Open In App

SQL Injection

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Share
Report issue
Report

SQL injection is a technique used to extract user data by injecting web page inputs as statements through SQL commands. Basically, malicious users can use these instructions to manipulate the application’s web server.

  1. SQL injection is a code injection technique that can compromise your database.
  2. SQL injection is one of the most common web hacking techniques.
  3. SQL injection is the injection of malicious code into SQL statements via web page input.

Sql injection

The Exploitation of SQL Injection in Web Applications 

Web servers communicate with database servers anytime they need to retrieve or store user data. SQL statements by the attacker are designed so that they can be executed while the web server is fetching content from the application server. It compromises the security of a web application. 

Example of SQL Injection

Suppose we have an application based on student records. Any student can view only his or her own records by entering a unique and private student ID. 

Suppose we have a field like the one below: 

Student id: The student enters the following in the input field: 12222345 or 1=1

Query:

SELECT * from STUDENT where 
STUDENT-ID == 12222345 or 1 = 1


Now, this 1=1 will return all records for which this holds true. So basically, all the student data is compromised. Now the malicious user can also delete the student records in a similar fashion. Consider the following SQL query.

Query:

SELECT * from USER where 
USERNAME = “” and PASSWORD=”” 


Now the malicious can use the ‘=’ operator in a clever manner to retrieve private and secure user information. So instead of the above-mentioned query the following query when executed retrieves protected data, not intended to be shown to users.

Query:

Select * from User where 
(Username = “” or 1=1) AND 
(Password=”” or 1=1).


Since 1=1 always holds true, user data is compromised. 

Impact of SQL Injection

The hacker can retrieve all the user data present in the database such as user details, credit card information, and social security numbers, and can also gain access to protected areas like the administrator portal. It is also possible to delete user data from the tables. 

Nowadays, all online shopping applications and bank transactions use back-end database servers. So in case the hacker is able to exploit SQL injection, the entire server is compromised. 

Preventing SQL Injection

  • User Authentication: Validating input from the user by pre-defining length, type of input, of the input field and authenticating the user.
  • Restricting access privileges of users and defining how much amount of data any outsider can access from the database. Basically, users should not be granted permission to access everything in the database.
  • Do not use system administrator accounts. 

For more details, you can refer to How to Protect Against SQL Injection Attacks? article. 

SQL in Web Pages

SQL injection typically occurs when you ask a user for input, such as their username/user ID, instead of their name/ID, and the user gives you an SQL statement that you execute without the knowledge about your database.

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users
WHERE UserId = " + txtUserId;


SQL Injection Based on Batched SQL Statements 

  1. Most databases guide batch SQL  statements.
  2. A batch of SQL statements is a collection of two or more square statements separated by using semicolons.

The SQL  declaration underneath will return all rows from the “users” desk after which delete the “Employees ” table.

Query: 

SELECT * FROM Users; 
DROP TABLE Employees


Look at the following example:

Syntax:

txtEmpId = getRequestString("EmpId");
txtSQL = "SELECT * FROM Users 
WHERE EmpId = " + txtEmpId;


The valid SQL statement would look like this:

Query:

SELECT * FROM Users WHERE EmpId = 116; 
DROP TABLE Employees;


Usefull Links

Difference between Natural join and Cross join in SQL

Self Join and Cross Join in MS SQL Server

Difference between Natural join and Inner Join in SQL

Difference between Inner Join and Outer Join in SQL

SQL Injection – FAQs

1. What is SQL injection?

SQL injection is a technique used to extract user data by injecting web page inputs as statements through SQL commands. It allows malicious users to manipulate a web application’s web server by injecting malicious code into SQL statements via web page inputs.

2. How common is SQL injection as a hacking technique?

SQL injection is one of the most common web hacking techniques, posing a significant threat to web applications and databases.

3. How does SQL injection exploit web applications?

Web servers communicate with database servers to retrieve or store user data. Attackers craft SQL statements that can execute while the web server fetches content from the application server, compromising the security of the web application.

4. Can you provide an example of SQL injection?

Certainly. Let’s say there’s an application for student records. An attacker enters “12222345 or 1=1” into a student ID field, which modifies the SQL query to retrieve all student records. This compromises all student data. Similar manipulations can delete records or gain unauthorized access to data.

5. What are the impacts of SQL injection?

The impact can be severe. Attackers can retrieve user data such as details, credit card information, and social security numbers, as well as access protected areas like administrator portals. It’s also possible to delete user data. If successful, the entire server can be compromised.

6. How can SQL injection be prevented?

To prevent SQL injection, you should:

  • Use user authentication to validate input and define input field characteristics.
  • Restrict user access privileges to limit database access.
  • Avoid using system administrator accounts.
  • For more details, refer to the “How to Protect Against SQL Injection Attacks?” article.

7. When does SQL injection typically occur in web applications?

SQL injection typically occurs when a user provides input like a username or user ID, and the application executes it as an SQL statement without proper validation or knowledge of the database structure.



Last Updated : 18 Dec, 2023
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads