I chose to do the second option for this lab, which takes a look at SQL injections. SQL injections are some of the most common web hacking techniques, and could lead to the destruction of your database or massive data leaks. It can work on webpages that use backend databases such as MySQL, Oracle, and MSSQL (pentest-tools.com). Here are some of examples of common SQL injections:
Error-based SQL Injection
This is one of the most common types of SQL injections. It is often performed when there is user input into a database and the hacker will input commands or an invalid input that creates an error. This error could contain details about the structure, version, OS, or query results. For example, if someone is inputting an ID to retrieve information about a person, a hacker can input a number with a single quote attached to it to force an error in the system. This error could reveal information to the hacker about the type of server and the server version that you are using in order to aid the hacker into getting access to your database.
To prevent this attack a coder should disable error messages for user input queries. These errors should be disabled at all times on a published site, or should be sent to a file with restricted access to allow for improvements, but not shown to anyone who visits the site.
Boolean-based Blind SQL Injection
This injection is used when there is a boolean query and can tell a hacker if a value is present in the database or not. Hackers use a boolean-based payload to check in the application is vulnerable. They inject a value with a single quote attached and 1=1;-- into the query. This will make the application return a different result depending on if the query returns a true or false result. Depending on the result, the content within the HTTP response will change or stay the same.
To prevent this type of attack a coder should use parameterized queries (also known as prepared statements), which make sure that user input cannot interfere with the structure of the SQL. These statements should be used whenever untrusted input appears as data through user input to prevent the exploitation of the SQL.
Union-Based SQL Injection
This injection is leverages the UNION SQL operator to combine SELECT statements that will be returned as part of the HTTP response. This injection will work as long as the individual queries have the same number of columns and the data types in each column must be compatible between the individual queries.
To prevent this type of attack a coder should also use parameterize queries. This will ensure that the UNION operator that the user inputs will not interfere with the rest of the SQL code. The coder could also perform whitelist validation to test the user input against an existing set of known, approved, and defined input.
Video
Top comments (0)