SQL Injection
History of SQL Injection
Jeff Forristal was discovered first-ever document SQL injection in 1998. J.Forristal was known as Rain Forrest Puppy in those days. When the growth of the internet, the need for more advanced, secured and dynamic websites grew because early days there were no JavaScript, no CSS. This case led to the development of CGI and server-side scripting languages like ASP, JSP, and PHP.
Step by step websites changed and user inputs and site content stored in databases. Every popular server-side scripting language added support for SQL databases. However, hackers discovered new attack vectors, patterns and they came through the websites.
Jeff Forristal who discovered the first document SQL Injection in 1998. Now CTO of mobile security vendor Bluebox Security.
What is SQL Injection
SQL Injection is a code injection technique used to execute malicious SQL statements. This is one of the most common and dangerous attacks which can lose data confidentiality and integrity in computer systems.
SQL Injection vulnerability explanation
SQL Injection vulnerability allows an attacker to inject malicious input into an SQL statement. The attacker manipulates the SQL query and this malicious query or input send to the database. Within the database this malicious query executes, and the result will return.
$statement = “SELECT * FROM users WHERE username = ‘user’ AND password = ‘user@123’”;
The above SQL statement receives all user details from the user table for a given username and password.
A website user can able to change the values of the variable for username ( ‘$user’ ) and variable for password (‘$password’ )
For example a login form or register form
$statement = “SELECT * FROM users WHERE username = ‘$user’ AND password = ‘$password’”;
If the developer did not sanitize the input fields then, the attacker can easily insert special SQL statements with special characters. The -- character attacker entered caused the database to ignore the rest of the SQL statement, allowing attacker to be authenticated without having to supply the real password. The Quote ( ’ ) is inserted directly into the SQL string and terminates the query easily.
Think attacker inject following SQL command.
$statement = “SELECT * FROM users WHERE username = ‘admin’; -- ’ AND password = ‘anything’ ”; = ‘anything’ ”;
Types of SQL Injection
- Error-Based SQL Injection
- Boolean-Based SQL Injection
- Time-Based SQL Injection
- Out-of-Band SQL Injection
Impacts of SQL Injection Vulnerability
By exploiting the database an SQL Injection, attacker can,
· Read source code from files on the database server
· Add, delete, edit or read content in the database
· Append the files in the database
· Write files to the database server
It might lead to heavy damage or takeover of the database and web server.
Steps to prevent SQL Injection Vulnerabilities
1. Input validation and parameterized queries including prepared statements – The whole application code should never use the input directly. The developer must sanitize all input fields.
2. Turn off the visibility of database errors on your production sites.
Real-world examples
In 2007, Albert Gonzalez uploaded his packet sniffing malware into ATM systems and captured between 130 and 160 million credit card and debit card numbers. Albert Gonzalez is an American computer hacker and computer criminal who was representing many anonymous identities such as stanozolol, UIN 476747, king chili, cumbajohny and many more as well. He used SQL injection to exploit several corporate systems and launched his packet sniffing attacks. This allowed him to access databases and steal sensitive data from internal corporate networks. On March 25, 2010, Gonzalez was sentenced to 20 years in federal prison
Post a Comment
0 Comments