What is SQL injection?

SQL Injections are a type of injection flaw. Injection flaws are a security vulnerability that allows the user to gain access to the backend database, shell command, or operating system call if the web app takes user input.

In SQL Injection, hackers append additional information within input boxes and can create, read, update, or delete data within the database. SQL Injection is the most common type of injection attack.

widget

Common techniques

  1. The 1=1 method is used to gain unauthorized access to the user’s account. The following command can be added to access a user’s account using SQL Injection.

In the password column type:

abc' OR 1==1 --

The backend SQL command is:

 SELECT * FROM users WHERE email = \$email AND PASSWORD = sha256($password)

Here, when the user adds the value or email and password, the command becomes:

 SELECT * FROM users WHERE email = abc@j.com AND PASSWORD = sha256(abc') OR 1==1 -- )

Since the above command contains 1==1, which is always true, the system grants access to the email abc@h.comabc@h.com.

  1. The “=” method is also used to gain unauthorized access. The following command can be added.

In the username and password column, type:

" or ""="

The backend SQL command is:

 SELECT * FROM users WHERE user = "+u+" AND PASSWORD = "+p+";

Here, when the user adds the value or email and password, the command becomes:

 SELECT * FROM users WHERE user = "" OR ""="" AND PASSWORD = "" OR ""="";

Since the above command returns true, access is granted.

  1. Batched Query is used to send multiple commands to the SQL database. It can be used to delete, modify, or show the database.

In the username column type:

"; DROP Table users

The backend SQL command is:

 SELECT * FROM users WHERE user = "+u+";

On input it becomes:

 SELECT * FROM users WHERE user = "" ; DROP Table users;

This attack results in the user’s Table being deleted from the database.

Prevention

  1. Make use of input validation (sanitization). Input validation results in the system automatically identifying troublesome input and dropping the requests.

  2. Make use of prepared statements. In prepared statements, the data is stored in a prepared statement that is passed into the SQL query after being sanitized.

PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE username = ?");

statement.setString(1, user);

ResutSet result = statement.executeQuery();
  1. The regular expression can be used to detect harmful data like “1=1”.
  2. Restricting database access to accounts further prevents SQL Injection techniques as not every user can modify a database.
  3. Hide system errors. Displaying errors as is can give the hacker a better understanding of vulnerabilities.
Copyright ©2024 Educative, Inc. All rights reserved

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Blind 75

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

INTERVIEW PREP COURSES

Grokking the Modern System Design Interview

Grokking the Product Architecture Design Interview

Grokking the Coding Interview Patterns

Machine Learning System Design

Tiktok Streamline Icon: https://streamlinehq.com

Copyright ©2024 Educative, Inc. All rights reserved.

soc2