Header Ads

SQL Injection

What is SQL Injection?

A SQL Injection attacks consists of insertion or "injection" of a SQL query via the input data from the client to the application.

How SQL Injection attacks?

=>SQL injection is frequently used to bypass authentication mechanisms.Attackers can gain access to other information systems and can access other user details.

=>Read unauthorized information from the database.

=>Grab username and password from user defined table.

=>Modify database data like Insert/Update/data.

=>Execute administration operations on the database.

=>Recover the content of a given file present on the DBMS file system.

=>Issue commands to the operating system.

Consider below this SQL query for authenticating a user to a web application.

SELECT * FROM users WHERE username ='navas' AND password ='123'

Suppose the hacker enters the username as OR 1=1-- the SQL query becomes

SQL_injection

Because the double hyphens character is interpreted as the beginning of a comment by the SQL server everything after'--'is

Since 1-1 is always true the authentication mechanism will be bypassed and the application will let the hacker in

How to prevent SQL Injection:

=>Use stored procedures for interacting with database

=>Call stored procedures through a parameterized API

=>Validate all input through generic routines

=>Use the principle of "least privilege"

=>Define several roles,one for each kind of query

No comments:

Powered by Blogger.