SQL Injection





SQL Injection is a way for malicious hackers to get into a SQL database and alter and/or steal information. After seeing how it is done and how commonly it has occurred I am surprised it still happens. As a matter of fact as stated by Veracode"With over 20% of all web vulnerabilities being attributed to SQL Injection, this is the 2nd most common software vulnerability."


It seems pretty easy to do, just follow the example below and try it out on some unsuspecting websites yourself! Just kidding use your knowledge for good not evil!!


If the server code is like below and requires the user to input information that will go directly into a SQL statement it allows the malicious user to manipulate it.


Shot_1

when asked for the UserName the malicious user would enter something like;


Shot_2

Then the following would be true;


Shot_3

The SQL above is correct code. Then it would return all the rows from the table Users, since WHERE 1=1 is always true. Likewise the malicious user could use any true statement 2=2, etc...


If the Users row contained names and passwords or other sensitive information then the malicious user could cause a lot of problems. As you can see it is a rather simple and ingenious way of accessing information.



Resources

w3schools.com

OWASP

PHP

acunetix

VERACODE

troyhunt.com

wikipedia

acunetix