Sunday, 5 July 2015

SQL Injection Series:Introduction

SQL Injection Series

·                 -          Introduction

·         SQL Injection Mechanisms

·         Impact of SQL Injection

·         Exploitation of SQL Injection Techniques

·         Test/Detect SQL Injection

·         Prevention from SQL Injection

A SQL injection attack is exactly what the name suggests – it is where a hacker tries to “inject” his harmful/malicious SQL code into someone else’s database, and force that database to run his SQL. This could potentially ruin their database tables, and even extract valuable or private information from their database tables.

Example of SQL injection vulnerability
To understand how SQL injection vulnerability could occur, imagine the following situation. For example say your website has a method to search for users. A user search page is created which could include something like the following.
<form method="post" action="searchuser.php">
<input type="text" name="username">
<input type="submit" value="Search" name="search">
</form>
This html snippet passes in the username to the dynamic page searchuser.php. The searchuser.php will take the username and add it to an SQL statement. Take for example the following php code snippet.
sqlResult = statement.executeQuery("SELECT * FROM users WHERE username = '" + $username + "';");
Think about this statement and see if you can figure out what is the problem. You might say the $username should be validated before it is added to the SQL statement. That is exactly what should be done. A malicious user could attach additional SQL statements to the username. This could be done by passing is something like.
admin' OR 1=1 --
Think about what the SQL statement would look like.
SELECT * FROM users WHERE username = 'admin' OR 1=1 --';
Notice this will either select the admin account or it will before 1=1 which will result in true. Which in SQL terms this will return the entire users table. Which the users table could contain all sorts of other additional sensitive information. This is just one example of what type of attack could be performed with SQL injection.
In Next Part of the SQL Injection Series we will learn the Mechanisms of SQL Injection

No comments:

Post a Comment

Prevention Techniques: Cross-site request forgery (CSRF)

1. The best defense against CSRF attacks is unpredictable tokens, a piece of data that the server can use to validate the request, and wh...