{"id":8128,"date":"2024-06-08T16:36:13","date_gmt":"2024-06-08T13:36:13","guid":{"rendered":"https:\/\/www.inetmar.com\/blog\/?p=8128"},"modified":"2024-07-29T11:00:14","modified_gmt":"2024-07-29T08:00:14","slug":"sql-injection-nedir-nasil-engellenir","status":"publish","type":"post","link":"https:\/\/www.inetmar.com\/blog\/sql-injection-nedir-nasil-engellenir\/","title":{"rendered":"SQL Injection Nedir, Nas\u0131l Engellenir?"},"content":{"rendered":"

SQL Injection nedir<\/strong> sorusuna da en eski ama hala kullan\u0131lan siber sald\u0131r\u0131 y\u00f6ntemlerinden biridir \u015feklinde cevap verilebilir. \u0130nternetin geli\u015fmesi insanl\u0131k i\u00e7in pek \u00e7ok kolayl\u0131k sa\u011flam\u0131\u015ft\u0131r. Bundan kaynakl\u0131 olarak k\u0131sa s\u00fcrede internet kullan\u0131m\u0131 yayg\u0131nla\u015fm\u0131\u015ft\u0131r. Bunun yan\u0131nda k\u00f6t\u00fc niyetli ki\u015filer i\u00e7in de internetin \u00f6nemli bir saha olu\u015fturdu\u011fu biliniyor. Siber korsanl\u0131k da denilen internet sald\u0131rganlar\u0131n\u0131n kulland\u0131klar\u0131 \u00e7ok say\u0131da y\u00f6ntem bulunuyor. Bunlardan biri de SQL Injection \u015feklinde kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yor.<\/p>\n

Bu y\u00f6ntem ile siber sald\u0131rganlar ki\u015filerin \u015fifrelerine, ki\u015fisel verilerine eri\u015fim sa\u011flayabilirler. Siber sald\u0131rganlar bu verileri de\u011fi\u015ftirme ve silme gibi i\u015flemleri de SQL Injection y\u00f6ntemi ile yapma imkan\u0131 bulabilirler. SQL sorgular\u0131n\u0131n \u00e7al\u0131\u015fmas\u0131na izin veren bu sald\u0131r\u0131 ile sald\u0131rganlar bir uygulaman\u0131n veri taban\u0131na eri\u015fim sa\u011flayabilir.<\/p>\n

SQL (Structured Qery Languege) Nedir?<\/strong><\/h2>\n

SQL’in\u00a0a\u00e7\u0131l\u0131m\u0131 Structured Qery Languege<\/strong>\u2019dir. T\u00fcrk\u00e7e yap\u0131land\u0131r\u0131lm\u0131\u015f sorgu dili \u015feklinde ifade edilebilir.\u00a0 SQL Injection ise uygulamalar\u0131n SQL veri taban\u0131na g\u00f6nderdi\u011fi verilere izinsiz olarak eri\u015fimin m\u00fcmk\u00fcn olmas\u0131d\u0131r. Siber sald\u0131rganlar SQL sorgular\u0131na eri\u015fim sa\u011flayarak manip\u00fcle edebilir. SQL veri taban\u0131 kullanan b\u00fct\u00fcn uygulamalar yap\u0131lan sald\u0131r\u0131dan etkilenebilir.<\/p>\n

Son derece tehlikeli bir sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr ve g\u00fcvenlik a\u00e7\u0131klar\u0131 olan uygulamalarda yap\u0131lan sald\u0131r\u0131lar sonucunda ortaya b\u00fcy\u00fck riskler \u00e7\u0131kar. B\u00fcy\u00fck \u015firketlerin ve kamunun resmi sitelerinin veri taban\u0131na eri\u015fim sa\u011flanabilir. B\u00f6yle durumlarda ise \u015firketlerin \u00e7al\u0131\u015fanlar\u0131n\u0131n ve m\u00fc\u015fterilerinin verileri g\u00fcvende olmaz. Ayn\u0131 \u015fekilde kamu uygulamalar\u0131n\u0131 kullanan ki\u015filerin verileri ele ge\u00e7irilebilir ve bu veriler silinebilir, de\u011fi\u015ftirilebilir. Bireylerin de bundan dolay\u0131 b\u00fcy\u00fck s\u0131k\u0131nt\u0131lar ya\u015famas\u0131 gibi durumlar ortaya \u00e7\u0131kar.<\/p>\n

