{"id":33459,"date":"2022-05-27T13:31:00","date_gmt":"2022-05-27T10:31:00","guid":{"rendered":"https:\/\/www.natro.com\/blog\/?p=33459"},"modified":"2022-05-31T14:45:52","modified_gmt":"2022-05-31T11:45:52","slug":"sql-injection-nedir","status":"publish","type":"post","link":"https:\/\/www.natro.com\/blog\/sql-injection-nedir\/","title":{"rendered":"SQL Injection Nedir?\u00a0"},"content":{"rendered":"\n<p>\u0130nternet siteleri \u00fczerinden yap\u0131lan i\u015flemlerde en b\u00fcy\u00fck tehditler siber sald\u0131r\u0131lard\u0131r. Her y\u0131l binlerce ki\u015fiye ait ki\u015fisel veriler, \u00e7ok g\u00fcvenli diye d\u00fc\u015f\u00fcn\u00fclen sistemler \u00fczerinden \u00e7al\u0131n\u0131r. \u00c7al\u0131nan veriler doland\u0131r\u0131c\u0131l\u0131k i\u00e7in kullan\u0131labilece\u011fi gibi, farkl\u0131 \u015firketlere sat\u0131\u015f\u0131 da yap\u0131labilir.\u00a0<\/p>\n\n\n\n<p><strong>SQL Injection (SQLi) <\/strong>1998 y\u0131l\u0131nda fark edilen, veri taban\u0131 olan sistemlere yap\u0131lan bir siber sald\u0131r\u0131 bi\u00e7imidir. Bu y\u00f6ntemle veriler \u00e7al\u0131nabilir, de\u011fi\u015ftirilebilir ya da bloke edilebilir. A\u00e7\u0131k Web Uygulama G\u00fcvenli\u011fi Projesi (OWASP) Vakf\u0131 taraf\u0131ndan yay\u0131nlanan verilere g\u00f6re g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan sitelere yap\u0131lan sald\u0131r\u0131lar\u0131n en \u00e71ok tercih etti\u011fi \u00fc\u00e7\u00fcnc\u00fc y\u00f6ntem SQLi\u2019dir. B\u00fcy\u00fck kurulu\u015flar bu sald\u0131r\u0131ya maruz kalmamak i\u00e7in her y\u0131l milyonlarca dolar b\u00fct\u00e7e ay\u0131r\u0131r.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-sql-nedir\"><span id=\"sql-nedir\"><strong>SQL Nedir?\u00a0<\/strong><\/span><\/h2>\n\n\n\n<p>SQL, sitenizde kullan\u0131lan veri taban\u0131na eri\u015fmenizi ve i\u015flem yapman\u0131z\u0131 sa\u011flayan bir ara\u00e7t\u0131r. Structered Query Language\u2019in ba\u015f harflerinin k\u0131saltmas\u0131 olan SQL, T\u00fcrk\u00e7eye Yap\u0131land\u0131r\u0131lm\u0131\u015f Sorgu Dili bi\u00e7iminde \u00e7evrilebilir. Dil olarak adland\u0131r\u0131lsa da bildi\u011fimiz programlama dillerinin i\u015flevini yapmaz. Daha \u00e7ok veri tabanlar\u0131nda kullan\u0131lan dilleri bilen ve bu dillerle konu\u015fabilen bir alt dil olarak tan\u0131mlanabilir.<\/p>\n\n\n\n<p>SQL, veri taban\u0131 olan sistemlerde veri tabanalar\u0131 ile etkile\u015fim sa\u011flayabilmek i\u00e7in geli\u015ftirilmi\u015ftir. Veri taban\u0131nda bulunan verilere eri\u015fimi, de\u011fi\u015ftirmeyi, sorgulamay\u0131 sa\u011flar. Bug\u00fcn, uluslararas\u0131 alanda en yayg\u0131n kullan\u0131lan veri tabanlar\u0131 SQL ile ili\u015fkilidir. Tablo halinde bulunan veriler, SQL ile sorgulanarak kolayca elde edilebilir, yeni kay\u0131t a\u00e7\u0131labilir, de\u011fi\u015ftirilebilir ya da silinebilir. Veri taban\u0131na eri\u015fim yetkileri de SQL arac\u0131l\u0131\u011f\u0131 ile d\u00fczenlenebilir.