SQL Injection Attack: The Most Dangerous Attack

What is a SQL Injection Attack?

SQL Injection is one of the most dangerous hacking techniques. It is a common attack that uses malicious queries for backend database manipulation to access information that is not supposed to be displayed. This information includes personal data such as passwords or personal user information. It results in confidential data are stolen, lost, or deleted and also unauthorized access to systems, accounts, and sensitive data such as passwords, credit card details, or sensitive company data. A successful attack may also result in unauthorized viewing of user lists, the deletion of entire tables.

SQL Injection Tools:

SQLmap, SQLninja, Havij is the tool available to test your own web applications, but also help the attackers to penetrate into your system. SQLmap can be used to penetrate into your own web application to check if your system is secured.

User input in SQL statement:

  • SQL Injection Based on 1=1 is Always True:

The purpose of the code is to create a statement to select a user. It is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE.

Select * from Users where UserID=105 OR 1=1;

  • SQL Injection Based on “”=”” is Always True:

SELECT * FROM Users WHERE Name =“Hive” AND Pass =“Password”

A hacker can  access the user names and passwords  by inserting ” OR ” “=” in the user name or password text box:

User Name:

Password:

The code  will create a valid statement like:

SELECT * FROM Users WHERE Name =“” or “”=“” AND Pass =“” or “”=“”

  • SQL Injection Based on Batched SQL Statements: Most databases support batched SQL statements. A batch of SQL statements is a group of two or more statements, separated by semicolons.SELECT * FROM Customers; DROP TABLE Orders

How SQL Injection Works?

A SQL statement also consists of a predetermined set of parameters. The following is  an example of a login form in SQL:

SELECT * FROM users WHERE username = ‘$username’ AND password = bcrypt (‘$password’)

After  entering their username and password, the statement is completed, following which a query is sent to the server to retrieve the user’s information from the database.

When a vulnerability exists in a SQL statement, the attacker would be able to enter complex scripts into the forms to interfere with the preexisting parameters to alter the meaning of the complete statement.

How to prevent SQL injection attacks?

  • Discover SQL Injection vulnerabilities by regularly testing the web applications by using both static testing and dynamic testing
  • Use whitelists in place of blacklists  and avoid  filter user input based on blacklists. If possible, verify and filter user input using whitelists only.
  • Mitigate the impact of SQL Injection vulnerabilities by enforcing the least privilege on the database, this way each software component of an application can access and affect only the resources it needs.
  • Use a Web Application Firewall (WAF) for web applications that access databases. This can help identify SQL injection attempts and sometimes help prevent SQL injection attempts from reaching the application as well.

 

 

Related Posts

Leave a comment

Contact Us
close slider

    Are you looking for a quote or general enquiry? Please fill in the details below, we will get back to you in 24 hours.

    error: Content is protected !!
    Privacy Preferences
    When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.