What are Injection attacks : SQL Injection over MySQL

What is SQL Injection?

sqlinjection
SQL Injection is an injection attack wherein an attacker can execute malicious SQL statements that control a web application’s database server. Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of an SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities. SQL Injection can also be used to add, modify and delete records in a database, affecting data integrity. SQL Injection can provide an attacker with unauthorized access to sensitive data including, customer data, personally identifiable information (PII), trade secrets, intellectual property and other sensitive information.

Types of SQL Injection Attacks

  • Code injection:- Adding more SQL statements to an SQL statement in an attempt to obtain access rights or some sensitive information is termed as code injection. This is type of SQL injection attack take advantage of some kind of bug that appears in the computer system due to invalid data processing.
  • Function call injection:- In this attacker inserts a call. The attacker may also get permission for making system calls through function call injection.
  • SQL Manipulation:- If an application directly passes login credentials database, its prone to an SQL injection attack through SQL manipulation for e.g. We can take addition of a certain condition to the WHERE CLAUSE in an SQL query. This may skip the authentication procedure, and thus may give access to all activities that user can perform.

SQL Injection Implementation

Lets see how SQL Injection is performed  with following example
Consider following SQL Statement
$username=$_POST["username"];
statement = "SELECT * FROM users WHERE name = '" + $userName + "';"
In above Statement user input is not filtered for escape characters and it directly passed into an SQL statement. This SQL statement display records of specified username from users table. However if usename variable is crafted in a specific way by an attacker, the SQL statement may do more than the code author intended.
For Example
If usename is set as $username=' OR '1'='1 then the Above SQL statement become
SELECT * FROM users WHERE name = '' OR '1'='1';
If  this SQL statement is used in authentication procedure then it will return data of every users rather than one specific user as code intended because '1'='1' is always true.

Preventing SQL Injection

Above example is Incorrectly filtered escape characters SQL Injection attack. We can handle all escape characters smartly in scripting languages. The MySQL provides the function called mysql_real_escape_string() to escape input characters that are special MySQL Keywords
$username = mysql_real_escape_string($_POST['username']);  
statement = "SELECT * FROM users WHERE name = '" + $userName + "';"

There are other functions for many database types in PHP such as pg_escape_string() for PostgreSQL. The function addslashes(string $str) works for escaping characters, and is used especially for querying on databases that do not have escaping functions in PHP. It returns a string with backslashes before characters that need to be quoted in database queries, etc.

Risk associated with SQL injection attacks

Privilege Escalation performance:- A malicious person can take advantage of the flaws pre
sent in a database by upgrading the access levels of an individual who is not authorised for higher level roles.
Remote commands execution:- SQL injection attacks can be used to execute commands remoter the attackers may execute arbitrary commands on a database.
Authentication bypass:- manipulation of SQL statements may result in by passing the authentication process thereby providing the attacker with access to database.
Database Fingerprint:- Determining the type of database being used at backend may help attacker in quenching database specific attacks through SQL injection, the attackers may determine database that an organization user.
Denial of services in an SQL injection attack, the database service can be flooded with requested by attacker. There’re, it would state rejecting the requests of segments users.

Want to Learn Database Programming?

Location: Mumbai, Maharashtra, India

Comments

Post a Comment

Popular posts from this blog

How E-commerce Sites can Increase Sales with Pinterest?

Image
Pinterest is basically a platform for users to visually share and discover exciting new interests by posting, or “pinning”, as it’s popularly called, videos or images to their own boards or that of others. If you’re looking to drive more traffic and sales to your e-commerce site, Pinterest is one of the social networks you must add to your marketing arsenal. People like to pin products on Pinterest and plan purchases. If used properly, your e-commerce site should be able to generate a high revenue with Pinterest. Let's see some of the best ways to harness the full potential of this social media platform: 1. Pick Your Pins Carefully Quality over quantity – that’s one rule every business owner is aware of. And if you’re planning to boost your e-commerce sales using Pinterest, this rule applies even more to you. Of course, volume is important but only to keep things consistent. Pin all your new items, engage users regularly, and keep things fresh. But, as Pinterest is an e
Keep reading

Every thing U can do with a Link-List + Programming_it_in_JaVa

Image
A linked list is a sequence of data structures, which are connected together via links. Linked List is a sequence of links which contains items. Each link contains a connection to another link. Linked list is the second most-used data structure after array.  Following are the important terms to understand the concept of Linked List: Link − Each link of a linked list can store a data called an element. Next − Each link of a linked list contains a link to the next link called Next. LinkedList − A Linked List contains the connection link to the first link called First. Linked list can be visualized as a chain of nodes, where every node points to the next node: As per the above illustration, following are the important points to be considered. Linked List contains a link element called first. Each link carries a data field(s) and a link field called next. Each link is linked with its next link using its next link. Last link carries a
Keep reading

Test Your SQL Basics - Part_1

The SQL SELECT Statement Questions 1. Determine the output of the below query SELECT '6+9'  FROM dual; A) 15 B) 6+9 C) 6 D) 9 2. At least how many clauses must be present in a SELECT statement? A) 0 (Zero) B) 1 C) 2 D) 5 3. Which of the following statement is correct? A) EVERY table expression is a part of SELECT statement B) Each SELECT statement does not consist of a table expression C) Every SELECT statement is built from a table expression D) All of the above 4. Which of the following are the optional clauses? A) SELECT and WHERE B) WHERE, GROUP BY and ORDER BY C) SELECT, WHERE and ORDER BY D) SELECT, WHERE, ORDER BY and GROUP BY 5. Which of the following is the last clause that is executed in a query? A) SELECT B) FROM C) WHERE D) GROUP BY 6. Which of the following is the correct basic syntax of SELECT clause? A) SELECT column1, column2,….columnx WHERE table_name; B) SELECT column1, column2,….columnx C) SELECT column1, column2,…columnx
Keep reading