Skip to main content

SQL Injection

SQL Injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.  SQL Injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands. This vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

Explanation
Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.

SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.

Impact
Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database!

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data, use subselects, or append additional queries.

In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures, it could spell disaster.

Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered. Data is being unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.

Example

Here is a sample basic HTML form with two inputs, login and password.
<form method=”post” action=”http://testasp.acunetix.com/login.asp”>
<input name=”tfUName” type=”text” id=”tfUName”>
<input name=”tfUPass” type=”password” id=”tfUPass”>
</form>

The easiest way for the login.asp to work is by building a database query that looks like this:

SELECT id
FROM logins
WHERE username = ‘$username’
AND password = ‘$password’

If the variables $username and $password are requested directly from the user’s input, this can easily be compromised. Suppose that we gave “Joe” as a username and that the following string was provided as a password: anything’ OR ‘x’='x

SELECT id
FROM logins
WHERE username = ‘John’
AND password = ‘anything’ OR ‘x’='x’

As the inputs of the web application are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.

The ‘x’='x’ part guarantees to be true regardless of what the first part contains.

This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!

Comments

Popular posts from this blog

Exploring Node.js Internals

I found a great article explaining Node JS internals, must read : https://www.smashingmagazine.com/2020/04/nodejs-internals/ Some other articles : Introduction to Node.js Being an official website, Node.dev explains what Node.js is, as well as its package managers, and lists web frameworks built on top of it. “ JavaScript & Node.js ”,  The Node Beginner Book This book by  Manuel Kiessling  does a fantastic job of explaining Node.js, after warning that JavaScript in the browser is not the same as the one in Node.js, even though both are written in the same language. Beginning Node.js This beginner book goes beyond an explanation of the runtime. It teaches about packages and streams and creating a web server with the Express framework. LibUV This is the official documentation of the supporting C++ code of the Node.js runtime. V8 This is the official documentation of the JavaScript engine that makes it possible to write Node.js with JavaScript.

Tum mujhko karna maaf priye – Poem By Dr. Kumar Vishwas

Lyrics : O kalp-vraksh ki son-juhi, O amal-tas ki amar kali Dharti ke aatap se jalte, Man par chaayi nirmal badli Main tumko madhu-sad-gandh yukt, sansaar nahi de paunga ! Tum mujhko karna maaf priye main pyar nahi de paunga !! Tum kalp-vraksh ka fool aur Main dharti ka adna gayak Tum jeewan ke upbhog yogya Main nahi adhuri gazal shubhey Tum saam-gaan si pawan ho Himshikharon par sehsa kaundha Bijuri si tum man bhawan ho Isliye vyarth shabdo wala, vyapar nahi de paunga ! Tum mujhko karna maaf priye main pyar nahi de paunga !! Tum jis shaiya par shayan karo, Veh sheer sindh si pawan ho Jis aangan ki ho maul-shree Veh aangan kya vrandawan ho Jin adhron ka chumban pao Veh adhar nahin ganga tat ho Jiski chaya ban saath raho Veh vyakti nahin vanshi-vat ho Par main vat jaisa saghan chaaon ,vistaar nahin de paunga ! Tum mujhko karna maaf main pyar nahi de paunga !! Main tumko chand sitaron ka Saupun uphar bhala kaise Main yayavar banjara sadhu sur-sansar bhala kaise Main jeewan