABSReturns the absolute value of a number
ACOSReturns the arc cosine of a number
ASINReturns the arc sine of a number
ATANReturns the arc tangent of a number
ATN2Returns the arc tangent of two numbers
AVGReturns the average value of an expression
CEILINGReturns the smallest integer value that is >= a number
COUNTReturns the number of records returned by a select query
COSReturns the cosine of a number
COTReturns the cotangent of a number
DEGREESConverts a value in radians to degrees
EXPReturns e raised to the power of a specified number
FLOORReturns the largest integer value that is <= to a number
LOGReturns the natural logarithm of a number, or the logarithm of a number to a specified base
LOG10Returns the natural logarithm of a number to base 10
MAXReturns the maximum value in a set of values
MINReturns the minimum value in a set of values
PIReturns the value of PI
POWERReturns the value of a number raised to the power of another number
RADIANSConverts a degree value into radians
RANDReturns a random number
ROUNDRounds a number to a specified number of decimal places
SIGNReturns the sign of a number
SINReturns the sine of a number
SQRTReturns the square root of a number
SQUAREReturns the square of a number
SUMCalculates the sum of a set of values
TANReturns the tangent of a number

Fungsi Tanggal SQL Server

FunctionDescription
CURRENT_TIMESTAMPReturns the current date and time
DATEADDAdds a time/date interval to a date and then returns the date
DATEDIFFReturns the difference between two dates
DATEFROMPARTSReturns a date from the specified parts (year, month, and day values)
DATENAMEReturns a specified part of a date (as string)
DATEPARTReturns a specified part of a date (as integer)
DAYReturns the day of the month for a specified date
GETDATEReturns the current database system date and time
GETUTCDATEReturns the current database system UTC date and time
ISDATEChecks an expression and returns 1 if it is a valid date, otherwise 0
MONTHReturns the month part for a specified date (a number from 1 to 12)
SYSDATETIMEReturns the date and time of the SQL Server
YEARReturns the year part for a specified date

Fungsi Lanjutan SQL Server

FunctionDescription
CASTConverts a value (of any type) into a specified datatype
COALESCEReturns the first non-null value in a list
CONVERTConverts a value (of any type) into a specified datatype
CURRENT_USERReturns the name of the current user in the SQL Server database
IIFReturns a value if a condition is TRUE, or another value if a condition is FALSE
ISNULLReturn a specified value if the expression is NULL, otherwise return the expression
ISNUMERICTests whether an expression is numeric
NULLIFReturns NULL if two expressions are equal
SESSION_USERReturns the name of the current user in the SQL Server database
SESSIONPROPERTYReturns the session settings for a specified option
SYSTEM_USERReturns the login name for the current user
USER_NAMEReturns the database user name based on the specified id
di Tidak ada komentar:
Langganan: Postingan (Atom)

panduan sql injection lengkap 2020

Injeksi SQL Injeksi SQL Injeksi SQL adalah teknik injeksi kode yang dapat merusak basis data Anda. Injeksi SQL adalah salah satu ...