Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • SQL Tutorial -> Sql Injection

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 87
    Comment on it

    <-- Chapter 20: SQL DELETE

    Chapter 21

    SQL INJECTION


    SQL Injection is an injection attack wherein attacker is able to submit a database SQL command which is executed by a web application exposing back-end database. Attacker can add SQL query in web form input text box to gain access to resources and make changes in database. On a user authentication web form , user is allowed to enter username and password in the text boxes provided for them, those values are inserted into a SELECT query. If the entered username and password values are found as corrected, then user is allowed access otherwise access is denied. However in most of the web forms, there is no way to block input text boxes other than username and password so in this manner attacker can send his own request through input text boxes to database, which can allow them to gain whole access to entire database.

    Lets see an example from the below table "users" :-


    userID userName password
    101 ABC pass123
    102 DEF pass456
    103 GHI pass1234

    Lets say we have a authentication web form


    Username:
    Password:

    Lets see the query and the server code to authenticate user.


    Server Code in PHP :-

    <?php
    $username = $_POST["username"];
    $password = $_POST["password"];
    ?>
    

    SELECT * 
    FROM `users` 
    WHERE `userName` = '" . $username . "' AND `password` = '" . $password . "';
    

    Now see the query below, how an attacker can type anything in the username and password text box by simply inserting " or ""=" to expose the database table users. It means how he can gain access to all usernames and passwords.The above authenticate query can become like below :-


    SELECT * 
    FROM `users` 
    WHERE `userName` ="" or ""="" AND `password` ="" or ""="";
    

    Above Query will return all the rows from users table. since WHERE ""="" is always TRUE.Similarly Attacker might enter 1=1 which is also always TRUE and return all the rows from the table.


    Preventing SQL Injection

    • We can prevent SQL Injection by applying input validation technique in which user input is authenticated to enter alphabets, integer, alphanumeric, symbols, length etc.
    • We should make sure that users with the permission to access the database have the least privileges.

    Chapter 22: SQL Select Top -->

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: