SQL injection consists insertion of SQL query from the client to the web application via the input data.
SQL injection is a security feat and a technique in which malicious users adds SQL code to web form input to get access to the data resources and make changes in it. SQL query is a request to perform actions on the database. These SQL injections can alter the entire database. Any malicious user can use SQL injections to attack the database and control the web application's database server to alter database or copy the whole source code from the web page. In some cases, it also issues commands to the operating system.
SQL injections can be used to edit, delete or modify the records & content of the database to affect data integrity. By taking advantage of the SQL injection an attacker can use it to retrieve the whole content, information and authentication mechanism of the web application's entire database.
How SQL injections work
An attacker needs to find an input that includes SQL queries within the web application to run vicious SQL queries adjacent to the database server. In order, for an SQL injection to take place the website need to directly include user input within SQL statement.
An attacker can insert SQL injection in such a way, from the username and password database input that would alter the SQL statements being executed by the SQL database server. Once the query is executed the result will be processed. An attacker can then insert a payload in SQL query and run opposite to the database server. The pseudo code to authenticate the user from server side:
# Define POST variables uname = request.POST['username'] passwd = request.POST['password'] # SQL query vulnerable to SQLi sql = "SELECT id FROM users WHERE username='" + uname + "' AND password='" + passwd + "'" # Execute the SQL statement database.execute(sql)"
SELECT id FROM users WHERE username='username' AND password='password' OR 1=1'
The code is the simple example to insert the username and password in the username table database. An attacker can control over the rest of SQL query database execution.
Platform that can be affected from SQL injections
- SQL language
- Any platform that supports SQL.
What's the worst an attacker can do
SQL, a programming language designed for managing data stored in an RDBMS. It is used to access, delete, modify the database. It could run commands on the operating systems. As mention above, you can have the assumption that how advantageous SQL injection attack can be for the attacker.
- An attacker can bypass authentication, destroy the database, pretend to be like or impersonate the user.
- SQL functions to select the database to generate the queries like add, delete and modify the database and execute them to get the output. An SQL injection allows the disclosure of whole data resides in the database.
- It is used to delete the data from the database or destroy the whole data.
- It is also used to alter the information within the database.
- It can give commands to control the operating system issues. Etc.