\"SQL<\/p>\n

SQL<\/strong> Injection Sald\u0131r\u0131s\u0131 Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/strong><\/h2>\n

Siber sald\u0131rganlar\u0131n uzun y\u0131llard\u0131r kulland\u0131klar\u0131 y\u00f6ntemler aras\u0131nda SQL Injection sald\u0131r\u0131s\u0131<\/strong> yer al\u0131r. Bu y\u00f6ntemde sald\u0131rgan belli komutlar\u0131 \u00e7al\u0131\u015ft\u0131rmak i\u00e7in kullan\u0131c\u0131 giri\u015fi sorgu ekran\u0131na SQL komutlar\u0131 enjekte eder. Verdi\u011fi SQL komutlar\u0131na kar\u015f\u0131n uygulaman\u0131n yan\u0131tlar\u0131 \u00fczerine veri taban\u0131n\u0131n nas\u0131l bir yap\u0131s\u0131 oldu\u011funu anlayabilir.<\/p>\n

Uygulaman\u0131n veri taban\u0131n\u0131n yap\u0131s\u0131n\u0131 anlaman\u0131n \u00fczerine sald\u0131rgan sorgu dizinlerine SQL Injection yapar. Bu \u015fekilde veri taban\u0131nda bulunan, asl\u0131na eri\u015fmemesi gereken verilere eri\u015febilir. Bu anlamda g\u00fcvenlik zafiyeti olan uygulamalarda SQL Injection sald\u0131r\u0131lar\u0131 siber sald\u0131rganlar taraf\u0131ndan rahatl\u0131kla yap\u0131l\u0131r.<\/p>\n

 <\/p>\n

SQL Injection T\u00fcrleri<\/strong><\/h2>\n

SQL Injection t\u00fcrleri<\/strong> yap\u0131lan siber sald\u0131r\u0131lara kar\u015f\u0131 al\u0131nan \u00f6nlemler kar\u015f\u0131s\u0131nda geli\u015ftirilmeye devam ediliyor. G\u00fcvenlik \u00f6nlemleri art\u0131r\u0131ld\u0131k\u00e7a sald\u0131r\u0131 i\u00e7in kullan\u0131lan y\u00f6ntem de geli\u015ftiriliyor. En \u00e7ok kullan\u0131lan SQL Injection sald\u0131r\u0131 t\u00fcrleri aras\u0131nda \u015funlar yer al\u0131r:<\/p>\n

    \n
  1. Union-Based Injection<\/strong>: UNION operat\u00f6r\u00fcn\u00fcn kullan\u0131ld\u0131\u011f\u0131 sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Sald\u0131rgan SQL sorgusuna ba\u015fka sorgular ekleyerek veri taban\u0131na eri\u015fim sa\u011flar.<\/li>\n
  2. Error-Based Injection:<\/strong> Siber sald\u0131rgan bu y\u00f6ntemi kullanarak SQL Sorgusunda hata olu\u015fturur. Bu hata mesajlar\u0131 ile veri taban\u0131n\u0131n yap\u0131s\u0131 \u00f6\u011frenilerek enjeksiyon yap\u0131l\u0131r.<\/li>\n
  3. Blin SQL Injection:<\/strong> Bu SQL Injection sald\u0131r\u0131 t\u00fcr\u00fcnde mant\u0131ksal ifadeler kullanarak veri taban\u0131na eri\u015fim sa\u011flamak i\u00e7in uygun ko\u015fullar\u0131 olu\u015fturabilir.<\/li>\n
  4. Time-Based Injection:<\/strong> Bu y\u00f6ntemde sald\u0131rgan sorgu zaman\u0131 \u00fczerinde kontrol sa\u011flar. Bu \u015fekilde do\u011fru ve yanl\u0131\u015f ko\u015fullar\u0131n\u0131 \u00f6\u011frenmeye ve veri taban\u0131na ula\u015fmaya \u00e7al\u0131\u015f\u0131r.<\/li>\n
  5. Stored Procedure Injection:<\/strong> Bu y\u00f6ntemde veri taban\u0131nda bulunan prosed\u00fcrlere SQL Injection yapar. B\u00f6ylece prosed\u00fcr de\u011fi\u015ftirilir ve veri taban\u0131nda bulunan bilgilere eri\u015fim sa\u011flan\u0131r.<\/li>\n
  6. Second-Order Injection:<\/strong> Bu y\u00f6ntemde siber sald\u0131rgan taraf\u0131ndan ilk ba\u015fta k\u00f6t\u00fc niyetli SQL Injection yap\u0131lmaz. Bunun yan\u0131nda veriler giri\u015f ekran\u0131nda saklan\u0131r ve daha ileri a\u015famada ise bu bilgiler elde edilmesinin yan\u0131nda ayr\u0131ca manip\u00fcle edilmesi de m\u00fcmk\u00fcn olur.<\/li>\n<\/ol>\n

