sql inj

OWASP ::open web application security project
LDAP
there is firewall b/w webserver and database
Drupal sql vulnerablility
wordpress slq inj

Types of sql injection
error based
union based
blind based(types)
  ask db for question (boolean based) 
  just looking for certain time for executing(Time based)  
  
single character
input senetization
tautologies is important for sql injections

union based injection
comment in sql --
query system object
for sys in mysql 

selct * from sys,table
selct * from sys,column

advance injection

boolean based injection
time based injection

select * from table order by case when .. then .. else .. end
 desc
 
 using ascii tables

tools::
fiddler

1==@@version-- version info after select
current_user
is_rolemember
db_owner
sysdatabases
PWDCOMPARE

select * from syslogins
wherre pwdcompare('passwod',password)=1


OPENROWSET
by default it is off we configure it in 6 video of advance

exec xp_cmdshell 'commd'
by default it also off

for on 
exec sp_configure 'xp_cmdshell' ,1 RECONFIGURE


SQL INJECTION FOR NETWORK RECONNAISSAN

denfending
using query parms
store procedure
object relation mapper

isolating database to network segmentation
allow inbound ips in azure sql server
ussing IDS and WAF

URL SCAN TOOLS
barracuda firewall
cloud flare

drupal 7 

web site
msdn.microsoft.com/library

parameterize query
inline sql query

envasion tech..


Envasion technique:::

white space diversity
inline comments
variables


Automating attacks::
add ons firefox::sql inject me
burp suite free edition tools
fuzz db project on google code
Havij tool
sqlmap tool github repo
netsparker dynamic analysis tool
crossite scripting