What is SQL Injection?
By Prempal Singh
Introduction of SQL
- SQL stands for Structured Query Language.
- It is used to exchange information with Database like create/update/delete.
- Standard Language for Relational Database Management System according to ANSI (American National Standards Institute).
- Used to perform task with database like create/delete/update/rename database and tables.
- In a database data is stored in table (Rows and Columns) form.
Introduction of SQL Injection
- A SQL injection is a technique to inject with SQL query via the input data from the client to the application program.
- SQL injection is based on SQL commands which inject into data, input in order to affect the setup predefined SQL instructions.
- A successful SQL injections exploit get access to data from the databases, modify database data (Insert/Update/Delete), execute administration functions on the database (such as shutdown the DBMS), restore the information of a given file present on the DBMS file-system and sometimes issues commands to the operating system.
Description of SQL Injection
SQL injection errors occurs when:
- Data entered in program from untrusted source.
- The information used to effectively construct a SQL query.
The primary consequences are:
- Authentication: In case of poor SQL commands are being used to check username and password, it could be possible to get access to bypass administrator login with no previous knowledge of the password.
- Confidentiality: SQL database contains vital data. Through SQL injection vulnerability loss of confidentiality.
- Authorization: In authorization, information is kept in a SQL data source, it could be possible to change this information through the successful exploitation of SQL Injection
- Integrity: Simply as it could be possible to access(read/write) sensitive information. Through SQL injection vulnerability possible to delete or erase all SQL Database.
Types of SQL Injection
- In-band SQLi (Classic SQLi)
It is most Common and easy to exploit database. It occurs when an attacker use same communication channel to perform attack and get result. Most common types are In-band SQL Injection, Union Based SQLiand Error based SQLi.- Union Based SQLi
It is performed with UNION SQL operator for combine result to two or more SELECT statements and it returns as HTTP response. - Error Based SQLi
It is performed when database reply as error message and contains information about the database structure. This is single vulnerability able to access complete database.
- Union Based SQLi
- Inferential SQLi (Blind SQLi)
It is dangerous as any other type of SQL Injection. Attacker not able to see result which transferred via web application so that’s called Blind SQL Injection. Attacker can construct again all database structure by sending payloads. Most common types Inferential SQLi (Blind SQLi) are Time Based Blind SQLiand Boolean Based(Content-Based) Blind SQLi.- Time Based Blind SQLi
In this attack, attacker send SQL queries to the database which strongly forces to database to wait for some specific timing before response of database. This response time shows to attacker whether result of query is TRUE or FALSE. - Boolean Based (Content-Based) Blind SQLi
It is almost similar to time based blind SQLi, the difference is when attacker send SQL queries to the database and force application to return result which depends, whether query result TRUE or FALSE. This is allowed to attacker to send payloads to check HTTP response are true or false.
- Time Based Blind SQLi
Defense Against SQL Injection
- Must be constrain and sanitize input data every time
- Administrator must use safe-type SQL parameters for data access
- Avoid disclose SQL database error
- Use parameter with dynamic SQL
- Use parameter with stored procedure
- Handle to escape special input characters