{"id":95,"date":"2020-08-03T14:25:58","date_gmt":"2020-08-03T11:25:58","guid":{"rendered":"https:\/\/www.cenuta.com\/blog\/?p=95"},"modified":"2020-08-03T14:25:59","modified_gmt":"2020-08-03T11:25:59","slug":"sql-injection-nedir","status":"publish","type":"post","link":"https:\/\/www.cenuta.com\/blog\/sql-injection-nedir\/","title":{"rendered":"SQL Injection Nedir?"},"content":{"rendered":"\n

SQL Injection , genellikle web uygulamalar\u0131nda g\u00f6r\u00fclen ve owasp top10 listesinde de yer alan kritik g\u00fcvenlik a\u00e7\u0131klar\u0131ndan birisidir. SQL Injection sald\u0131r\u0131lar\u0131 yaz\u0131l\u0131mc\u0131n\u0131n arkaplanda yollad\u0131\u011f\u0131 SQL sorgusunda kullan\u0131c\u0131dan ald\u0131\u011f\u0131 parametreleri filtreleme i\u015flemine sokmamas\u0131 (kontrol etmemesi) sonucunda sald\u0131rgan\u0131n sorguya diledi\u011fi gibi m\u00fcdahale etmesi meydana gelir.


SQL Injection ile Neler Yap\u0131labilir?<\/strong><\/p>\n\n\n\n


SQL Injection bulunan bir sistemde sald\u0131rgan direkt olarak sorguya m\u00fcdahale edebildi\u011fi i\u00e7in veritaban\u0131n\u0131zda kay\u0131tl\u0131 t\u00fcm verilere eri\u015febilir. Kullan\u0131lan veritaban\u0131 y\u00f6netim sistemine g\u00f6re de\u011fi\u015fkenlik g\u00f6sterebilen durumlar da mevcut.

\u00d6rne\u011fin MSSQL kullan\u0131lan bir sistemde xp_cmdshell fonksiyonu kullan\u0131larak sistemde komut \u00e7al\u0131\u015ft\u0131r\u0131labilir. Veya MySQL kullan\u0131lan bir sistemde do\u011fru yap\u0131land\u0131r\u0131lmaz ise mysql_load_file fonksiyonu ile \u00e7e\u015fitli dosyalar okunabilir.<\/p>\n\n\n\n

SQL Injection Tipleri<\/strong><\/p>\n\n\n\n


– Blind SQL Injection<\/p>\n\n\n\n

Ba\u015f\u0131ndaki \u201cblind\u201d kelimesinden de anla\u015f\u0131laca\u011f\u0131 \u00fczere k\u00f6r at\u0131\u015f sql injection sald\u0131r\u0131 tipidir. Blind sql injection bulunan bir sistemde veritaban\u0131ndaki tablo isimleri , kolonlar direkt olarak g\u00f6r\u00fcnt\u00fclenemez. Blind sql injection sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirmenin en bilindik y\u00f6ntemi sistemdeki kolon isimlerini harf harf deneyerek bulmaktad\u0131r. \u00d6rne\u011fin \u201cadmin\u201d isimli tabloyu bulmak istedi\u011finizde sorguda tek tek A-Z t\u00fcm karakterleri yollay\u0131p sorgudan d\u00f6nen sonuca g\u00f6re yollanan karakterin tablo isminde olup olmad\u0131\u011f\u0131n\u0131 anlayabilirsiniz

Blind SQL Injection kendi i\u00e7inde 2\u2019ye ayr\u0131lmaktad\u0131r.