\u00a0<\/p>\n\n\n\n<p>SQL\u2019in kullan\u0131ld\u0131\u011f\u0131 veri tabanlar\u0131na a\u015fa\u011f\u0131daki \u00f6rnekler verilebilir:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Oracle<\/li><li><a href=\"https:\/\/www.natro.com\/blog\/mysql-server-nedir-nasil-kullanilir\/\" target=\"_blank\" rel=\"noreferrer noopener\">MySQL<\/a><\/li><li>Microsoft SQL Server<\/li><li>Microsoft Access<\/li><li>Firebird<\/li><li>IBM DB2 ve Informix<\/li><li>Progress<\/li><\/ul>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>SQL ile ilgili ayr\u0131nt\u0131l\u0131 bilgiye buradaki <a href=\"https:\/\/www.natro.com\/blog\/sql-nedir-ne-ise-yarar\/?utm_campaign=content&utm_medium=icerik&utm_source=hosting-blog&utm_content=\/blog\/sql-injection-nedir\" target=\"_blank\" rel=\"noreferrer noopener\">yaz\u0131m\u0131zdan<\/a> da ula\u015fabilirsiniz. <\/p><\/blockquote>\n\n\n\n<p>SQL Injection ile ilgili detayl\u0131 bilgilere ge\u00e7meden \u00f6nce, SQL\u2019in \u00e7al\u0131\u015fma mant\u0131\u011f\u0131n\u0131 anlamak gerekir.\u00a0<\/p>\n\n\n\n<h2 id=\"sql-nasil-calisir\" class=\"wp-block-heading\"><strong>SQL Nas\u0131l \u00c7al\u0131\u015f\u0131r?\u00a0<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"800\" height=\"321\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/sql-injection.jpg\" alt=\"\" class=\"wp-image-33461\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/sql-injection.jpg 800w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/sql-injection-300x120.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/sql-injection-768x308.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/sql-injection-380x152.jpg 380w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/sql-injection-760x305.jpg 760w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/sql-injection-600x241.jpg 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>Veri taban\u0131nda baz\u0131 i\u015flemleri ger\u00e7ekle\u015ftirebilmek i\u00e7in SQL\u2019de tan\u0131ml\u0131 komutlar girilir. Bu i\u015fleme k\u0131saca sorgu denir. Sorgu sisteme girdi olarak gelir. \u0130stenen i\u015flemin sonucunu da \u00e7\u0131kt\u0131 olarak sunar.\u00a0Kullan\u0131c\u0131, SQL sunucuya \u00fc\u00e7 a\u015famada ula\u015f\u0131r.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Ayr\u0131\u015ft\u0131rma:<\/strong> Kullan\u0131c\u0131n\u0131n verdi\u011fi talimat sistem i\u00e7inde sunucunun kulland\u0131\u011f\u0131 dile \u00e7evrilerek iletilir. Talimatlarda olu\u015fan hatalar da bu a\u015famada kontrol edilir.<\/li><li><strong>Ba\u011flama:<\/strong> Talimat\u0131 vermenin farkl\u0131 yollar\u0131 vard\u0131r. Bu a\u015famada, talimat\u0131n en verimli \u015fekilde iletilebilmesi i\u00e7in sorgu iyile\u015ftirme yap\u0131l\u0131r.\u00a0<\/li><li><strong>Optimizasyon:<\/strong> Bu a\u015famada sorgunun en k\u0131sa s\u00fcrede sonu\u00e7lanmas\u0131 i\u00e7in optimizasyon yap\u0131l\u0131r. Sistem ilgili t\u00fcm kombinasyonlar\u0131 de\u011ferlendirerek sonucu en k\u0131sa s\u00fcrede \u00e7\u0131kt\u0131 olarak kullan\u0131c\u0131ya yeniden iletir.\u00a0<\/li><\/ul>\n\n\n\n<h3 id=\"sql-komutlari-nelerdir\" class=\"wp-block-heading\"><strong>SQL Komutlar\u0131 Nelerdir?\u00a0<\/strong><\/h3>\n\n\n\n<p>Bu a\u015famalar i\u00e7inde kullan\u0131lan komutlar\u0131 ger\u00e7ekle\u015ftirmek i\u00e7in en optimal diller geli\u015ftirilir. Bunlar \u015fu \u015fekilde s\u0131ralanabilir:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Veri Sorgulama Dili (DQL): <\/strong>Veri almak i\u00e7in \u201c<strong>SELECT<\/strong>\u201d komutu ile kullan\u0131l\u0131r.<\/li><li><strong>Veri Tan\u0131mlama Dili (DDL): <\/strong>Veri taban\u0131nda yer alan nesnelerin yap\u0131s\u0131n\u0131 olu\u015fturmak ve de\u011fi\u015ftirmek i\u00e7in yap\u0131lacak i\u015fleme g\u00f6re <strong>\u201cCREATE\u201d, \u201cDROP\u201d, \u201cALTER\u201d, \u201cTRUNCATE\u201d, \u201cCOMMENT\u201d, \u201cRENAME\u201d <\/strong>komutlar\u0131ndan biri ile kullan\u0131l\u0131r.\u00a0<\/li><li>\u00a0<strong>Veri \u0130\u015fleme Dili (DML): <\/strong>Verileri saklamak, de\u011fi\u015ftirmek ya da silmek i\u00e7in <strong>\u201cINSERT\u201d, \u201cUPDATE\u201d, \u201cDELETE\u201d ve \u201cMERGE\u201d<\/strong> gibi komutlar ile kullan\u0131l\u0131r.<\/li><li><strong>Veri Kontrol Dili (DCL):<\/strong> Verilerle ilgili kullan\u0131c\u0131 yetkilerini olu\u015fturmak ya da kald\u0131rmak i\u00e7in <strong>\u201cGRANT\u201d, \u201cREVOKE\u201d<\/strong> gibi komutlar ile kullan\u0131l\u0131r.<\/li><li><strong>\u0130\u015flem Kontrol Dili (TCL):<\/strong> DML komutu ile yap\u0131lan de\u011fi\u015fiklikler TCL komutu ile kontrol edilir. Burada, de\u011fi\u015fiklik yap\u0131l\u0131r ya da yap\u0131lmaz. SQL\u2019de kullan\u0131lan komutlar <strong>\u201cTRANSACTION\u201d, \u201cCOMMIT\u201d, \u201cROLLBACK\u201d, \u201cSAVEPOINT\u201d<\/strong> \u015feklindedir.\u00a0<\/li><\/ul>\n\n\n\n<p>SQL\u2019\u0131n finans sekt\u00f6r\u00fcnden, mobil uygulamalara kadar \u00e7ok geni\u015f kullan\u0131m alan\u0131 vard\u0131r. \u0130nternet \u00fczerinden i\u015flem yapan n\u00fcfusun neredeyse tamam\u0131 verileri, SQL ile ili\u015fkili veri tabanlar\u0131nda saklan\u0131r. Bu anlamda SQL ile ilgili g\u00fcvenlik a\u00e7\u0131klar\u0131 olduk\u00e7a \u00f6nemlidir.<\/p>\n\n\n\n<h2 id=\"sql-injection-nedir\" class=\"wp-block-heading\"><strong>SQL Injection Nedir?\u00a0<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"800\" height=\"532\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/sql-ne-demek-1.jpg\" alt=\"\" class=\"wp-image-33255\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/sql-ne-demek-1.jpg 800w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/sql-ne-demek-1-300x200.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/sql-ne-demek-1-768x511.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/sql-ne-demek-1-380x253.jpg 380w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/sql-ne-demek-1-760x505.jpg 760w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/sql-ne-demek-1-600x399.jpg 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>Ayr\u0131 bir veri taban\u0131na sahip siteler sald\u0131r\u0131lar\u0131 \u00f6nlemek i\u00e7in g\u00fcvenlik duvar\u0131 kullan\u0131l\u0131r. Siber sald\u0131r\u0131 d\u00fczenleyerek verilere ula\u015fmak isteyenlerin temel hedefi bu g\u00fcvenlik duvarlar\u0131d\u0131r. SQL Injection (SQLi) web sitelerindeki g\u00fcvenlik \u00f6nlemlerini a\u015fmay\u0131 hedefleyen dijital korsanl\u0131k y\u00f6ntemlerinden biridir. Bu y\u00f6ntem ile veri taban\u0131na giri\u015f yap\u0131labilir. Verilerin kopyalanmas\u0131, de\u011fi\u015ftirilmesi, silinmesi, yetki izinlerinin de\u011fi\u015ftirilmesi m\u00fcmk\u00fcn olur. Oracle, MySQL gibi SQL ile \u00e7al\u0131\u015fan veri tabanlar\u0131 kullananlar, bu sald\u0131r\u0131lara olduk\u00e7a a\u00e7\u0131kt\u0131r.<\/p>\n\n\n\n<p>SQLi k\u0131saca, giri\u015f verilerinin kullan\u0131lmas\u0131yla yeni bir sorgu tan\u0131mlanarak yap\u0131l\u0131r. Bu sorgu giri\u015fi, daha \u00f6nce kullan\u0131lan komutlar\u0131n i\u015fletilmesine etki eder. Bunu veri d\u00fczlemi enjeksiyonu ile yapt\u0131\u011f\u0131 i\u00e7in y\u00f6nteme SQL injection denmi\u015ftir. Bu y\u00f6ntemle, \u00f6rne\u011fin m\u00fc\u015fterilerinize ait t\u00fcm veriler ele ge\u00e7irilebilir. Bir bankada bulunan carilerin hepsi de\u011fi\u015ftirilebilir. Veri taban\u0131n\u0131z bloke edilerek, kullan\u0131m\u0131n\u0131z engellenebilir. Bu \u015firketler ve kurumlar i\u00e7in hem maddi kay\u0131plara hem ciddi itibar kayb\u0131na sebep olur.\u00a0<\/p>\n\n\n\n<p>SQLi yaln\u0131zca \u015firketler i\u00e7in de\u011fil ki\u015filer i\u00e7in de \u00f6nemli bir tehdittir. Bu y\u00f6ntemle, kredi kart\u0131 bilgilerinizin tamam\u0131 \u00e7al\u0131nabilir. Elektronik posta bilgileriniz ele ge\u00e7irilerek, korsan olarak sat\u0131\u015fa sunulabilir.\u00a0<\/p>\n\n\n\n<h2 id=\"sqli-saldirilari-ornekleri\" class=\"wp-block-heading\"><strong>SQLi Sald\u0131r\u0131lar\u0131 \u00d6rnekleri\u00a0<\/strong><\/h2>\n\n\n\n<p>Uzmanlar, SQL \u00fczerinden yap\u0131lan sald\u0131r\u0131lara 20 y\u0131ldan uzun s\u00fcredir hakim olmas\u0131na ra\u011fmen, hen\u00fcz bu sald\u0131r\u0131lar\u0131 engellemek i\u00e7in sistemli bir \u00e7\u00f6z\u00fcm bulunamad\u0131. Bu sald\u0131r\u0131lar\u0131n, ne kadar ciddi sonu\u00e7lar do\u011furdu\u011funu anlamak i\u00e7in \u00f6rneklere bakmak yeterli olacakt\u0131r.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>2009 y\u0131l\u0131nda, 7-Eleven perakende zincirinde fark edilen SQLi sald\u0131r\u0131s\u0131 ile farkl\u0131 bir\u00e7ok \u015firketten 130 milyona yak\u0131n kredi kart\u0131 bilgisinin ele ge\u00e7irildi\u011fi a\u00e7\u0131kland\u0131.\u00a0<\/li><li>2012 y\u0131l\u0131nda bir\u00e7ok \u00fcniversiteye ayn\u0131 anda yap\u0131lan SQLi sald\u0131r\u0131s\u0131 ile \u00fcniversitelerle ba\u011flant\u0131l\u0131 36 bin ki\u015finin ki\u015fisel kay\u0131tlar\u0131na ula\u015f\u0131labildi\u011fi belirtildi.<\/li><li>Tesla, 2014 y\u0131l\u0131nda \u015firket i\u00e7inde yapt\u0131rd\u0131\u011f\u0131 \u00e7al\u0131\u015fma ile web sitesi arka plan\u0131na eri\u015febildiklerini, yetki izinlerini de\u011fi\u015ftirebildiklerini raporland\u0131.<\/li><li>2018-2020 y\u0131llar\u0131nda oyun sekt\u00f6r\u00fcne kar\u015f\u0131 152 milyondan fazla SQLi sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirildi\u011fi tespit edildi.\u00a0<\/li><li>\u00dccretsiz resim platformu Frepik 2020 y\u0131l\u0131nda kullan\u0131c\u0131 verilerinin SQLi sald\u0131r\u0131s\u0131 ile \u00e7al\u0131nd\u0131\u011f\u0131n\u0131 a\u00e7\u0131klad\u0131. Bu y\u00f6ntemle, 8 milyon kullan\u0131c\u0131n\u0131n verilerinin \u00e7al\u0131nd\u0131\u011f\u0131 belirtildi.\u00a0<\/li><\/ul>\n\n\n\n<h3 id=\"sql-injection-nasil-gerceklesir\" class=\"wp-block-heading\"><strong>SQL Injection Nas\u0131l Ger\u00e7ekle\u015fir?\u00a0<\/strong><\/h3>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"800\" height=\"533\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/hreflang-nedir-3.jpg\" alt=\"\" class=\"wp-image-33340\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/hreflang-nedir-3.jpg 800w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/hreflang-nedir-3-300x200.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/hreflang-nedir-3-768x512.