DEV Community

Golam_Mostafa
Golam_Mostafa

Posted on

1

SQL Injection (SQLi)

SQL Injection (SQLi) is a trick used by hackers to mess with websites. They add fake input into forms or URLs to access or steal data from a website's database.


How to Spot SQL Injection

  1. Single Quotes (''): Enter a single quote (') in a form or URL. If you see an error, the website might be vulnerable.
  2. Always True Condition: Try entering OR 1=1 (always true) or OR 1=2 (always false) and see if the site behaves differently.
  3. Delays: Use commands like SLEEP(5) to see if the page takes longer to load.
  4. External Calls: Test if your input makes the site connect to another server.

Example: Finding Hidden Items

For example:

https://example.com/products?category=Gifts
Enter fullscreen mode Exit fullscreen mode

The site might use this command to get the products:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

This hides unreleased items (released = 1 shows only ready products).

What Hackers Do:

They can change the URL to:

https://example.com/products?category=Gifts'--
Enter fullscreen mode Exit fullscreen mode

This changes the database query to:

SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

The -- ignores the rest of the query, showing all products, even hidden ones.


Example: Show Everything

Hackers can show all items, even unknown categories, by using:

https://example.com/products?category=Gifts'+OR+1=1--
Enter fullscreen mode Exit fullscreen mode

This creates a query like:

SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

Since 1=1 is always true, the database returns everything.


Example: Hacking a Login

Think of a login form that checks username and password. Normally, it might do this:

SELECT * FROM users WHERE username = 'user' AND password = 'pass';
Enter fullscreen mode Exit fullscreen mode

A hacker can enter this as the username:

user' OR '1'='1
Enter fullscreen mode Exit fullscreen mode

The query becomes:

SELECT * FROM users WHERE username = 'user' OR '1'='1' AND password = 'pass';
Enter fullscreen mode Exit fullscreen mode

Since 1=1 is always true, the hacker logs in without a password.


Be Careful

Testing SQLi is risky. Commands like OR 1=1 might delete or change important data if misused. Always handle websites and data responsibly.


To stay safe, websites must properly check user inputs and use secure coding practices.


Acknowledgment: This document references information from PortSwigger Web Security and ChatGPT.


Image of Datadog

The Essential Toolkit for Front-end Developers

Take a user-centric approach to front-end monitoring that evolves alongside increasingly complex frameworks and single-page applications.

Get The Kit

Top comments (0)

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay