Security Measures From www.hackthissite.com

SQL injection

BY

Raghav Singh Chauhan
Ishan Pandita
Aankeet Swain

Index

1. Definition
2. In Depth explanation
3. SQL Injection: A Simple Example
4. EXAMPLE OF SQL INJECTION WIth CODE
5. SQL Prevention

Definition

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution.

In Depth explanation

Many web developers are unaware of how SQL queries can be tampered with, and assume that an SQL query is a trusted command. It means that SQL queries are able to circumvent access controls, thereby bypassing standard authentication and authorization checks, and sometimes SQL queries even may allow access to host operating system level commands.

Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data, or to override valuable ones, or even to execute dangerous system level commands on the database host. This is accomplished by the application taking user input and combining it with static parameters to build an SQL query.

SQL Injection: A Simple Example

Take a simple login page where a legitimate user would enter his username and password combination to enter a secure area to view his personal details or upload his comments in a forum.

When the legitimate user submits his details, an SQL query is generated from these details and submitted to the database for verification. If valid, the user is allowed access. In other words, the web application that controls the login page will communicate with the database through a series of planned commands so as to verify the username and password combination. On verification, the legitimate user is granted appropriate access.

Through SQL Injection, the hacker may input specifically crafted SQL commands with the intent of bypassing the login form barrier and seeing what lies behind it. This is only possible if the inputs are not properly sanitised (i.e., made invulnerable) and sent directly with the SQL query to the database. SQL Injection vulnerabilities provide the means for a hacker to communicate directly to the database.

The technologies vulnerable to this attack are dynamic script languages including ASP, ASP.NET, PHP, JSP, and CGI. All an attacker needs to perform an SQL Injection hacking attack is a web browser, knowledge of SQL queries and creative guess work to important table and field names. The sheer simplicity of SQL Injection has fuelled its popularity.

EXAMPLE OF SQL INJECTION WIth CODE

Types of SQL injection are many and varied. Here we consider the simplest form of SQL injection which can be used to hack into databases. The souce code of the program that matches usernames and passwords may look something like this:

Select * from users_list_table
WHERE username=?FIELD_USERNAME?
AND password=?FIELD_PASSWORD'**

The most common form of SQL injection is perhaps the 'x'='x' or the '1'='1' form. This method takes advantage of the fact that in any progaramming language 'x'='x' is always true. If the username entered by the user is of the form 1' or '1'='1 . After considering the quotes already present the progarm compiler reads it as username='1' or '1'='1'. Since the statement is always true, the entire statement is executed without requiring a password. This way any hacker can access and modify the database with only a rudimentary understanding of the progrogamming language. SQL injection isn't just limited to accessing account details. SQL commands include SELECT, INSERT, DELETE and DROP. DROP is as ominous as it sounds and in fact will eliminate the table with a particular name.

SQL Prevention

Just like the methods of SQL injection, the methods of prevention of attack are many and varied. It is easy to prevent the type of SQL injection shown in the above example. For prevention of injections of above category, we generally add an extra line of code which prevents user from typing any special characters other than @ and underscore. This prevents many kinds of SQL injection as many of its attacks require the user to enter special characters which proceed to form a part of the code of the source program, inviting attacks on its database.

For the working of SQL Injection You can refer to the following video link on youtube :
https://www.youtube.com/watch?v=C-EiLkwYXG8

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License