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/hreflang-nedir-3-380x253.jpg 380w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/hreflang-nedir-3-760x506.jpg 760w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/05\/hreflang-nedir-3-600x400.jpg 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p>SQLi sald\u0131r\u0131s\u0131n\u0131n ger\u00e7ekle\u015fmesi i\u00e7in, korsanlar web sitelerini teknik anlamda ayr\u0131nt\u0131l\u0131 bir \u015fekilde inceler. Sitede herhangi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulduklar\u0131nda, bu a\u00e7\u0131ktan i\u00e7eri s\u0131zmaya \u00e7al\u0131\u015f\u0131rlar. Giri\u015f sa\u011fland\u0131\u011f\u0131nda, uygulamadaki istemciye SQL sorgu giri\u015fi enjekte eder. Bu sorguyu kullanarak veri taban\u0131n\u0131n nas\u0131l bir yap\u0131da tasarlanm\u0131\u015f oldu\u011funu anlayabilir. Gizli bilgilerine ula\u015fabilir. Tek bir sorgu ile teker teker t\u00fcm g\u00fcvenlik kap\u0131lar\u0131n\u0131 a\u015fabilir.\u00a0<\/p>\n\n\n\n<h3 id=\"sql-injection-yollari-nelerdir\" class=\"wp-block-heading\"><strong>SQL Injection Yollar\u0131 Nelerdir?\u00a0<\/strong><\/h3>\n\n\n\n<p>Sorgu enjeksiyonu farkl\u0131 yollardan yap\u0131labilir.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Kullan\u0131c\u0131 giri\u015fi \u00fczerinden yap\u0131lan enjeksiyonlar<\/strong><\/li><\/ul>\n\n\n\n<p>Herhangi bir internet sitesine giri\u015f yapt\u0131\u011f\u0131n\u0131zda, giri\u015f bilgileriniz bir form \u00fczerinden veri taban\u0131na iletilir. E\u011fer bu s\u00fcre\u00e7te bir a\u00e7\u0131k var ise sald\u0131rganlar form i\u00e7inde bulunan alanlar arac\u0131l\u0131\u011f\u0131 ile sorgu enjeksiyonu yapabilir.\u00a0<\/p>\n\n\n\n<p>\u00d6rne\u011fin, kullan\u0131c\u0131 ad\u0131 ile giri\u015f yap\u0131lan bir sistemde, kullan\u0131c\u0131 ad\u0131n\u0131z\u0131 ve \u015fifrenizi girdi\u011finizde sisteme \u015fu \u015fekilde bir form iletilir.<\/p>\n\n\n\n<p class=\"has-gray-200-background-color has-background\">SELECT*FROM kullanicilar WHERE kullaniciadi=\u2019ali\u2019 AND sifre=\u2019tt.12.t\u2019\u00a0<\/p>\n\n\n\n<p>Sald\u0131rgan \u015fifre sorgusunu kald\u0131rarak \u00e7e\u015fitli kullan\u0131c\u0131lar \u00fczerinden sisteme girmeye \u00e7al\u0131\u015f\u0131r.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>\u00c7erezler \u00fczerinden yap\u0131lan enjeksiyonlar<\/strong><\/li><\/ul>\n\n\n\n<p>Bir\u00e7ok internet sitesi \u00e7erez uygulamas\u0131 kullan\u0131r. Hatta bunu yaparken kullan\u0131c\u0131 onay\u0131n\u0131 bile al\u0131r. \u00c7erezlere izin verdi\u011finizde, internet sitesi bilgisayar\u0131n\u0131za bir tan\u0131mlama dosyas\u0131 b\u0131rak\u0131r. Genellikle internet siteleri bu y\u00f6ntemi reklam ve pazarlama i\u00e7in kullan\u0131r. Bu dosyalar, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar taraf\u0131ndan SQL enjeksiyonu i\u00e7in de kullan\u0131labilir.\u00a0<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u00c7erezlerin nas\u0131l kullan\u0131ld\u0131\u011f\u0131na dair ayr\u0131nt\u0131l\u0131 bilgi almak i\u00e7in <a href=\"https:\/\/www.natro.com\/blog\/cookies-cerezler-nedir-nasil-kullanilir-ne-ise-yarar\/?utm_campaign=content&utm_medium=icerik&utm_source=hosting-blog&utm_content=\/blog\/sql-injection-nedir\" target=\"_blank\" rel=\"noreferrer noopener\">blog yaz\u0131m\u0131z\u0131 <\/a>okuyabilirsiniz.\u00a0<\/p><\/blockquote>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>http ba\u015fl\u0131klar\u0131 \u00fczerinden SQL enjeksiyonlar\u0131<\/strong><\/li><\/ul>\n\n\n\n<p>Girdileri http ba\u015fl\u0131klar\u0131 \u00fczerinden kabul eden internet uygulamalar\u0131 vard\u0131r. Bu uygulamalara, sorgu enjekte etmek i\u00e7in sahte ba\u015fl\u0131klar eklenebilir.