SQL injection (SQLi)
Summary
This Document explains SQL injection, how it can be performed on a vulnerable application, different types of SQL attacks, and the presentation methods.
SQL injection
SQL injection vulnerabilities have been identified as one of the most serious risks to Web applications. This type of security threat is defined as a web application vulnerability that allows an attacker to inject SQL commands into the program, exposing all data in the database. This might happen if SQL commands and queries are used without validation or encoding in the application code. The application can run undesired instructions, change data, or intercept data using user-created data tricks, and as a result, an attacker can use SQL injection (SQLi) to create, read, update, delete, or remove data from the database.
SQLi Mechanisms
First-order injections:
when the application processes the input, causing the attacker’s injected SQL query to execute. The first-order injection is divided into 3 subcategories:
- Injection via human input
- Injection via cookies
- Injection through server variables
Second-order injections
Second-order injections involve attackers planting malicious inputs into a system or database to cause an SQLi attack when that input is used later. It occurs when user- submitted values are kept in the database and subsequently used by another application functionality without being escaped or filtered.
SQLI Attacks
Tautology
In-band SQLi
Inferential SQLi
Courses
- A course where this documentation was used (2017, 2018)
- Another one (2018)