UyRed TeamBlue TeamCTFBiz bilan aloqaO'zRes Qonunchiligi

SQL Injection va Python

1. SQL Injection haqida tushuncha

1.1. SQL Injection nima?

SQL Injection — bu xakerlar tomonidan dasturga SQL so‘rovlarining o‘zgartirilgan ko‘rinishini kiritib, ma’lumotlar bazasiga noqonuniy kirishni amalga oshirish texnikasi.

Oddiy misol:

SELECT * FROM users WHERE username = 'admin' AND password = '123';

Agar foydalanuvchi parol o‘rniga ' OR '1'='1 kiritgan bo‘lsa:

SELECT * FROM users WHERE username = 'admin' AND password = '' OR '1'='1';

Bu holatda WHERE shartlari har doim TRUE bo‘ladi va barcha foydalanuvchilar ma'lumotlari qaytariladi.

1.2. SQL Injectionning turlari

  • Classic Injection: To‘g‘ridan-to‘g‘ri SQL so‘roviga kiritmalar qo‘shish.

  • Blind Injection: Ma’lumotlarni aniqlash uchun mantiqiy shartlar (TRUE/FALSE) ishlatiladi.

  • Union-based Injection: Boshqa jadval yoki ma’lumotlarni olish uchun UNION ishlatiladi.

  • Time-based Injection: Tizim javob berish vaqtiga asoslangan test usuli.

2. Python va SQL Injection

2.1. Oddiy SQL Injection xavfi Python-da

Agar foydalanuvchi kirish ma'lumotlari to'g'ridan-to'g'ri SQL so'roviga qo'shilsa, bu SQL Injectionga olib kelishi mumkin.

Misol (xavfli kod):

import sqlite3

# Ma'lumotlar bazasi ulanishi
connection = sqlite3.connect("example.db")
cursor = connection.cursor()

# Foydalanuvchi kiritmasi
username = input("Foydalanuvchi nomi: ")
password = input("Parol: ")

# Xavfli SQL so'rovi
query = f"SELECT * FROM users WHERE username = '{username}' AND password = '{password}'"
cursor.execute(query)

# Natijalarni chiqarish
results = cursor.fetchall()
if results:
    print("Kirish muvaffaqiyatli!")
else:
    print("Xato foydalanuvchi yoki parol!")

Injection misoli:

  • Foydalanuvchi username o'rniga ' OR '1'='1 kiritadi.

2.2. SQL Injectiondan himoyalanish

Himoyalanish uchun quyidagi usullardan foydalaning:

2.2.1. Tayyorlangan so‘rovlar (Parameterized Queries)

Parameterized queries SQL Injectionning oldini oladi, chunki foydalanuvchi kiritmalari to'g'ridan-to'g'ri SQL so'roviga qo'shilmaydi.

Misol:

query = "SELECT * FROM users WHERE username = ? AND password = ?"
cursor.execute(query, (username, password))

2.2.2. ORM (Object-Relational Mapping) ishlatish

ORM'lar, masalan, SQLAlchemy yoki Django ORM, SQL Injectiondan himoyalanish uchun qulay vositalar taklif qiladi.

SQLAlchemy Misol:

from sqlalchemy import create_engine, Table, MetaData

engine = create_engine('sqlite:///example.db')
connection = engine.connect()

users = Table('users', MetaData(), autoload_with=engine)
query = users.select().where(users.c.username == username, users.c.password == password)
result = connection.execute(query)

if result.fetchone():
    print("Kirish muvaffaqiyatli!")
else:
    print("Xato foydalanuvchi yoki parol!")

2.2.3. Kiruvchi ma'lumotlarni tekshirish va sanitizatsiya qilish

  • Foydalanuvchi kiritmalarini tekshiring va kerakli formatga o‘tkazing.

  • Potensial xavfli belgilarni o‘chirish (;, --, ', ", OR, AND).

Misol:

import re

def sanitize_input(user_input):
    return re.sub(r"[;\'\"--]", "", user_input)

username = sanitize_input(input("Foydalanuvchi nomi: "))
password = sanitize_input(input("Parol: "))

2.3. Ma'lumotlar bazasi xavfsizligini oshirish

  • Cheklangan huquqlar: Foydalanuvchi ma’lumotlar bazasiga faqat kerakli huquqlarga ega bo‘lishi kerak.

  • Xatoliklarni yashirish: Ma'lumotlar bazasi bilan bog‘liq xatoliklar foydalanuvchiga ko'rsatilmasligi kerak.

  • Loglash: Shubhali kiritmalarni va so'rovlarni loglash.

3. Amaliy misollar

3.1. Xavfsiz kirish tizimi

import sqlite3

# Ma'lumotlar bazasini yaratish
connection = sqlite3.connect("example.db")
cursor = connection.cursor()

# Foydalanuvchi ma'lumotlarini tekshirish
username = input("Foydalanuvchi nomi: ")
password = input("Parol: ")

query = "SELECT * FROM users WHERE username = ? AND password = ?"
cursor.execute(query, (username, password))

results = cursor.fetchall()
if results:
    print("Kirish muvaffaqiyatli!")
else:
    print("Xato foydalanuvchi yoki parol!")