-Time Based Blind SQL Injection<\/p>\n\n\n\n

Blind SQL Injectionun bir tipi olan time-based blind sql injection ad\u0131ndan da anla\u015f\u0131laca\u011f\u0131 \u00fczere zamana dayal\u0131 sql injection sald\u0131r\u0131lar\u0131d\u0131r. Yine \u201cadmin\u201d tablosundan \u00f6rneklendirecek olursak admin tablosunu bulmak isteyen sald\u0131rgan\u0131n g\u00f6nderece\u011fi SQL sorgusunda \u201ce\u011fer tablonun i\u00e7inde a harfi varsa 3 saniye uyut\u201d \u015feklinde atak ger\u00e7ekle\u015ftirerek SLEEP , DELAY gibi fonksiyonlar yard\u0131m\u0131 ile harf harf tablo , kolon isimlerine ula\u015facakt\u0131r.<\/p>\n\n\n\n

-Boolean Based Blind SQL Injection<\/p>\n\n\n\n

Boolean bilindi\u011fi \u00fczere true-false de\u011ferlere dayanan bir veri tipidir. Boolean Based Blind SQL Injection\u2019da sald\u0131rgan hedef sistemdeki tablo \u2013 kolon adlar\u0131n\u0131 \u00f6\u011frenmek i\u00e7in time-baseddekine benzer bir atak senaryosu kullan\u0131r. Tek de\u011fi\u015fen k\u0131s\u0131m time-based sql injection\u2019da SLEEP,DELAY gibi fonksiyonlar kullan\u0131larak sistemin uyuyup \/ uyumad\u0131\u011f\u0131na g\u00f6re karakterin mevcut oldu\u011funu anl\u0131yorduk. Boolen based blind sql injectionda ise yollad\u0131\u011f\u0131m\u0131z sorgunun sonucunun do\u011fru \/ yanl\u0131\u015f d\u00f6nd\u00fcrd\u00fc\u011f\u00fc cevaba g\u00f6re karakterin bulundu\u011funu anlayabiliyoruz.

-Union Based SQL Injection<\/p>\n\n\n\n

Union Based SQL Injection tespiti ve istismar\u0131 en kolay olan sql injection tipidir. Union based sql injection bulunan bir sistemde sorguyu bozacak herhangi bir karakter ile m\u00fcdahale etti\u011finizde sayfada bir hata mesaj\u0131 ile kar\u015f\u0131lacaks\u0131n\u0131z. Yollad\u0131\u011f\u0131n\u0131z sorgularda harf harf denemeye yahut true-false de\u011ferleri ile u\u011fra\u015fmadan direkt olarak kolon say\u0131lar\u0131n\u0131 , tablo adlar\u0131n\u0131 payload\u0131n\u0131z\u0131 \u015fekillendirerek \u00f6\u011frenebilirsiniz.

SQL Injection Ara\u00e7lar\u0131<\/strong>
1 \u2013 Sqlmap
https:\/\/github.com\/sqlmapproject\/sqlmap<\/p>\n\n\n\n

2 \u2013 jSQL
https:\/\/github.com\/ron190\/jsql-injection
3 \u2013 BBQSQL
https:\/\/github.com\/Neohapsis\/bbqsql

SQL Injection Sald\u0131r\u0131lar\u0131ndan Nas\u0131l Korunulur?<\/strong>
Kullan\u0131c\u0131dan al\u0131nan verileri sql sorgusuna direkt olarak katmadan \u00f6nce \u00e7e\u015fitli filtreleme i\u015flemine tabii tutarak sorguya katman\u0131z sql injection ataklar\u0131ndan korunman\u0131z\u0131 sa\u011flayacakt\u0131r.

Cookie , local stroage , site \u00fczerindeki parametreleri kesinlikle direkt olarak POST veya GET \u2018 ten oldu\u011fu gibi almamal\u0131 , kontrolden ge\u00e7irdikten sonra sorguya sokmal\u0131s\u0131n\u0131z.<\/p>\n","protected":false},"excerpt":{"rendered":"

SQL Injection , genellikle web uygulamalar\u0131nda g\u00f6r\u00fclen ve owasp top10…<\/a><\/p>\n","protected":false},"author":1,"featured_media":96,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10],"tags":[],"class_list":["post-95","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ipuclari","category-terimler-sozlugu"],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n\n\n\n\n\t\n\t\n\t\n