Scribd
Upload
7 views14 pages

SQL Injection

read it

Uploaded by

mahendra.siem
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
Download as pptx, pdf, or txt
7 views14 pages

SQL Injection

read it

Uploaded by

mahendra.siem
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
Download as pptx, pdf, or txt
Download as pptx, pdf, or txt
You are on page 1/ 14

SQL Injection

What is SQL Injection ?

 SQL injection is a code injection technique that might destroy

your database.

 SQL injection is one of the most common web hacking

techniques.

 SQL injection is the placement of malicious code in SQL

statements, via web page input.


How SQL Injection works?
Impact of SQL Injection

 There are a number of things an attacker can do when exploiting


an SQL injection on a vulnerable website. Usually, it depends on
the privileges of the user the web application uses to connect to
the database server. By exploiting an SQL injection vulnerability,
an attacker can:

 Add, delete, edit or read content in the database

 Read source code from files on the database server

 Write files to the database server


Types of SQL Injection

1) In-band SQLi

2) Inferential SQLi

3) Out-of-band SQLi
In-band SQLi

 In-band SQL Injection occurs when an attacker is able to use the


same communication channel to both launch the attack and
gather results.

 The two most common types of in-band SQL Injection are Error-
based SQLi and Union-based SQLi.
In-band SQLi

Error-based SQLi :
is an in-band SQL Injection technique that relies on error messages
thrown by the database server to obtain information about the
structure of the database.
Union-based SQLi:
is an in-band SQL injection technique that leverages the UNION SQL
operator to combine the results of two or more SELECT statements
into a single result
Inferential SQLi (blind SQLi)

 Inferential SQL injection is also commonly known as blind SQL injection; it


is referred to as so because, in this case, the data is not actually
transferred between the web application and the attacker is not able to
directly see the response of the injected queries. Instead, this kind of
vulnerability is exploited when the attacker enumerates the database by
observing the application's behavior. There are two kinds of blind SQL
injection:
• Boolean-based blind SQLi: This is a type of inferential SQL injection
attack in which the attacker mainly sends an SQL query to the database,
in response to which the application returns results that depend on
whether the query is a true or false result
• Time-based blind SQLi :This is a type of inferential SQL injection attack
in which the attacker mainly sends an SQL sleep commands to the
database, in response to which the application returns results that depend
on the query.
Out-of-band SQLi

 Out-of-band SQL injection (OOB SQLi) is a type of SQL injection


where the attacker does not receive a response from the
attacked application on the same communication channel but
instead is able to cause the application to send data to a remote
endpoint that they control.Out-of-band SQL injection is only
possible if the server that you are u

 Out-of-band SQLi techniques would rely on the database server’s


ability to make DNS or HTTP requests to deliver data to an
attacker
Examples
 SQL Injection Based on 1=1 is Always True
 If there is nothing to prevent a user from entering "wrong" input,
the user can enter some "smart" input like this:
 UserId: 100 or 1=1
 Then, the SQL statement will look like this:
 SELECT * FROM Users WHERE UserId = 105 OR 1=1;
 The SQL above is valid and will return ALL rows from the "Users"
table, since OR 1=1 is always TRUE.
 A hacker might get access to all the user names and passwords in
a database, by simply inserting 105 OR 1=1 into the input field.
Examples
 SQL Injection Based on ""="" is Always True
 SELECT * FROM Users WHERE Name =“Ali Anwar" AND Pass =“account1!"

 A hacker might get access to user names and passwords in a database by simply inserting " OR
""=" into the user name or password text box:

 User Name: " or ""="

 Password: " or ""="

 The code at the server will create a valid SQL statement like this:
 SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
 The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always
TRUE.
SQL Injection Prevention

 1. Employ comprehensive data sanitization. Websites must


filter all user input. Ideally, user data should be filtered for
context. For example, email addresses should be filtered to allow
only the characters allowed in an e-mail address, phone numbers
should be filtered to allow only the characters allowed in a phone
number, and so on.

 2. Use a web application firewall. A popular example is the


free, open source module ModSecurity which is available for
Apache, Microsoft IIS, and nginx web servers. ModSecurity
provides a sophisticated and ever-evolving set of rules to filter
potentially dangerous web requests. Its SQL injection defenses
can catch most attempts to sneak SQL through web channels.
SQL Injection Prevention

3. Limit database privileges by context.


Create multiple database user accounts with the minimum levels of
privilege for their usage environment. For example, the code behind
a login page should query the database using an account limited
only to the relevent credentials table.

4. Avoid constructing SQL queries with user input.


Even data sanitization routines can be flawed. Ideally, using SQL
variable binding with prepared statements or stored procedures is
much safer than constructing full queries.
SQL Injection Prevention

5. Regularly apply software patches.


Because SQL injection vulnerabilities are regularly identified in
commercial software, it is important to stay up to date on patching.

6. Continuously monitor SQL statements from database-


connected applications
This will help identify rogue SQL statements and vulnerabilities.
Monitoring tools that utilize machine learning and/or behavioral
analysis can be especially useful..

You might also like