Skip to main content

SQL Injection


If we take a stand alone software or a web base application or a web site the thing that is functioning behind them is the database. These databases are running in the database servers such as My SQL, oracle, Microsoft SQL server, etc. To operate the database the developer/designers/administrators are using SQL (Structured Query Language). Databases running for the organizations/systems having the main resources such as user details, transaction details, administrator details, etc. As general in hacking the first step is to collect the resources to identify the vulnerability of the system. This SQL injection helps the hacker/intruders to directly target the system database to collect the resources. Example, if the hacker can access the user login table in the organization/system database he can get their passwords and email accounts too.

Lets see how SQL Injection working?
SQL Injection is a normal SQL query. Attackers typing that query to bypass the authentication. In simple way we can say, the SQL Injections is the attack by injecting the code/query in the place where the field is directly interacting with the database. SQL Injections are specially make use of the login method to bypass the system. Lets see how the login is helping to inject the malicious query code.
When we are having a user login/administrator login for a system, we have need to ask for their username and password. After designed the interface we are redirection the string values entered by the client/user to the back end of the system to check whether the entered username and password is correct. To check the validity we have need to check the values from the database of the system. This is the place which is directly talks to the database. As I have already said, this is the vulnerability for the hackers to make use of it. The back end code is as follows.

Sample Code - 1:
Uname=textBox1.Text; //John-sample username
Upassword=textBox2.Text; //abc123-sample password
query= 'SELECT * FROM User WHERE name=“ ' + Uname + ' ” AND password=“ ' + Upassword + ' ” ' ;

Result - 1:
SELECT * FROM User WHERE name= “John” AND password= “abc123

This code is the vulnerable code for the hackers to enter into the database. Because by using some basic Boolean method we can change the entire code. Example 1=1 is always true. Lets try that on the code.

Sample Code – 2:
Uname=textBox1.Text; // 000” OR “1”= “1 - as username
Upassword=textBox2.Text; // ” OR “”= “ - as password

Result - 2:
SELECT * FROM User WHERE name = “000” OR “1”= “1” AND password= “” OR “”= “

Note:
  1. In SQL query single quotation /double quotation  will automatically create for the string values. So we have need to have an attention on that.
  2. "" = "" is always True.

From those 2 results you can identify the weakness/vulnerability in the login SQL query and this is known as the SQL Injection. There are some SQL Injection cheat sheets available on the Internet and from them you can find the some other codes which can be use inside the place which is directly interacting/talking with the database.

Example:
Sample Code – 3:
Uname=textBox1.Text; // 105”; DROP TABLE Login; # - as username

Result – 3:
SELECT * FROM User WHERE name= “105”; DROP TABLE Login; #

Note: Here "#" means comments in SQL. The reason for using that is here to omit the closing double quotation of the query, because we wrote an extra query to drop a table (use semicolon to write more than one SQL query). If we use comment sing there, the things after that will not be executed. Comments vary/differ according to the versions and servers. 
Example "--" or "/* */" or "//"can be use there 

I think you can under stand what is happening here. By this code you can delete the “Login” table of the system. Because this query is directly executed by the database.

But to do those kinds of injections you have need to know the correct table name and the correct database name of the system. For that you have to use some tools/own codes to get the content of the database. If you have interested just click here to know, how to know the DB name and that content. But don't do beyond that because knowing the vulnerability is only the task of ethical hacking. If you go beyond to that limit you are a criminal. So be aware yourself.

Up to now we have seen only a type of the SQL Injection attack (authentication bypass) but there are few more type of attacks such as  information disclosure, compromised data integrity, compromised availability of data and remote command execution.

 So, this SQL Injection is a threat for the software developers and for the system administrators to prevent their system from this attack (parameter SQL query will protect authentication bypass).  For the hackers this SQL Injection method is a easiest method to learn and to hack a system. So hackers make use of it. 

©IT Today

Comments

Post a Comment

Popular posts from this blog

What is Google Hacking?

As an ethical hacker we have need to follow some general steps to be a good ethical hacker. Such that steps/stages can be listed as follows. But these steps are not a defined one. We can change them according to our needs. 1    . Reconnaissance – Gathering the information which are having the security vulnerability. 2   . Scanning - Examine/explore a target machine/network for the vulnerability that can be make use to go inside. 3    .Gaining Access – After scanning process make use of the vulnerability and attempt to move inside to the system to exploit. 4    . Maintaining Access – After moved into the machine/network hacker needs to make some backdoor to gain the access again. 5    . Clearing Tracks (unethical) – Clearing the traces of all the activities what they done in their hacking process. 6    . Reporting – End of the ethical hacking process in order to make some notes on the findings, things done in the hacking...
Post a Comment
Read more

1st Program in Maven @ Ubuntu

Maven What is Maven? It is a Build tool – building a code in a development environment Project management tool – it helps to generate reports, helps in the dependency management, etc. Maven as a Build tool. Why we are using Maven? To reduce the common problems and activities which are needed, when we are developing applications. 1. Multiple jars – Program may contain one/many frameworks and frameworks are need to include it all the required “jar”. “jar” are need to available in compile time, need to bundle them in the distribution. (We can miss something/ we don’t know what is jar?) 2. Dependencies and versions – a jar can depend on another jar, so we have need to make sure that all my dependencies are closed and make sure that I have supplied all the dependencies. Dependencies could differ bases on the versions. 3. Project structure – Proper structure for the application. (E.g. Directories, libraries , etc.) 4. Building, publis...
Post a Comment
Read more

'OpenID Connect' Client App Creation on Auth0

If we are going to use OIDC (OpenID Connect), we have need to know the definitions of OAuth and OIDC. Because OAuth is for authorization and OIDC is on top of OAuth to provide authentication. So, OIDC is providing authorization and authentication.   What is OAuth? The OAuth 2.0 authorization framework enables third-party applications to obtain limited access to a web service. [To see more on OAuth itwithcs.blogspot.com: Click here ] What is OpenID Connect? OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner. It uses simple JSON Web Tokens (JWT), which you can obtain using flows conforming to the OAuth 2.0 specifications. What are Identity Servers? Identity server are the core part of any identity and access control i...
Post a Comment
Read more