SQL Injection

Leave a Comment / Cyber Security

Have you ever heard about SQL Injection? What is it really? Find out below.

What is SQL Injection?

SQL injection is a code injection technique that is used to execute malicious SQL statements. It is one of the most used and the most common web based attacks. For SQL Injection to work you need a web application which uses a database. 

For example, consider that there is a web application that uses a database which might be taking input from the user and storing the input onto the database or it might be fetching data from the database and displaying it to the user. In either case what happens is there is a SQL query or any database query that is generated on the web application which is sent to the database.

this query is executed on the database and relevant information is sent back to the user, this is how the normal scenario is. So what happens is that you manipulate the query and then make it do that it is not ideally supposed to do.

How does SQL Injection work?

Let’s take an example of a web application that takes username and password for login. You use a lot of web applications on a day to day basis where the first thing you need to do is login in to the web application example: gmail, facebook, banking, etc. The username and password is stored into a table of the database so when you hit the login button entering the username and the password.

the information is send to the database and then cross checked with the table. If the credentials match then the login is successful. So we are not interested in how this works but the SQL query for the job. Consider the following query.

If these credentials are correct then you’ll be able to login. So the user has control over only the input part. SQL injection attack is when we manipulate the query such that it will always return true without knowing the username and password. For that we use an OR logic gate. 

In this case 1 always equals to 1 hence the SQL query will always return true. The double hyphen that is used is to comment out the rest of the SQL query. As the rest of the part is commented out, the SQL query returns true and you get a successful login. Hence the web application is successfully hacked.

How is SQL injection used to attack a web application?

The kind of SQL injection used or how you use the SQL injection depends on how the web application is built. The data is being passed using different methods. Some are: 

1. GET method:

When a web application is using this method to pass data from one web page to another or from a web page to a database, the data that is being sent is sent through the url of the request. That means that data is visible in the url. SQL Injection Is A Code Injection Technique That Is Used To Execute Malicious SQL Statements. SQL Injection Is One Of The Most Used And There’s a login page having username and password fields with certain usernames and corresponding passwords in a database. When you’ve put a username and a password in those fields and hit the login button, the url request when the get method is used will look something like this : 

localhost/index.php?username=admin&password=admin

In this case, there’s a name of the web page and also the information that is being passed i.e. the username and the password. When some wrong input is given, the login will obviously be a failure. By using the malicious string mentioned in the above section in the url request, we can bypass this login. When we hit enter, we see that the login is successful. 

2. POST method:

When a web application is using this method to pass data from one web page to another or from a web page to the database, the data that is being sent is not visible in the url request. Instead, the data is sent in the request body of the request. 

Example: The website works in the exact same way as in the get method except that when we hit the login button, the username and the password is not seen in the url. Only the name of the webpage is visible. Now how would you hack this application?

The only control the user has over the web application is in the input that they give. So we use the malicious string in the username and password field. The malicious string was  and when we gave some random password and hit the login button, our login was successful. 

How to prevent SQL injection?

There are numerous ways in which SQL injection can be prevented. What kind of method is used depends on how the web application is built. But the easiest way to prevent the attack will be to use a bind parameter on the input so that the whole input will be considered as string and the string would be sent to the database and because there will be no match the login will fail. You can use form validations as well but it all depends on how the application is built.

written by: Atharva Shirude

reviewed by: Sayan Chatterjee

If you are Interested In Machine Learning You Can Check Machine Learning Internship Program
Also Check Other Technical And Non Technical Internship Programs

Leave a Comment

Your email address will not be published. Required fields are marked *