Scribd Logo
Upload

Welcome to Scribd!

  • 204 views

    SQL Injection

    Uploaded by

    Abdulkerim
    An SQL injection attack occurs when malicious SQL code is inserted into an entry field of a web application. This can allow an attacker to alter the SQL query executed by the database server to access unauthorized data, make unauthorized changes, or even run operating system commands. Some common consequences of a successful SQL injection attack include accessing credentials of other users, viewing or modifying all data in the database, or deleting database records. The document provides examples of simple SQL injection attacks, including authenticating as an administrator by adding an 'OR 1=1' statement, and using a UNION operator to join the results of multiple SELECT statements to retrieve additional data.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd

    SQL Injection

    Uploaded by

    Abdulkerim
    204 views4 pages
    An SQL injection attack occurs when malicious SQL code is inserted into an entry field of a web application. This can allow an attacker to alter the SQL query executed by the database server to access unauthorized data, make unauthorized changes, or even run operating system commands. Some common consequences of a successful SQL injection attack include accessing credentials of other users, viewing or modifying all data in the database, or deleting database records. The document provides examples of simple SQL injection attacks, including authenticating as an administrator by adding an 'OR 1=1' statement, and using a UNION operator to join the results of multiple SELECT statements to retrieve additional data.

    Original Description:

    yuyujyujty

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    An SQL injection attack occurs when malicious SQL code is inserted into an entry field of a web application. This can allow an attacker to alter the SQL query executed by the database server to access unauthorized data, make unauthorized changes, or even run operating system commands. Some common consequences of a successful SQL injection attack include accessing credentials of other users, viewing or modifying all data in the database, or deleting database records. The document provides examples of simple SQL injection attacks, including authenticating as an administrator by adding an 'OR 1=1' statement, and using a UNION operator to join the results of multiple SELECT statements to retrieve additional data.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    204 views4 pages

    SQL Injection

    Uploaded by

    Abdulkerim
    An SQL injection attack occurs when malicious SQL code is inserted into an entry field of a web application. This can allow an attacker to alter the SQL query executed by the database server to access unauthorized data, make unauthorized changes, or even run operating system commands. Some common consequences of a successful SQL injection attack include accessing credentials of other users, viewing or modifying all data in the database, or deleting database records. The document provides examples of simple SQL injection attacks, including authenticating as an administrator by adding an 'OR 1=1' statement, and using a UNION operator to join the results of multiple SELECT statements to retrieve additional data.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Download as docx, pdf, or txt
    You are on page 1of 4

    How and Why Is an SQL Injection Attack Performed

    To make an SQL Injection attack, an attacker must first find vulnerable user inputs within the web page
    or web application. A web page or web application that has an SQL Injection vulnerability uses such
    user input directly in an SQL query. The attacker can create input content. Such content is often called
    a malicious payload and is the key part of the attack. After the attacker sends this content, malicious
    SQL commands are executed in the database.
    SQL is a query language that was designed to manage data stored in relational databases. You can
    use it to access, modify, and delete data. Many web applications and websites store all the data in
    SQL databases. In some cases, you can also use SQL commands to run operating system commands.
    Therefore, a successful SQL Injection attack can have very serious consequences.

     Attackers can use SQL Injections to find the credentials of other users in the database. They
    can then impersonate these users. The impersonated user may be a database administrator
    with all database privileges.
     SQL lets you select and output data from the database. An SQL Injection vulnerability could
    allow the attacker to gain complete access to all data in a database server.
     SQL also lets you alter data in a database and add new data. For example, in a financial
    application, an attacker could use SQL Injection to alter balances, void transactions, or
    transfer money to their account.
     You can use SQL to delete records from a database, even drop tables. Even if the
    administrator makes database backups, deletion of data could affect application availability
    until the database is restored. Also, backups may not cover the most recent data.
     In some database servers, you can access the operating system using the database server.
    This may be intentional or accidental. In such case, an attacker could use an SQL Injection
    as the initial vector and then attack the internal network behind a firewall.

    There are several types of SQL Injection attacks: in-band SQLi (using database errors or UNION
    commands), blind SQLi, and out-of-band SQLi. You can read more about them in the following
    articles: Types of SQL Injection (SQLi), Blind SQL Injection: What is it.
    To follow step-by-step how an SQL Injection attack is performed and what serious consequences it
    may have, see: Exploiting SQL Injection: a Hands-on Example.

    Simple SQL Injection Example


    The first example is very simple. It shows, how an attacker can use an SQL Injection vulnerability to
    go around application security and authenticate as the administrator.
    The following script is pseudocode executed on a web server. It is a simple example of authenticating
    with a username and a password. The example database has a table named users with the following
    columns: username and password.

    # Define POST variables


    uname = request.POST['username']
    passwd = request.POST['password']

    # SQL query vulnerable to SQLi


    sql = “SELECT id FROM users WHERE username=’” + uname + “’ AND password=’” + passwd +
    “’”

    # Execute the SQL statement


    database.execute(sql)

    These input fields are vulnerable to SQL Injection. An attacker could use SQL commands in the input
    in a way that would alter the SQL statement executed by the database server. For example, they could
    use a trick involving a single quote and set the passwd field to:

    password' OR 1=1

    As a result, the database server runs the following SQL query:

    SELECT id FROM users WHERE username='username' AND password='password' OR 1=1'

    Because of the OR 1=1 statement, the WHERE clause returns the first id from the users table no matter
    what the username and password are. The first user id in a database is very often the administrator. In
    this way, the attacker not only bypasses authentication but also gains administrator privileges. They
    can also comment out the rest of the SQL statement to control the execution of the SQL query further:

    -- MySQL, MSSQL, Oracle, PostgreSQL, SQLite


    ' OR '1'='1' --
    ' OR '1'='1' /*
    -- MySQL
    ' OR '1'='1' #
    -- Access (using null characters)
    ' OR '1'='1' %00
    ' OR '1'='1' %16

    Example of a Union-Based SQL Injection


    One of the most common types of SQL Injection uses the UNION operator. It allows the attacker to
    combine the results of two or more SELECT statements into a single result. The technique is
    called union-based SQL Injection.
    The following is an example of this technique. It uses the web page testphp.vulnweb.com, an
    intentionally vulnerable website hosted by Acunetix.
    The following HTTP request is a normal request that a legitimate user would send:

    GET http://testphp.vulnweb.com/artists.php?artist=1 HTTP/1.1


    Host: testphp.vulnweb.com

    The artist parameter is vulnerable to SQL Injection. The following payload modifies the query to look
    for an inexistent record. It sets the value in the URL query string to -1. Of course, it could be any other
    value that does not exist in the database. However, a negative value is a good guess because an
    identifier in a database is rarely a negative number.
    In SQL Injection, the UNION operator is commonly used to attach a malicious SQL query to the original
    query intended to be run by the web application. The result of the injected query will be joined with the
    result of the original query. This allows the attacker to obtain column values from other tables.

    GET http://testphp.vulnweb.com/artists.php?artist=-1 UNION SELECT 1, 2, 3 HTTP/1.1


    Host: testphp.vulnweb.com

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy