Logicmojo - Updated Aug 28, 2021
What is SQL Injection?
SQL injection, often known as SQLI, is a typical attack vector in which malicious SQL code is used to manipulate backend databases and get access to data that was not intended to be displayed.
This data could encompass everything from sensitive company data to user lists to private consumer information.
It is a type of code injection that has the potential to completely ruin your database.One of the most frequent web hacking tactics is SQL injection.
SQL injection is when malicious code is injected into SQL statements via web page input.
When SQL injection mistakes occur?
When SQL injection mistakes occur, it's because:
π Data is entered into a programme from an unreliable source.
π The information utilised to build a SQL query dynamically.
The following are the most significant consequences:
π Confidentiality :Due to the sensitive nature of SQL databases, loss of confidentiality is a common issue when SQL Injection vulnerabilities are exploited.
π Authentication : If weak SQL statements are used to check user names and passwords, it may be able to join to a system as another user who has never seen the password before.
π Authorization : If authorization information is stored in a SQL database, effective exploitation of a SQL Injection vulnerability may allow this information to be changed.
π Integrity : Just as it is easy to read sensitive data, it is also feasible to alter or even erase it.
SQL in Webpages
SQL is frequently used to enable access to user data on the backend of commercial websites.
To link a website to a database, you can use a web framework to show SQL data on a web page, perform simple SQL queries yourself, or utilise a data visualisation tool to build charts and graphs depending on what's in the database.
When you ask a user for information, such as their username/userid, and instead of a name/id, the user provides you a SQL statement that you inadvertently run on your database,where SQL injection occurs.
Consider the following example, which adds a variable (txtUserId) to a select string to construct a SELECT query. The variable (getRequestString) is retrieved from user input:
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;SQL Injection Based on 1=1 is Always True
Letβs say we had a SQL statement.
SELECT * FROM Student WHERE key = 'something'
Now I could use a SQL injection attack on it where {something} = ββ or 1=1 or Student=ββ
We would end up with on replacement
SELECT * FROM Student WHERE key = 'something' or 1=1 or Student = ""
As a result, instead of returning a single record, it would return everything. We can also use id = someone else's id, and so on. This might also be used for an update statement or anything similar
How can SQL injection be avoided?
By taking the following measures SQL Injection can be avoided :
πBy pre-defining length, input type, and the input field, we should employ user authentication to validate user input.
π Users' access privileges are restricted, and limit the amount of data that an outsider can access from the database.
π In most cases, the user will not be granted authorization to access the entire database.
With this article at Logicmojo, you must have the complete idea of SQL Injection.