Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
 
  • Stopping MySQL injection using Core PHP

    • 0
    • 1
    • 1
    • 2
    • 0
    • 0
    • 0
    • 0
    • 459
    Comment on it

    What is SQL Injection?

    According to WIKIPEDIA:

    SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application.

    A SQL injection attack exploits security vulnerabilities at the database layer. By injecting the SQL injection flaw, attackers can create, read, modify or delete sensitive data.It's one of the most prevalent types of web application security vulnerability.

    It occurs when the SQL statements are injected into your application by any user.Hence these attacks are also known as SQL insertion attacks.

    How does it work?

    A user can pass un-intended SQL queries and unfiltered data into a SQL query which is to be executed.

    Say we have a simple login form that takes a username and password as input , and validates against the database. If the username and password is validated, the user is logged into the system otherwise it should generate an error.

    Consider the simple log-in form where we get the USERNAME and PASSWORD from the POST request

     $user_name = $_POST[ 'username' ];
      $password  = $_POST[ 'password' ];
      $query = "SELECT first_name,
      last_name, account_number FROM
      users_table WHERE username =
      '$user_name' AND password =
      '$password' ";
      $result = mysql_query( $query );
    

    The above code will work fine in the case,when the entered username and password is correct.Hence,it will allow only the genuine users to see their bank account number.

    CASE 1: Lets assume that correct username for our form is admin , and password is our password, then the SQL query that is passed to the MySQL will looks like this:

      SELECT first_name, last_name,
      account_number FROM users_table WHERE
      username = 'admin' AND password =
      'password' ;
    

    If our input data is validated successfully, then we will be logged into the system and we can see our account number also else there will be an error message displayed something like this: Username or Password not valid! Please try again!

    CASE 2: Lets see what happens if the malicious user/Hacker enters username as ( OR 1=1) and password as password.

    The SQL query will look somewhat like this:

     SELECT first_name, last_name,
      account_number FROM users_table WHERE
      username = '' OR '1'='1' AND password
      = 'password' ;
    

    The above SQL query tells MySQL to find all rows with a username equal to (blank) or (1=1) and a password equal to password.

    Lets represent the query more logically to understand:

      The query says username =  OR 1=1
      AND password = password
    

    We know that under all circumstances 1=1 is always going to be TRUE. Hence, the user will be able to login to the system even if the password is correct or even when the user name is wrong.This allows to view all the records in the table along with the first record's account number which is stored in the database,and according to the SQL statement this is actually wrong.

    How can you prevent SQL Injections?

    1.Adopt an input validation techniques whereby input user is checked against business rule and set of defined rules for length ,type and syntax.

    2.The principle of providing "least privilege is highly beneficial" as it's always better to create partitioned table spaces inside database and provide access only to those tables which he/she needs, rather than providing the access to whole of the database.

    3.Using addslashes() and mysql_real_escape_string() functions These two functions in PHP only works if the query string is wrapped in quotes.A string using this still would be vulnerable to SQL injection.

    4.To minimize the SQL injection attack, one should always store database credentials in a separate encrypted file.

    5.Many Attackers/malicious users/hackers needs an access to the database and many databases offer shell access which essentially is what they needs. Because of this you need to close this open loophole. Every service provider has different methods to disable the execution of shells so you should contact yours.

    6.All Stored Procedures which are not in use should be removed.

    7.Last but not the least, one should think like a hacker.Think how a hacker/unauthorized user can hack your database through SQL injection, which tools and techniques he can use to find the loophole.(they can even use PLUGINS )

    While developing web applications one should stay alert , as no one know when he/she is gonna get hacked.

    References

    http://en.wikipedia.org/wiki/SQL_injection
    http://www.websecurify.com/vulnerabilities.html

 0 Comment(s)

Sign In
                           OR                           
                           OR                           
Register

Sign up using

                           OR                           
Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: