Home     Blog

SQL Injection Attack / Vulnerability

A SQL injection vulnerability can occur when a poorly-written program uses user-provided data in a database query without first validating the input. This is most-often found within web pages with dynamic content. There are some excellent tutorials and descriptive articles on this subject, as well as many vulnerability postings for different applications from full-disclosure websites.

A simple example of SQL injection is a basic HTML form login in which you provide a username and password:

 <form method="post" action="process_login.php">
 <input type="text" name="username">
 <input type="password" name="password">
 </form>

SQL Injection Attack 150x150 SQL Injection Attack / VulnerabilityGiven this snippet of HTML, one can deduce that the easiest (and worst) way for the script “process_login.php” to work would be for it to build and execute a database query that looks like this:

	"SELECT	id
	FROM	logins
	WHERE	username = '$username'
	and	password = '$password'";

 

Under those circumstances, if the variables “$username” and “$password” are taken directly from the user’s input, the login script can easily be tricked into believing that a valid password has been provided by playing with the syntax of the SQL statement. Suppose the following string were provided as the password:

	' or '' = '

and we gave “bob” as the username. Once the variables are interpolated, the query above would look like this:

	"SELECT	id
	FROM	logins
	WHERE	username = 'bob'
	and	password = '' or '' = ''";

This query will return a row because the final clause:

	... or '' = ''

will always evaluate to true (an empty string is always equal to an empty string).

Preventing SQL Injection Attacks

The most common methods to prevent this kind of SQL injection vunerability are to check the user’s input for dangerous characters like single-quotes; and using prepared statements, which tell the database exactly what to expect before any user-provided data is passed to it.

Further Reading on SQL Injection Vulnerabilities

VN:F [1.9.17_1161]
Rating: 0.0/10 (0 votes cast)
Follow Will.Spencer on

Comments (2)

 

  1. awesome says:

    love the lame php example. stored procedures utilizing a user input aren’t any safer than a regular sql query.  love also how USA Today linked to this page when addressing a SQL Server attack. I pity the fool who doesn’t parameterize the query

    VA:F [1.9.17_1161]
    Rating: 0.0/5 (0 votes cast)
    Reply
  2. ajeet verma says:

    i want to learn more nd mo. Plz some

    VA:F [1.9.17_1161]
    Rating: 0.0/5 (0 votes cast)
    Reply

Leave a Reply

Related Posts

  • iFrame Injection

    An iFrame injection is a very common cross site scripting (or XSS) attack. It consists of one or more iFrame tags that have been inserted into a page or post’s content and typically downloads an executable program or conducts other actions that compromise the site visitors’ computers. In the best case, Google may label the [...]...


  • Social Engineering

    Social engineering is a fancy name for manipulating a person into giving you access to which you are not normally entitled.    This almost always involves lying about your identity or your intent. Here is a transcript of a class social engineering trick used to convice a user to divulge his password: [user] Hello? [hacker] Hi, [...]...