    SQL Injection<\/strong> Nas\u0131l Tespit Edilir?<\/strong><\/h2>\n

    SQL Injection nas\u0131l tespit<\/strong> edilir<\/strong> konusunda geli\u015ftiriciler \u00e7al\u0131\u015fmalar yapmaya devam ediyor. Sald\u0131r\u0131 ile verilerin \u00e7al\u0131nmas\u0131, silinmesi ve de\u011fi\u015ftirilmesi gibi sorunlar ya\u015fanmamas\u0131 ad\u0131na en ba\u015ftan tespitin yap\u0131lmas\u0131 \u00f6nemlidir.<\/p>\n

    Bunun yan\u0131nda SQL sald\u0131r\u0131lar\u0131n\u0131n tamamen \u00f6nlenmesi m\u00fcmk\u00fcn de\u011fildir. Uygulamalar SQL sald\u0131r\u0131lar\u0131n\u0131n tespiti ve \u00f6nlenmesi i\u00e7in WAF yani g\u00fcvenlik duvar\u0131 kullan\u0131rlar. Bu \u015fekilde SQL sald\u0131r\u0131lar\u0131 tespit edilerek \u00f6nlenmeye \u00e7al\u0131\u015f\u0131l\u0131r.<\/p>\n

    SQL Injection sald\u0131r\u0131lar\u0131n\u0131 tespit etmek i\u00e7in ek bir y\u00f6ntem olarak IDS kurulabilir. IDS ana bilgisayar ve a\u011f tabanl\u0131 olarak kurulabilir. Ana bilgisayar ve a\u011f tabanl\u0131 IDS kullanman\u0131z halinde gelecek SQL sald\u0131r\u0131lar\u0131n\u0131 tespit ederek \u00f6nleme imkan\u0131n\u0131 bulabilirsiniz.<\/p>\n

    \"SQL<\/a>Y\u00fcksek performansl\u0131 Reseller Hosting<\/a> paketlerimizle kendi hosting servisinizi olu\u015fturun.<\/p>\n

    SQL Injection Nas\u0131l \u00d6nlenir?<\/strong><\/h2>\n

    SQL Injection sald\u0131r\u0131lar\u0131 yap\u0131lmaya ve bu sald\u0131r\u0131lar\u0131 da \u00f6nlemek i\u00e7in \u00f6nlemler al\u0131nmaya devam edilmektedir. Siz de alaca\u011f\u0131n\u0131z birka\u00e7 \u00f6nlem ile bu sald\u0131r\u0131lar\u0131 kolayca \u00f6nleyebilir ve veri taban\u0131n\u0131zdaki bilgilerin g\u00fcvende olmas\u0131n\u0131 sa\u011flayabilirsiniz. SQL Injection \u00f6nlemek<\/strong> i\u00e7in alman\u0131z gereken \u00f6nlemler aras\u0131nda \u015funlar yer al\u0131r:<\/p>\n

