\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{ironclad} \pdfinfo{ /Title (sql-injection-attacks-concepts-tools-techniques.pdf) /Creator (Cheatography) /Author (ironclad) /Subject (SQL Injection Attacks: Concepts, Tools, Techniques Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{2A4FA3} \definecolor{LightBackground}{HTML}{F1F4F9} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{SQL Injection Attacks: Concepts, Tools, Techniques Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{ironclad} via \textcolor{DarkBackground}{\uline{cheatography.com/36781/cs/11566/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}ironclad \\ \uline{cheatography.com/ironclad} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 24th April, 2017.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{2} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Description}} \tn \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{SQL Injection is the act of inserting data into an SQL query through the input data given to an application by a client.% Row Count 3 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Causes}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Lack of input validation} \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Usage of untrusted code} \tn % Row Count 2 (+ 1) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Lack of adherence to best practices} \tn % Row Count 3 (+ 1) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Server configuration issues} \tn % Row Count 4 (+ 1) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Client-provided information used in query} \tn % Row Count 5 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Structure of an SQL Query}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{select \textless{}col\textgreater{} from \textless{}table\textgreater{} where \textless{}field\textgreater{} = \textless{}value\textgreater{};} \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{In this case: col, table, field, and value are all places where injection could happen.} \tn % Row Count 3 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4.96 cm} x{3.04 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Escaping the Intent of the Query}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{SELECT name, pass FROM users WHERE user\_id = '" + {\bf{\$id}} + "'";} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} {\bf{Input}} & {\bf{Result}} \tn % Row Count 3 (+ 1) % Row 2 \SetRowColor{LightBackground} \%' or '1'='1 & All names and passwords \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} 1' UNION SELECT 1, @@version -{}- - & A name and MySQL Version \tn % Row Count 7 (+ 2) % Row 4 \SetRowColor{LightBackground} 1' UNION SELECT distinct(table\_schema),null FROM \seqsplit{information\_schema.tables} & All Schema Information \tn % Row Count 11 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.04 cm} x{4.96 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{State of the Art - Latest Techniques}} \tn % Row 0 \SetRowColor{LightBackground} SQL Injection through Ads & Forces compromised server to serve the attacker's ads \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} Chaining of Attacks & Utilizing techniques such as camel-casing, escape characters and character codes to get around protections \tn % Row Count 8 (+ 5) % Row 2 \SetRowColor{LightBackground} Information Schema & Dumping the Information Schema to learn more about the database \tn % Row Count 11 (+ 3) % Row 3 \SetRowColor{white} Multi-Line Comments & Using multi-line comments (/**/) to bypass defensive techniques \tn % Row Count 14 (+ 3) % Row 4 \SetRowColor{LightBackground} Obfuscation & Utilizing obfuscation to mask attacks \tn % Row Count 16 (+ 2) % Row 5 \SetRowColor{white} SQL Union & Using SQL UNION along with attacks above to mask attacks \tn % Row Count 19 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Successful Attacks May}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Modify Database Data} \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Read Sensitive Information} \tn % Row Count 2 (+ 1) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Execute Operations as an Administrator} \tn % Row Count 3 (+ 1) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Recover Files Present on the Database System} \tn % Row Count 4 (+ 1) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Issue Commands to the Database System's OS} \tn % Row Count 5 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Why?}} \tn \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{In many applications, direction access to the database is the easiest means of access. Thus, a simple form-based authentication or web query may be one step away from interacting with a database. With this knowledge in hand, a skilled attacker could use cleverly crafted SQL queries to gain root level access and further attack the network.% Row Count 7 (+ 7) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{1.84 cm} x{6.16 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Modern Injection Tools}} \tn % Row 0 \SetRowColor{LightBackground} Havij & User-friendly GUI for automatic SQL Injection \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} sqlmap & Open source penetration testing tool \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} Google dorks & Advance web searches that are used to fingerprint web servers \tn % Row Count 7 (+ 3) % Row 3 \SetRowColor{white} BSQL Hacker & Made for Blind SQL Injection \tn % Row Count 9 (+ 2) % Row 4 \SetRowColor{LightBackground} Mole & Provide the tool with a URL and it does the rest \tn % Row Count 11 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.12 cm} x{4.88 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Mitigation Techniques}} \tn % Row 0 \SetRowColor{LightBackground} Input Validation & Make sure all client-supplied information is sanitized \tn % Row Count 3 (+ 3) % Row 1 \SetRowColor{white} Use Parameterized Queries & Separates the developer's SQL query from client input \tn % Row Count 6 (+ 3) % Row 2 \SetRowColor{LightBackground} Stored Procedures & Store SQL queries in the database itself and only provide sanitized input \tn % Row Count 10 (+ 4) % Row 3 \SetRowColor{white} Whitelist Input Validation & Only accept the information you want, make sure it doesn't affect query intent \tn % Row Count 14 (+ 4) % Row 4 \SetRowColor{LightBackground} \seqsplit{Front-end/Back-end} Design & Don't let the application interact directly with the database \tn % Row Count 17 (+ 3) % Row 5 \SetRowColor{white} Least Privilege & In the event of a compromise, limit the damage \tn % Row Count 19 (+ 2) % Row 6 \SetRowColor{LightBackground} Patch Your Systems & Keep your servers up to date \tn % Row Count 21 (+ 2) % Row 7 \SetRowColor{white} Logging & Keep a log of all queries, preferable on a remote server \tn % Row Count 24 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}