3.2. ORM orqali xavfsiz ishlash

SQLAlchemy yordamida:

from sqlalchemy import create_engine, Table, MetaData

# SQLAlchemy ulanish
engine = create_engine('sqlite:///example.db')
connection = engine.connect()

# Foydalanuvchi kiritmasi
username = input("Foydalanuvchi nomi: ")
password = input("Parol: ")

# Xavfsiz so'rov
users = Table('users', MetaData(), autoload_with=engine)
query = users.select().where(users.c.username == username, users.c.password == password)

result = connection.execute(query)

if result.fetchone():
    print("Kirish muvaffaqiyatli!")
else:
    print("Xato foydalanuvchi yoki parol!")

3.3. Flask va SQL Injection xavfsizligi

Flask ilovasida SQL Injectiondan himoyalanish:

from flask import Flask, request
import sqlite3

app = Flask(__name__)

@app.route('/login', methods=['POST'])
def login():
    connection = sqlite3.connect("example.db")
    cursor = connection.cursor()
    
    username = request.form['username']
    password = request.form['password']
    
    query = "SELECT * FROM users WHERE username = ? AND password = ?"
    cursor.execute(query, (username, password))
    
    if cursor.fetchone():
        return "Kirish muvaffaqiyatli!"
    return "Xato foydalanuvchi yoki parol!"

if __name__ == '__main__':
    app.run()

Mavzular ro‘yxati shularni mustaqil urgaib chiqing bu sizga kerak buladi.

1. SQL Injection asoslari

1.1. SQL Injection nima? 1.2. SQL Injectionning tarixi va rivojlanishi 1.3. SQL Injectionning ishlash prinsipi 1.4. SQL Injection turlari:

  • Classic Injection

  • Union-based Injection

  • Boolean-based Blind Injection

  • Time-based Blind Injection

2. SQL Injection xavfi

2.1. SQL Injectionning oqibatlari 2.2. Hujum misollari:

  • Kirish ma’lumotlarini buzish

  • Ma’lumotlar bazasidagi barcha ma’lumotlarni olish

  • Ma’lumotlarni o‘zgartirish yoki o‘chirish 2.3. SQL Injectionni aniqlash usullari

3. Python va SQL Injection

3.1. Python bilan SQL so‘rovlarini bajarish (xavfli yondashuv) 3.2. Python-dagi ma’lumotlar bazasi modullari:

  • SQLite (sqlite3)

  • MySQL (pymysql yoki mysql-connector)

  • PostgreSQL (psycopg2) 3.3. SQL Injection uchun xavfli kod misollari

4. SQL Injectiondan himoyalanish usullari

4.1. Parametrik so‘rovlar (Parameterized Queries) 4.2. Tayyorlangan bayonotlar (Prepared Statements) 4.3. Kiruvchi ma’lumotlarni tekshirish va sanitizatsiya qilish 4.4. ORM (Object-Relational Mapping) ishlatishning afzalliklari:

  • SQLAlchemy

  • Django ORM

5. Ma’lumotlar bazasi xavfsizligi

5.1. Cheklangan foydalanuvchi huquqlarini o‘rnatish 5.2. Ma’lumotlar bazasi xatoliklarini yashirish 5.3. Loglarni kuzatish va shubhali harakatlarni qayd qilish 5.4. Proksi va shifrlangan ulanishlarni ishlatish

6. SQL Injectiondan himoyalangan dastur yaratish

6.1. Oddiy Python CLI ilovasi: Xavfsiz kirish tizimi 6.2. Flask yordamida xavfsiz RESTful API yaratish 6.3. Django yordamida xavfsizlikni ta’minlash

7. Amaliy hujum va himoyalanish usullari

7.1. SQL Injection hujumini sinash uchun vositalar:

  • SQLMap

  • Burp Suite 7.2. SQL Injection hujumlarini aniqlash:

  • Xatolikni ko‘rsatish

  • Oddiy TRUE/FALSE testlar 7.3. Python yordamida SQL Injection testlari yozish

8. Veb-ilovalarda xavfsizlik

8.1. CSRF va SQL Injection o‘rtasidagi farq 8.2. WAF (Web Application Firewall) yordamida himoyalanish 8.3. OWASP’ning SQL Injectionga oid tavsiyalari

9. Zamonaviy yondashuvlar

9.1. AI yordamida SQL Injection hujumlarini aniqlash 9.2. SQL Injectionni bloklash uchun ML modellarini yaratish

PreviousPython-da DOM-dagi elementlar va resurslar bilan ishlash (BeautifulSoup va Scrapy)NextSQL Injection hujumlarini Python yordamida avtomatlashtirish

Last updated