Difference between revisions of "SQL Injection"
FElghamrawi (talk | contribs) (Created page with "== Summary == SQL Injection is a vulnerability, which can be found in applications, especially web applications. According to a study conducted in 2019 by OWASP, SQL injecti...") |
FElghamrawi (talk | contribs) |
||
| Line 6: | Line 6: | ||
SQL injections are basically possible if SQL queries in the application deliver results based on user input. The user input is processed directly by the SQL interpreter without changes or validation. In this case, the database cannot distinguish between malicious or good entries. | SQL injections are basically possible if SQL queries in the application deliver results based on user input. The user input is processed directly by the SQL interpreter without changes or validation. In this case, the database cannot distinguish between malicious or good entries. | ||
An attack could look like this: | An attack could look like this: | ||
=== Step 1 === | === Step 1 === | ||
In the business logic of the application, a query is used to retrieve the data of an user based on username and password. The username and password are filled in by the user via a web form. The input goes directly into the query. | |||
SELECT * FROM Users WHERE name ='userName' and password='password' | SELECT * FROM Users WHERE name ='userName' and password='password' | ||
=== Step 2 === | === Step 2 === | ||
Suppose the attacker gives admin as the username and ' or '1' = '1' as a password. That results in the following query that will be evaluated by the database: | |||
SELECT * FROM Users WHERE name ='admin' and password='' or '1'='1' | |||
* | |||
== Used Hardware == | == Used Hardware == | ||
Revision as of 20:49, 30 January 2020
Summary
SQL Injection is a vulnerability, which can be found in applications, especially web applications. According to a study conducted in 2019 by OWASP, SQL injections count to the most common way for attackers to fetch sensitive data from a database. SQL injections are simply possible if SQL queries in the application provide results based on user input, while the user input is processed directly in the SQL query.
Functionality
SQL injections are basically possible if SQL queries in the application deliver results based on user input. The user input is processed directly by the SQL interpreter without changes or validation. In this case, the database cannot distinguish between malicious or good entries.
An attack could look like this:
Step 1
In the business logic of the application, a query is used to retrieve the data of an user based on username and password. The username and password are filled in by the user via a web form. The input goes directly into the query.
SELECT * FROM Users WHERE name ='userName' and password='password'
Step 2
Suppose the attacker gives admin as the username and ' or '1' = '1' as a password. That results in the following query that will be evaluated by the database:
SELECT * FROM Users WHERE name ='admin' and password= or '1'='1'
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)