SQL Injections

In this SQL tutorial, we will learn about one of the major injection attack used by the hackers i.e. SQL Injection attack. This is one of the most popular web hacking injection protocol.

What is an SQL Injection?

SQL Injection is also called as SQLi. SQLi is the web security vulnerability due to which the application is on the verge of losing private data.

When a hacker can run malicious SQL queries on the database the private data is exposed hence corrupting the application.

This can be done by interacting with the user input fields, using languages or particular special symbols, the most frequent being 1=1 and the ‘or’.

What happens if a SQL Injection is Successful?

When the hacker successfully breaks into the database by running the malicious SQL queries.

Hackers get access to the private database of the application and can corrupt the application which leads to failure of backend services as well.

Researchers have also seen that sometimes the hacker gets control of the backend system of the organization, even the backend stuff.

This leads to the compromise between the services being provided to the users and in some cases, the services remain down for a long period.

Some of the Major SQL Injections

When we talk about Injection attacks in the case of the web, SQL injection attacks top the list.

Some of the major SQL injection attacks are as follows:

  1. SQL injection based on 1=1 which the system always evaluates to be True.

    Here the hacker uses the fact that a or statement evaluates to true even if one condition evaluates to true. Hence the hacker uses a smart input like “1=1” which always evaluates to true.

    For example:

    If we have an emp_id column and the hacker wishes to view the database he can use an input like “ emp_id = 112 or 1=1” this will evaluate to the SQL query as follows:

    Query:

    Use IBM;

    SELECT emp_id,name,location,experience

    FROM IBM A1

    WHERE emp_id = ‘112’ or 1=1;

  2. SQL injection based on “=” which the system evaluates to be True always.

    In this case, the hacker will manifest the fact that the expression on each side of =, if evaluate to true will return all the results stored in the database.

    For example, if we have an emp_id field and the hacker inputs- “” or “”=”” this expression evaluates to true and thus returns the whole database data to the hacker.

    If we put emp_id = “” or “”=””, then the SQL query which automatically executes at the backend is as follows:

    Query:

    Use IBM;

    SELECT emp_id,name,location,experience

    FROM IBM A1

    WHERE emp_id = “” or “”=””;

  3. SQL injection based on batched SQL statements.

    If the hacker passes some SQL statement in the input field it is treated as a valid SQL statement and is executed on our database.

    For example:

    If the hacker inputs the following in the emp_id user field: “118”; TRUNCATE location

    In this case, we will lose all the data stored in the location table of our database. The resulting query would be as follows:

    Query:

    Use IBM;

    SELECT emp_id,name,location,experience

    FROM IBM A1

    WHERE emp_id = “105”;

    TRUNCATE location;

  4. SQL injection to access the hidden data.

    Here the hacker accesses the hidden data by using malicious entries into the user input fields.

    For Example:

    If the hacker inputs some data which is always true into the user field whole application data is exposed.

    If the user inputs something like ‘*’, in the input field whole data is exposed as the query translates to the following:

    Query:

    Use IBM;

    SELECT *

    FROM IBM;

  5. SQL injection to alter the application logic.

    In this case, the hacker changes the hidden logic or gets access to the backend of the application hence corrupting the application. We can understand this by the following example:

    If the hacker inputs a random input in the emp_id input field and a truncate statement then we can lose all the data stored. Hence the logic at the backend would fail.

    Emp_id = ‘789’ ; TRUNCATE IBM

    This would translate to the following SQL query-

    Query:

    Use IBM;

    SELECT *

    FROM IBM A1

    WHERE emp_id = “789”;

    TRUNCATE IBM;

How to Prevent SQL Injections?

Some of the general methods which one can follow to avoid SQL Injection attacks are as follows:

  1. The organization should make aware all the web developers and the backend developers about tips and tricks to avoid SQL injections.
  2. Regular training can help avoid these attacks to a large extent.

  3. All the user inputs should be treated as untrusted and should be checked before we run the query on our database.
  4. Filter the user input based on the white lists as the hacker always develops the tool to get past the blacklist almost always.
  5. The organizations and the hosting units should make sure that the website runs on the latest technologies and uses the latest security certificates to avoid injection attacks.
  6. Always implement the tried and tested mechanisms to prevent an attack on the system instead of deploying the system you built from scratch.
  7. Last but not least always ensure that the systems are regularly on the monitor for suspicious activity or events.


Copyright 1999- Ducat Creative, All rights reserved.

Anda bisa mendapatkan server slot online resmi dan terpercaya tentu saja di sini. Sebagai salah satu provider yang menyediakan banyak pilihan permainan.