\u00a0<\/p>\n\n\n\n<p>Bunlar\u0131n d\u0131\u015f\u0131nda dolayl\u0131 olarak kullan\u0131labilecek SQLi yollar\u0131 vard\u0131r. Bu y\u00f6ntemler ile sorgular uzun s\u00fcre aktif olmadan kalabilir. Herhangi bir zamanda veri taban\u0131na eri\u015fim i\u00e7in kullan\u0131labilir. Tespiti en zor y\u00f6ntemlerden biridir.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"800\" height=\"533\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/antivirus-programlari.jpg\" alt=\"\" class=\"wp-image-33272\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/antivirus-programlari.jpg 800w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/antivirus-programlari-300x200.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/antivirus-programlari-768x512.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/antivirus-programlari-380x253.jpg 380w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/antivirus-programlari-760x506.jpg 760w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/04\/antivirus-programlari-600x400.jpg 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<h3 id=\"sql-injection-turleri-nelerdir\" class=\"wp-block-heading\"><strong>SQL Injection T\u00fcrleri Nelerdir?\u00a0<\/strong><\/h3>\n\n\n\n<p>Veri taban\u0131na eri\u015fim i\u00e7in sorgu enjeksiyonun \u00fc\u00e7 temel t\u00fcr\u00fc vard\u0131r.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Bant \u0130\u00e7i SQL enjeksiyonlar\u0131<\/strong><\/li><\/ul>\n\n\n\n<p>Bant i\u00e7i enjeksiyonlar, sistem i\u00e7i i\u015flemleri kullanarak giri\u015f yapar. \u00d6rne\u011fin hata tabanl\u0131 enjeksiyonlar, veri taban\u0131 taraf\u0131ndan g\u00f6nderilen hata mesajlar\u0131n\u0131 kullan\u0131r. Sistemin hangi sorgulara hata mesaj\u0131 ile d\u00f6n\u00fc\u015f yap\u0131ld\u0131\u011f\u0131 tespit edilir.\u00a0<\/p>\n\n\n\n<p>Bu y\u00f6nteme ba\u015fka bir \u00f6rnek de UNION tabanl\u0131 uygulamad\u0131r. Bir al\u0131\u015fveri\u015f platformunda arama yaparken, sisteme a\u015fa\u011f\u0131daki gibi bir form g\u00f6nderilir.\u00a0<\/p>\n\n\n\n<p class=\"has-gray-200-background-color has-background\">SELECT*FROM urunler WHERE category =\u2019ELBISE\u2019<\/p>\n\n\n\n<p>Sald\u0131rgan bu sorgunun ba\u015f\u0131na UNION ekleyerek veri taban\u0131nda bulunan farkl\u0131 tablolara eri\u015fmeye \u00e7al\u0131\u015f\u0131r.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>\u00c7\u0131kar\u0131msal SQL enjeksiyonlar\u0131\u00a0<\/strong><\/li><\/ul>\n\n\n\n<p>\u00c7\u0131kar\u0131msal y\u00f6ntemler temel olarak veri taban\u0131n\u0131n yap\u0131s\u0131n\u0131 anlamaya dayan\u0131r. Belli sorgular g\u00f6nderilerek sistem \u00e7\u0131kt\u0131lar\u0131n\u0131n nas\u0131l oldu\u011fu incelenir. \u00d6rne\u011fin, boole tabanl\u0131 enjeksiyonlarda sistemin do\u011fru ya da yanl\u0131\u015f olarak \u00e7\u0131kt\u0131 verece\u011fi sorgular g\u00f6nderilir.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Bant D\u0131\u015f\u0131 SQL enjeksiyonlar\u0131<\/strong><\/li><\/ul>\n\n\n\n<p>Bant d\u0131\u015f\u0131 y\u00f6ntemler ise d\u0131\u015fsal olarak sisteme giri\u015f yap\u0131lmaya \u00e7al\u0131\u015f\u0131lan y\u00f6ntemlerdir. Tespiti daha kolay oldu\u011fu i\u00e7in daha az kullan\u0131l\u0131r.