Skip to main content

SQL Injection

SQL Injection 

Data is one of the most vital components of information systems. Database powered web applications are used by organization to get data from customers. SQL injection takes advantage of the design flaws in poorly designed web applications to poison SQL statements to execute malicious statements.
What is a SQL Injection?
SQL is the acronym for Structured Query Language. It is used to retrieve and manipulate data in the database. SQL Injection is an attack that poisons dynamic SQL statements to comment out certain parts of the statement or appending a condition that will always be true.
How SQL Injection Works
The types of attacks that can be performed using SQL injection vary depending on the type of database engine.The attack works on dynamic SQL statements. A dynamic statement is a statement that is generated at run time using parameters password from a web form or URI query string.
Let’s consider a simple web application with a login form. The code for the HTML form is shown below.
  1. <form action= "index.php" method= "post">
  2. <input type = "email" name = "email" required = 'required = "required"/>
  3. <input type = "password" name = "password"/>
  4. <input type = "checkbox"  name = "remember.me" value "remember.me"/>
  5. <input type = "Sumbit" vaule = "Submit"/>
  6. </form>

The above form accepts the email address and password then submits them to a PHP file named index.php.
It has an option of storing the login session in a cookie. We have deduced this from the remember_me checkbox. It uses the post method to submit data. This means the values are not displayed in the URL.

              Let’s suppose the statement at the backend for checking user ID is as follows
SELECT * FROM users WHERE email = $_POST['email'] AND password = md5($_POST['password']);

  • The above statement uses the values of the $_POST[] array directly without sanitizing them.
  • The password is encrypted using MD5 algorithm.
  • We will illustrate SQL injection attack using sqlfiddle. 
  • http://sqlfiddle.com/#!2/3286e/1 USE THIS TO TEST
Note: you will have to write the SQL statements
  • Enter this code in left pane :
  1. CREATE TABLE `techpand`.`users` (
  2. `id` INT NOT NULL AUTO_INCREMENT,
  3. `email` VARCHAR(45) NULL
  4. `password` VARCHAR(45) NULL,

PRIMARY KEY (`id`));
insert into users (email,password) values ('m@m.com',md5('abc')); 
  •  Enter this code in right paneselect * from users;
  • Step 3) Click Build Schema
  • Step 4)Click Run SQL. You will see following result:
ID                                 |Email                                  |Password                          
1                                     m@m.com                           Hashed Password
Suppose a user supplies admin@admin.sys and 1234 as the password. The statement to be executed against the database would be
SELECT * FROM users WHERE email = 'admin@admin.sys' AND password = md5('1234');
The above code can be exploited by commenting out the password part and appending a condition that will always be true. Let’s suppose an attacker provides the following input in the email address field.
xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ]
xxx for the password.
The generated dynamic statement will be as follows.
SELECT * FROM users WHERE email = 'xxx@xxx.xxx' OR 1 = 1 LIMIT 1 -- ' ] AND password = md5('1234');

xxx@xxx.xxx ends with a single quote which completes the string quote
OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to only one record.
-- ' AND … is a SQL comment that eliminates the password part.
Copy the above SQL statement and paste it in SQL FiddleRun SQL Text box as shown below
There is a sample you can Test :
 http://www.techpanda.org/ This is  vulnerable to SQL Injection attacks for demonstration purposes only. The HTML form code above is taken from the login page. The application provides basic security such as sanitizing the email field. This means our above code cannot be used to bypass the login.
To get round that, we can instead exploit the password field. The diagram below shows the steps that you must follow
Let’s suppose an attacker provides the following input
 1: Enter xxx@xxx.xxx as the email address
 2: Enter xxx') OR 1 = 1 -- ]
  • Click on Submit button
  • You will be directed to the dashboard
  • The generated SQL statement will be as follows
SELECT * FROM users WHERE email = 'xxx@xxx.xxx' AND password = md5('xxx') OR 1 = 1 -- ]');

  • The statement intelligently assumes md5 encryption is used
  • Completes the single quote and closing bracket
  • Appends a condition to the statement that will always be true
  • In general, a successful SQL Injection attack attempts a number of different techniques such as the ones demonstrated above to carry out a successful attack.
Other SQL Injection attack types
SQL Injections can do more harm than just by passing the login algorithms. Some of the attacks include
  1. Deleting data
  2. Updating data
  3. Inserting data
  4. Executing commands on the server that can download and install malicious programs such as Trojans
  5. Exporting valuable data such as credit card details, email and passwords to the attacker’s remote server
  6. Getting user login details etc
The above list is not exhaustive; it just gives you an idea of what SQL Injection
Automation Tools for SQL Injection
In the above example, used manual attack techniques based on our vast knowledge of SQL. There areautomated tools that can help you perform the attacks more efficiently and within the shortest possible time.
These tools include :
How to guard against SQL Injection Attacks
An organization can adopt the following policy to protect itself against SQL Injection attacks.
User input should never be trusted. It must always be sanitized before it is used in dynamic SQL statements.
  • Stored procedures :  these can encapsulate the SQL statements and treat all input as parameters.
  • Prepared statements : prepared statements work by creating the SQL statement first then treating all submitted user data as parameters. This has no effect on the syntax of the SQL statement.
  • Regular expressions : These can be used to detect potential harmful code and remove it before executing the SQL statements.
  • Database connection user access rights : only necessary access rights should be given to accounts used to connect to the database. This can help reduce what the SQL statements can perform on the server.
  • Error messages : these should not reveal sensitive information and where exactly an error occurred. Simple custom error messages such as “Sorry, we are experiencing technical errors. The technical team has been contacted. Please try again later” can be used instead of display the SQL statements that caused the error.
Note: your anti-virus program may flag it due to its nature. You should add it to the exclusions list or pause your anti-virus software.

Summary
SQL Injection is an attack type that exploits bad SQL statements
SQL injection can be used to bypass login algorithms, retrieve, insert, and update and delete data.
SQL injection tools include SQLMap, SQLPing, and SQLSmack etc.
A good security policy when writing SQL statement can help reduce SQL injection attacks.

Comments

Popular posts from this blog

deep web girl pictures

Emma Watson leaked pictures :D

Emma Watson 3

Emma Watson 2

15 Anime girl on the dark web.

11 interest picture on the deep web

Victoria Justice leaked pictures

download 18+++++++++++++++++ pic Password:ilikedeepweb

26 random beautiful girl picture :P

Becca Tobin

LINK OTHER PIC 18++++++++++++++++++++++++++++++ Password: ilikedeepweb

weapon + girl :D