SQL injection can be defined as the process of a hacker trying to inject malicious SQL code inside your database. Installing malicious SQL code will force your database to run according to the commands generated by the malicious code. The process of injecting malicious SQL code is also known as malicious payload. SQL injection is one of the deadliest attacks against a database because it may lead to theft of sensitive data like customer data, intellectual property, personal information and trade secrets.
- Check: Preventing SQL Injection
How does SQL injection works?
To inject a malicious data inside a SQL server, the attacker must require an input used in a web application. The attacker will use the input to access the SQL database and insert the payload inside the SQL query. The SQL query will run along with the payload which will give the database access to the attacker.
The code given below is used to authenticate the user about web application
# Define POST variables
Uname = requet.POST [‘username’]
pawd = requet.POST [‘password’]
# SQL query vulnerable to SQLi
Sql = “SELECT” id FROM user WHERE username=’” + uname + “‘ AND password =’” +
Pawd + “‘“
# Execute the SQL statement
The code written above is vulnerable to SQL injection because it just acquires and store the user data without making any security measures. The simple payload written below will can make the database to run against the wishes of the user.
Password’ OR 1=1.
What is the worst possible damage can be done using SQL injection attack?
- The attacker can bypass the user authentication process to gain access about user information.
- It is possible for the attacker to impersonate like other users.
- Disclosure of data stored in database is possible using SQL injection.
- Altering the data stored in a database is a common form of SQL injection. By altering the data stored in the database, the real user can be restricted from accessing his/her data. Data altering is a common SQL attack used against banks and stock exchanges. Data altering may lead to affecting data integrity in a database.
- Deleting the record present in a database is also a common form of SQL injection attack. Appropriate backup of the data can be used to restore the database. If no data backup i made; it will result in data loss.
- Database which uses arbitrary execution are highly prone toward SQL injection. In arbitrary execution enabled SQL server one SQL injection vector attack can initialize other attack.
Read: Blind injection in SQL
What are the conditions required to initialize SQL attack?
Only two conditions are required to initialize a SQL injection attack. One is a database which uses SQL and other is a user with controllable input. If no user is available, the controllable input of another user can be used to initialize a Sql attack. Consider a scenario of an attacker using SQL injection to extract data from database. It can be achieved by following processes.
- Pass a SQL statement without improper input. This is as simple as like providing a character when the database is expecting an integer as input.
- After recognising an error; the database will be forced to display an error statement. The error statement will provide the loopholes in the database security which may be capitalised by the attacker.
- The process of capitalising the error messages for SQL injection is called as error- based SQL injection.
- The use of UNION SQL leverage operator is a process which can be used to initiate SQL injection.
- UNION SQL leverage operator enables the user to use more than two SELECT statement. This process will force the database to return the data along with http response