The forensic approach uses snort from SQL injection attacks on the server |
||
 |
 |
|
| © 2020 by IJCTT Journal | ||
| Volume-68 Issue-6 |
||
| Year of Publication : 2020 | ||
| Authors : Dian kurnia, Hendry, Muhammad Syahputra Novelan | ||
| DOI : 10.14445/22312803/IJCTT-V68I6P109 | ||
How to Cite?
Dian kurnia, Hendry, Muhammad Syahputra Novelan, "The forensic approach uses snort from SQL injection attacks on the server," International Journal of Computer Trends and Technology, vol. 68, no. 6, pp. 51-56, 2020. Crossref, https://doi.org/10.14445/22312803/IJCTT-V68I6P109
Abstract
Forensic analysis is an action that must be done by network administrators in knowing the source of attacks that occur on the server. Preventive action needs to be taken if there are many high priority attacks from threats on a server. On This research carried out an attack scenario on a server that was designed and then there was an attack scenario that was carried out in the form of an attack with SQL injection techniques. SQL injection technique which is implemented using classic techniques, namely the union join method. The server has also set a snort as an Intrution Detection System when an attack occurs, the snort function will work in detecting SQL Injection attacks. In the implementation of this study SQL injection attacks with union join method is able to find the database name, table and find the administrator username and password so that the attacker login becomes valid as a website administrator. SQL injection using the join union method with the help of sqlmap software is only able to hack the website if a bug occurs on the website, especially on table relationships created by the website creator.
Keywords
Server, Sql Injection, Snort, forensic
Reference
[1] SQL Injection Attacks and Defense. .
[2] C. Anley, “Advanced SQL Injection In SQL Server Applications,” 2002.
[3] D. A. Kindy and A. K. Pathan, “A Detailed Survey on Various Aspects of SQL Injection in Web Applications : Vulnerabilities , Innovative Attacks , and Remedies,” pp. 1–13, 2012.
[4] S. Mohammad, S. Sajjadi, and B. T. Pour, “Study of SQL Injection Attacks and Countermeasures,” vol. 2, no. 5, 2013.
[5] A. Muttaqin, S. R. Akbar, and U. Brawijaya, “Web server embedded system 1,2,3,” vol. 1, no. 1, pp. 50–54, 2014.
[6] D. I. Jaringan and U. Diponegoro, “1) , 2) , 2),” vol. 3, no. 2, pp. 171–178, 2015.
[7] I. Print, “InfoTekJar : Jurnal Nasional Informatika dan Teknologi Jaringan Analisis Forensik Serangan SQL Injection dan DoS Menggunakan Instrution Detection System Pada Server Berbasis Lokal,” vol. 2, pp. 0–4, 2020.
[8] D. Kurnia, “Perancangan VLAN pada Jaringan Lokal Web Server LKP Karya Prima Menggunakan Ubuntu Server,” no. x, 1978.
[9] E. K. Dewi and P. Kasih, “Analisis log snort menggunakan network forensic,” vol. 02, pp. 72–79, 2017.
[10] N. Khamphakdee, N. Benjamas, and S. Saiyod, “Improving Intrusion Detection System Based on Snort Rules for Network Probe Attacks Detection with Association Rules Technique of Data Mining,” vol. 8, no. 3, pp. 234–250, 2015.
[11] S. Som, S. Sinha, and R. Kataria, “STUDY ON SQL INJECTION ATTACKS : MODE ,” vol. 1, no. 8, pp. 23–29, 2016.
[12] Mohammad Dawood Momand, Dr Vikas Thada, Mr. Utpal Shrivastava, " Intrusion Detection System in IoT Network", SSRG International Journal of Computer Science and Engineering – Volume 7 Issue 4, 2020