\u00a0<\/p>\n\n\n\n<h3 id=\"guvenlik-aciklari-tespit-edilebilir-mi\" class=\"wp-block-heading\"><strong>G\u00fcvenlik A\u00e7\u0131klar\u0131 Tespit Edilebilir mi?\u00a0<\/strong><\/h3>\n\n\n\n<p>Di\u011fer t\u00fcm sald\u0131r\u0131 y\u00f6ntemleri gibi SQLi de g\u00fcvenlik a\u00e7\u0131klar\u0131na dayan\u0131r. SQLi, di\u011fer sald\u0131r\u0131 yollar\u0131na g\u00f6re daha kolay ve kullan\u0131m potansiyeli de daha y\u00fcksektir. SQL \u00fczerindeki g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tespit etmek de son derece hayati bir rol al\u0131r.<\/p>\n\n\n\n<p>G\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tespitte en iyi savunma sald\u0131r\u0131d\u0131r. Ba\u015fka bir deyi\u015fle, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olabilecek yerleri tespit i\u00e7in SQLi denenir. Bu yapay sald\u0131r\u0131lar, otomatik olarak yap\u0131labilece\u011fi gibi geli\u015ftirilen otomatik ara\u00e7larla da yap\u0131labilir.\u00a0<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>Web sitenizin g\u00fcvenli\u011fini sa\u011flamak i\u00e7in kullanaca\u011f\u0131n\u0131z y\u00f6ntemleri ayr\u0131nt\u0131l\u0131 olarak <a href=\"https:\/\/www.natro.com\/blog\/web-sitenizin-guvenligi-icin-yapmaniz-gereken-10-sey\/?utm_campaign=content&utm_medium=icerik&utm_source=hosting-blog&utm_content=\/blog\/sql-injection-nedir\" target=\"_blank\" rel=\"noreferrer noopener\">blog yaz\u0131m\u0131zdan<\/a> inceleyebilirsiniz.\u00a0<\/p><\/blockquote>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"800\" height=\"494\" src=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/03\/spyware-nasil-engellenir.jpg\" alt=\"\" class=\"wp-image-33025\" srcset=\"https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/03\/spyware-nasil-engellenir.jpg 800w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/03\/spyware-nasil-engellenir-300x185.jpg 300w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/03\/spyware-nasil-engellenir-768x474.jpg 768w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/03\/spyware-nasil-engellenir-380x235.jpg 380w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/03\/spyware-nasil-engellenir-760x469.jpg 760w, https:\/\/www.natro.com\/blog\/wp-content\/uploads\/2022\/03\/spyware-nasil-engellenir-600x371.jpg 600w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<h3 id=\"sql-injection-nasil-onlenir\" class=\"wp-block-heading\"><strong>SQL Injection Nas\u0131l \u00d6nlenir?<\/strong><\/h3>\n\n\n\n<p>SQLi sald\u0131r\u0131s\u0131n\u0131 \u00f6nlemenin en iyi yolu, kullan\u0131c\u0131 girdilerini \u00f6nden izlemek ve herhangi bir sorgunun enjekte edilmedi\u011finden emin olmakt\u0131r. Bunun manuel olarak denetlenmesi olduk\u00e7a g\u00fc\u00e7t\u00fcr. Web uygulamalar\u0131 i\u00e7in geli\u015ftirilen g\u00fcvenlik duvarlar\u0131 ise tam olarak bu i\u015flevi g\u00f6r\u00fcr. Bu do\u011frultuda, SQL ile temas eden t\u00fcm internet sitelerinde g\u00fcvenlik duvar\u0131 kullan\u0131m\u0131 \u00f6nerilir.\u00a0<\/p>\n\n\n\n<p>Bu temel y\u00f6nteme ek olarak ikincil sorgulamalarla SQLi sald\u0131r\u0131lar\u0131 engellenebilir. Bunlardan baz\u0131lar\u0131 a\u015fa\u011f\u0131da s\u0131ralanm\u0131\u015ft\u0131r:\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Sorgu t\u00fcrlerine g\u00f6re parametreler belirlenebilir. Bu parametreler d\u0131\u015f\u0131nda geli\u015fen sorgulamalar tehlikeli kabul edilir ve giri\u015fe izin verilmez.<\/li><li>SQL sorgular\u0131 i\u00e7in aktif kullan\u0131lmasa dahi izin verilen giri\u015fler i\u00e7in do\u011frulama istenebilir. \u0130zin listesinde olmayan giri\u015fler ba\u015far\u0131s\u0131z olur.<\/li><li>G\u00fcvenlik a\u00e7\u0131\u011f\u0131 verme olas\u0131l\u0131\u011f\u0131, dinamik olunan zamanlarda daha y\u00fcksektir. Bu nedenle dinamik SQL kullanmak yerine, parametre ya da sistemde daha \u00f6nce kaydedilmi\u015f sakl\u0131 prosed\u00fcrler kullan\u0131labilir.\u00a0<\/li><li>Daha \u00f6nce yap\u0131lan bir sald\u0131r\u0131n\u0131n web sitenizi hedef almamas\u0131 i\u00e7in, kulland\u0131\u011f\u0131n\u0131z cihazlar\u0131n ve uygulamalar\u0131n yeni s\u00fcr\u00fcmlerini takip ederek y\u00fckleyebilirsiniz.<\/li><li>Kullan\u0131c\u0131 giri\u015flerinde her form g\u00f6nderildi\u011finde \u201cben robot de\u011filim\u201d do\u011frulamas\u0131n\u0131n kullan\u0131lmas\u0131n\u0131 sa\u011flayabilirsiniz. B\u00f6ylece otomatik olarak yap\u0131lan g\u00fcvenlik a\u00e7\u0131k sorgulamalar\u0131n\u0131 \u00f6nleyebilirsiniz.\u00a0<\/li><li>Genel bir g\u00fcvenlik \u00f6nlemi olarak \u00e7ift fakt\u00f6rl\u00fc giri\u015f yap\u0131lmas\u0131n\u0131 sa\u011flayabilirsiniz.\u00a0<\/li><li>Uygulamalarda kullan\u0131lan sorgular\u0131 belli periyotlarla g\u00f6zden ge\u00e7irmelisiniz. \u015e\u00fcpheli sorgular\u0131 takip edebilece\u011finiz gibi sald\u0131r\u0131ya a\u00e7\u0131k durumlar\u0131 da tespit edebilirsiniz. NULL karakterlerin bulundu\u011fu talimatlar\u0131 yeniden d\u00fczenlemelisiniz.\u00a0<\/li><li>Sistemde yer alan kullan\u0131c\u0131lar\u0131 ve rollerini de s\u0131k s\u0131k kontrol etmelisiniz. Sistemde tam yetkili olanlar\u0131n \u201cy\u00f6netici\u201d, \u201cadmin\u201d gibi kullan\u0131c\u0131 adlar\u0131na sahip olmad\u0131klar\u0131ndan emin olmal\u0131s\u0131n\u0131z. Bu sald\u0131rganlar\u0131n ilk deneyece\u011fi kullan\u0131c\u0131 kodlar\u0131ndan biri olur. Kullan\u0131c\u0131lar\u0131n ger\u00e7ek isimlerini kullanmamalar\u0131 da kolay tahmin edilememesi a\u00e7\u0131s\u0131ndan \u00f6nemlidir.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"\u0130nternet siteleri \u00fczerinden yap\u0131lan i\u015flemlerde en b\u00fcy\u00fck tehditler siber sald\u0131r\u0131lard\u0131r. Her y\u0131l binlerce ki\u015fiye ait ki\u015fisel veriler, \u00e7ok&hellip;\n","protected":false},"author":7,"featured_media":33460,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[389],"tags":[],"class_list":{"0":"post-33459","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-donanim-yazilim"},"_links":{"self":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/33459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/comments?post=33459"}],"version-history":[{"count":1,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/33459\/revisions"}],"predecessor-version":[{"id":33462,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/posts\/33459\/revisions\/33462"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/media\/33460"}],"wp:attachment":[{"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/media?parent=33459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/categories?post=33459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.natro.com\/blog\/wp-json\/wp\/v2\/tags?post=33459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}