What is SQL Injection?
It is a process of injecting SQL commands to retrieve data from the database that are not normally able to retrieve, it basically consist of SQL query that are injected via the input data from the client to application. This might include data belonging to other users. SQL injection can exploit sensitive data from database, modify and moreover can delete the database.
Detection
SQL Injection attack can be detected by many ways some of which are listed below:
To check if sites accept SQL -
Condition: password is known.
Username: (your username)
Password: Your password' and 1=1#
Condition: password is unknown.
Username: admin
Password: [any alphabet]' OR 1=1#
Input: 'UNION SELECT username, password FROM users--
Example: SELECT * FROM users WHERE username = 'aditya' and password = 'agarwal'
Now subverting
SELECT * FROM users WHERE username = 'Administrator'--' AND password = ' '
Types of SQL Injection
1) In-Band SQL Injection
In this type of SQL Injection attack the attacker can both launch the attack and collect result through same channel.
- Error Based: It obtain information about data structure from error messages issued by database servers.
- Union-based: It use 'UNION' SQL operator to aggreate the result of two or more SELECT queries into single result.
- Boolean Based Blind SQL: It basically tells 'TRUE' or 'False'. If error occurs then the site is vulnerable to SQL if not then site is safe from this vulnerability.
- Time Based Blind SQL: In this type of attack the attacket sets the time bound, if in that particular time the response comes then it is vulnerable to SQL Injection.
No comments:
Post a Comment