DEV Community

Chamarthi Rahul
Chamarthi Rahul

Posted on

SQL-Injections

SQL injection is another approach used by attackers whereby they are able to insert a malicious SQL code in to the database query through input fields. This leads to unauthorized access, data modification or even control of the database in question.

Common Methods with Examples:

Tautology Attack:
Example: Just like you enter your username and password to perform the login on any website. The application might run a query like:The application might run a query like:

Query: GET all data from the users table WHERE the username equates the value of ‘admin’ AND the password equates to a ‘password’. 
Enter fullscreen mode Exit fullscreen mode

An attacker could input the following into the password field:An attacker could input the following into the password field:

' OR '1'='1 
Enter fullscreen mode Exit fullscreen mode

The query becomes:

SELECT * FROM users WHERE username = ‘admin’ AND password = ” OR ‘1’=’1’; 
Enter fullscreen mode Exit fullscreen mode

This query is always true and will thus allow an attacker to gain access to many different systems.

  1. Union-based Attack:
  2. Example: An example of an input the attacker might enter would be:
 ’ UNION SELECT username, password FROM users 
Enter fullscreen mode Exit fullscreen mode

If the original query was:If the original query was:

These statements tests a basic SELECT query with includes the columns name and email and filters the contacts table by the ID which is value of 1.
Enter fullscreen mode Exit fullscreen mode

It now becomes:

Query where I will like to obtain the contacts name and email from the contact table with ID ‘1’ while at the same time extracting the user name and password from the user table is:
Enter fullscreen mode Exit fullscreen mode

This could disclose information regarding the users table, which could be sensitive at times.

Error-based Attack:
Example: An attacker may enter:

SELECT * FROM [Table_1] WHERE price_per_dose < ‘$500<50’ AND 1=CONVERT(int, (SELECT @@version))
Enter fullscreen mode Exit fullscreen mode

This might compel the database to return an error that indicates to the attacker the specific SQL server version, in which the attacker could plan for other operations.

Blind SQL Injection:
Example: An attacker could enter, for example, to check whether a condition is true or false:

’ OR id = ‘ ‘ AND (SELECT CASE WHEN (username = ‘admin’) THEN 1 ELSE 0 END) = 1 — 
Enter fullscreen mode Exit fullscreen mode

If the application reacts in any way different when this input is employed, the attacker knows that the username ‘admin’ is predefined.

Top comments (0)