Introduction[ SQL Injection ]
SQL injection is a code injection technique, used to attack data-driven applications, in
which malicious SQL statements are inserted into an entry field for execution (e.g. to
dump the database contents to the attacker).
SQL injection must exploit a security vulnerability in an application's software, for
For example, when user input is either incorrectly filtered for string literal escape
characters embedded in SQL statements or user input is not strongly typed and
unexpectedly executed. SQL injection is mostly known as an attack vector for
websites but can be used to attack any type of SQL database.
SQL injection attacks allow attackers to spoof identity, tamper with existing data,
cause repudiation issues such as voiding transactions or changing balances, allow the
complete disclosure of all data on the system, destroy the data or make it otherwise
unavailable, and become administrators of the database server.
What is SQL Injection?
SQL injection is Common and famous method of hacking in present. Some newbie’s
are hacking that this is a small thing due to some kiddy or scripted software like
“Havij”, but if you see it manually then it is a huge topic and many books can be
easily written on this. Using this method an unauthorized person can access the
database of a website. Attacker can get all details from the Database.
There are four main sub-classes of SQL injection.
1. Class SQLi
2. Blind or Inference SQL injection
3. Database Management System-Specific SQLi
4. Compounded SQLi
▪ SQL Injection + Insufficient Authentication,
▪ SQL Injection + DDos Attacks,
▪ SQL Injection + DNS hijacking,
▪ SQL injection + XSS (Cross Site Scripting).
Scenario #1:
An application uses untrusted data in the construction of the following vulnerable SQL call:
String query = "SELECT * FROM accounts WHERE custID='" + request.getParameter("id") + "'";
Scenario #2:
Similarly, an application’s blind trust in frameworks may result in queries that are still vulnerable, (e.g. Hibernate Query Language (HQL)):
Query HQLQuery = session.createQuery("FROM accounts WHERE custID='" + request.getParameter("id") + "'");
In both cases, the attacker modifies the ‘id’ parameter value in their browser to send: ‘ or ‘1’=’1. For example:
http://example.com/app/accountView?id=' or '1'='1
This changes the meaning of both queries to return all the records from the accounts table. More dangerous attacks could modify or delete data, or even invoke stored procedures.
No comments:
Post a Comment