What is Sql injection:
Structured query language is also known as SQL is used for handling database with front-end. It mainly handles databases like Microsoft SQL server, Oracle or MySQL. The working principle of SQL is same for all databases, where there are some minute changes in each database.
The database is mainly used for backend functionality. i.e. many web applications operate with combination of databases. In web applications user-supplied data is often used to dynamically build SQL statements that interact directly with a database.
What is SQL injection Attack?
SQL injection attack is like attack that is aimed at subverting the original intent of the application by submitting attacker-supplied SQL statements directly to the backend database. Successful attack on database is also depends on web application structure or its architechture. The possible security ramifications range from authentication bypass to information disclosure to enabling the distribution of malicious code to application users.
The working of sql injection is based on altering the sql statements that are used in backend process. Improper validations and non-structured sql statement are giving chance to sql injections. The SQL injection attack is recognized as potentially number one hazardous attack stated by Open Web Application Security Project (OWASP).
SQL injection attacks are described in following categories.
• Information Disclosure: This attack allows an attacker to obtain, either directly or indirectly, sensitive information in a database.
• Compromised Data Integrity: This technique has been demonstrated via the attacks that are described in Mass exploits with SQL Injection at the SANS Internet Storm Center.
This attack involves the alteration of the contents of a database. An attacker could use this attack to deface a web page or more likely to insert malicious content into otherwise innocuous web pages.
• Authentication Bypass: This attack allows an attacker to log on to an application, potentially with administrative privileges, without supplying a valid username and password.
How it works:
# Define POST variables
uname = request.POST['username']
passwd = request.POST['password']
# SQL query vulnerable to SQLi sql = “SELECT id FROM users WHERE username=’” + uname + “’ AND password=’” + passwd + “’”
# Execute the SQL statement database.execute(sql)
The above example shows authentication of user from table users. The above code is able to SQL injection because input can be provided such that it can alter SQL statement being executed by the database server.
A simple example of an SQL Injection payload could be something as simple as setting the password field to password’ OR 1=1.
This would result in the following SQL query being run against the database server.
SELECT id FROM users WHERE username=’username’ AND password=’password’ OR 1=1’