Andrew M
Posted on September 25, 2020
I chose to connect SQL to the Web through option 2, a more SRA/ security-based approach
SQL Injection is one of the most common web hacking techniques (w3schools.com). In cases where SQL databases are queried by site visitors, these injections pose a big threat to the database. SQL injections allow a user to send malicious code to a database by inserting a SQL command into a web input field. Without proper defense against them, websites can be left vulnerable, and massive data leaks can occur as a result.
Below, I take a look at some of the most common SQL injection
1=1
One of the most common approaches to SQL injection is the 1=1 method. This is often used to gain unauthorized access to a user account. In this case, a false password is entered into the password field, followed by a quote mark and OR 1=1--
This allows the unauthorized user to bypass the password field of the login page, because the database reads that it is supposed to allow a login WHERE Password = ... OR 1=1
Because 1=1 is always true, the user will be allowed in and the rest of the line is commented out.
Batched Statements
Another common SQL Injection is the batched statement. These injections finish a legitimate statement with a semicolon ; before executing their malicious statement. For example, if a user enters details into a search box, and the search is selecting some information where a condition is true, after giving the parameter, a user can insert their malicious code.
Exploitation through URL
Lastly, if a user can see part of an SQL query via the URL for example http://widgetshop.com/widget/?id=1
, they are able to understand how the query is formed in order to change manipulate the URL and create malicious queries. In this case, the user can easily append additional SQL statements to the end of the query for example ...OR 1=1
and see more data than intended.
Solutions
Clearly, using user input to craft SQL Queries is a big vulnerability. Thus, finding a way to protect your database from malicious requests is essential to maintaining data security. In order to avoid malicious input to your site, you need to use one (or many) abstractions so that only valid input is accepted into the SQL command.
One abstraction that can be used to solve this issue is to parameterize the SQL statements outbound for the database so that they are treated properly. In order to do this, the SQL statement string and its associated input parameters are passed to the database separately which allows the database to properly interpret the command. Each parameter has a defined variable type, so the input is sanitized. This is opposed to the full SQL command being constructed on the front end of the website, making it vulnerable to malicious parameters.
To see how these SQL injections can be used for malicious purposes, check out the video below.
Posted on September 25, 2020
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.