SQL Injection

Table of Contents

What is SQL Injection?

SQL-Injection-1024x624.jpg

Sql injection is defined as a code injection technique which would destroy the database. It is one among hacking techniques. Sql injection may be a placement of main malicious code in sql statements through the web page input.

Sql in web pages

Sql injection occurs by asking the user for input, like username and password when the user gives that we have Sql statement that we will unknowingly run or database. Consider the following example, which creates a SELECT statement by adding variable to a select string. This variable is fetched from user input (getRequestString). For example

txtUser_Id = getRequestString(“User_Id”);
txt_SQL = “SELECT * FROM Users WHERE User_Id = ” + txtUser_Id;

Why sql injection is performed?

To make a sql injection attack, an attacker must first find vulnerable user inputs within the web page or web application. A web page which has a sql injection vulnerability that uses such user input from the sql query. The attacker will create input content. This type of content is called as malicious payload and is a part of the attacker. Once the attacker sends the malicious content, sql commands are executed in the database.

Sql is a query language which is designed to manage data stored in relational databases. We can use it to access, modify, and delete data. Many web applications and web sites store all the data in sql databases. We can also have sql commands to run operating system commands. A successful SQL injection attack will have a serious consequences.

  • Here attacker will use sql injection to get the credentials of other users in the database. They will then impersonate these users. The impersonated user may be a database administrator with all the database facilities.
  • This sql lets user to select output data from the database. An sql injection vulnerability could allow the attacker to gain complete access to all data in the database server.
  • Sql lets us alter the data in the database and to add new data like consider an example of any financial application, an attacker may use sql injection to change balances, cancel transactions, or transfer money to their account.
  • We can use sql data to delete records from the database even the drop tables. Even when the administrator makes the database backups, deletion of data will affect application availability unless the data is restored. Also the backups will not  cover the recent data.
  • Some database servers where we can access the operating system using the database server. This may be purposefully done or may be by accidental. An attacker will use the Sql injection as the initial vector and then the attack the internal network behind the firewall.

There are many types of Sql injection available:

Sql injection may be in a range of ways to cause serious problems. By levering sql injection, an attacker may bypass authentication, access, modify and delete data within a database. In sql injection, SQL queries are often used to execute commands on the OS, potentially by allowing an attacker to do for more damaging attacks inside of a network that sits behind a firewall.

  1. In-band sqli (classic SQLi)- In-band sql injection is the most common and easy way to be used among sql injection attacks. In-band sql  injection comes when an attacker is able is use the same communication channel to both launch the attack and gather results.
  2. Error based SQLi- Error based SQLi is considered as an in-band SQL injection technique that relies on the error messages which is thrown by the database server to obtain information about the structure of the database. Error based SQLi injection as solo is enough for an attacker to enumerate an entire database. The errors are useful during the development phase of a web application, they should be disabled on live site or may be logged to a file with a limited access.
  3. Union-based SQLi- Union-based SQLi is known as in-band sql injection methods that leverage the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is returned as portion of the HTTP response.
  4. Inferential SQLi(Blind SQLi)- This injection is same as in-band SQLi, may take longer for any attacker to exploit it just as dangerous as any other form of sql  injection. In an inferential SQLi attack, none of data is actually transferred through the web application and attacker would not be able to see and is referred as “blind SQL injection attacks”.

Questions

  1. What is sql injection?
  2. What are the applications of sql injection?

2 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share this article
Subscribe
By pressing the Subscribe button, you confirm that you have read our Privacy Policy.
Need a Free Demo Class?
Join H2K Infosys IT Online Training
Enroll Free demo class