      \n
    • Parametre do\u011frulama ve filtreleme:<\/strong> Uygulamaya giren kullan\u0131c\u0131lar\u0131n girdikleri parametrelerin do\u011frulanmas\u0131 i\u00e7in filtreler kullanmal\u0131s\u0131n\u0131z. Bu SQL sald\u0131r\u0131lar\u0131na kar\u015f\u0131 g\u00fc\u00e7l\u00fc bir koruma sa\u011flar.<\/li>\n
    • G\u00fcncel ve g\u00fcvenli yaz\u0131l\u0131mlar kullan\u0131n:<\/strong> SQL sald\u0131r\u0131lar\u0131ndan korunmak i\u00e7in uygulamalar\u0131n\u0131zda kulland\u0131\u011f\u0131n\u0131z yaz\u0131l\u0131mlar\u0131n g\u00fcncel ve g\u00fcvenli olmas\u0131na dikkat edin.<\/li>\n
    • G\u00fcvenlik duvar\u0131 kullan\u0131n:<\/strong> Uygulaman\u0131zda kullanaca\u011f\u0131n\u0131z WAF yani g\u00fcvenlik duvar\u0131 gelecek SQL sald\u0131r\u0131lar\u0131n\u0131n tespit edilmesini ve \u00f6nlenmesini sa\u011flar.<\/li>\n
    • Kullan\u0131c\u0131lara minimum yetkilendirme yap\u0131n:<\/strong> Uygulama \u00fczerinden veri taban\u0131na eri\u015fim sa\u011flayacak ki\u015filer i\u00e7in minimum yetki verin. Bu \u015fekilde k\u00f6t\u00fc niyetli sald\u0131r\u0131lar\u0131n \u00f6n\u00fcne ge\u00e7ebilirsiniz.\"SQL<\/li>\n<\/ul>\n

      SQL A\u015f\u0131lama \u00d6rnekleri<\/strong><\/h2>\n

      SQL Injection sald\u0131r\u0131lar\u0131 yap\u0131lmas\u0131 s\u0131ras\u0131nda elde edilmek istenen veriler farkl\u0131d\u0131r. Bundan kaynakl\u0131 olarak da SQL a\u015f\u0131lama \u00f6rnekleri<\/strong> de\u011fi\u015fiklik g\u00f6sterir. Ama\u00e7lar\u0131na g\u00f6re SQL a\u015f\u0131lama \u00f6rnekleri \u015fu \u015fekilde verilebilir:<\/p>\n

        \n
      • Gizli verilerin elde edilmesi:<\/strong> Al\u0131\u015fveri\u015f sitelerine bu ama\u00e7la SQL a\u015f\u0131lama yap\u0131l\u0131r ve \u00fcr\u00fcnler hakk\u0131nda gizli bilgiler elde edilir.<\/li>\n
      • Veri tablolar\u0131n\u0131 incelemek:<\/strong> Uygulamalar\u0131n veri tabanlar\u0131n\u0131n tablolar\u0131na eri\u015ferek burada bulunan bilgileri elde etmek i\u00e7in yap\u0131lan SQL a\u015f\u0131lamalar\u0131 bulunur.<\/li>\n
      • Uygulamalar\u0131n \u00e7al\u0131\u015fma mant\u0131\u011f\u0131nda de\u011fi\u015fiklik yapmak:<\/strong> Uygulamalar\u0131n her birinin \u00e7al\u0131\u015fmak i\u00e7in olu\u015fturulmu\u015f mant\u0131klar\u0131 bulunur. SQL a\u015f\u0131lama ile bu mant\u0131k y\u0131k\u0131l\u0131r, \u00f6rne\u011fin kullan\u0131c\u0131lar parola isteyen bir uygulamadaki hesaplar\u0131na parolas\u0131z giri\u015f yapabilirler.<\/li>\n
      • UNION Tabanl\u0131 SQL Injection ile ek tablolar\u0131 almak:<\/strong> Bu \u015fekilde SQL veri taban\u0131nda son derece hassas bilgilere eri\u015fmek sald\u0131rgan\u0131n hedefidir.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"

        SQL Injection nedir sorusuna da en eski ama hala kullan\u0131lan siber sald\u0131r\u0131 y\u00f6ntemlerinden biridir \u015feklinde cevap verilebilir. \u0130nternetin geli\u015fmesi insanl\u0131k i\u00e7in pek \u00e7ok kolayl\u0131k sa\u011flam\u0131\u015ft\u0131r. Bundan kaynakl\u0131 olarak k\u0131sa s\u00fcrede internet kullan\u0131m\u0131 yayg\u0131nla\u015fm\u0131\u015ft\u0131r. Bunun yan\u0131nda...<\/p>\n","protected":false},"author":2,"featured_media":8138,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[],"class_list":["post-8128","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-genel"],"_links":{"self":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/8128","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/comments?post=8128"}],"version-history":[{"count":18,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/8128\/revisions"}],"predecessor-version":[{"id":9611,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/posts\/8128\/revisions\/9611"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media\/8138"}],"wp:attachment":[{"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/media?parent=8128"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/categories?post=8128"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.inetmar.com\/blog\/wp-json\/wp\/v2\/tags?post=8128"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}