Hi today i am going to explain thing
you have to know about SQL Injection.
- What is SQL injection
- How it work
- What is SQL injection:-SQL injection is attack vector in which attacker directly execute SQL query to database from Vulnerable Web Application. Attacker can perform any sql query like select, update, create, delete type of query on Database. Sql Injection is not limited to gaining access to database it can also lead to compromising of Operating System.
- How it work: SQL injection work by breaking the original Sql query using OR,UNION,AND.
User_table having following database
ID
|
USERNAME
|
PASSWORD
|
1
|
Admin
|
Admin
|
2
|
Vinesh
|
Security
|
3
|
Vin32
|
Vin32
|
4
|
Secure
|
Secure
|
Select * from User_table where
Username="Vinesh" and Password="security"
What if attacker uses this functionality to performe
Sql injection by breaking above sql query.
Attack vector: "or 1=1--
When attacker uses this attack vector in
Username field following query will execute by web application.
Select * from User_table where Username=" "or 1=1--and Password="security"
As you can see that the query is having blank
username with or condition of 1=1 which is always true and comment out rest of
the password part so it will not check for password field.
So attacker would logon with 1st username that
is admin without entering any credential.
Similar Attack Vector Used in Sql Injection
' or '1'='1' -- '
' or '1'='1' ({ '
' or '1'='1' /* '
Below mentioned are the Source code vulnerable to SQL Injection.
Where user enters his id and get details of his firstname and lastname.
What if attacker use this feature and exploit using SQL Injection and get all the details of in database.
How to prevent SQL Injection
- Use of Prepared Statements (Parameterized Queries)
- Use of Stored Procedures
- Escaping all User Supplied Input
- Also Enforce: Least Privilege user
- Also Perform: White List Input Validation
Reference URL:
https://www.owasp.org/index.php/Query_Parameterization_Cheat_Sheet
https://www.owasp.org/index.php/SQL_Injection
