SQL Injection is one of the mechanisms that attack many websites used by hackers to steal data from organizations. It is probably one of the most popular attack engineering applications used today class.
This type of attack that misuses the coding of your web applications allows hackers to inject SQL commands into a login form to allow them access to organized data within the database. your material.
In essence, SQL Injection arises because the fields are available for users to enter SQL statements that allow passing and querying the database directly.
SQL Injection: A deep explanation
The web application allows legitimate website visitors to submit and retrieve data to / from a database over the Internet using their favorite web browser. Database is the center of modern web sites - they store essential data for websites to provide specific content to visitors and make information for customers, suppliers and employees. and a variety of stakeholders. Users of information, finance and payment information, corporate statistics can all be resident in a database and access by legitimate users through off-the-way. shelf and custom web applications. Web applications and databases allow you to regularly operate your business.
SQL Injection is a hacking technique that attempts to pass SQL statements (reports) through a web application to execute by the backend database. Without proper disinfection, web applications can lead to SQL Injection attacks, allowing hackers to view information from the database and / or even wipe it out.
This feature like login pages, support and forms of product requests, feedback forms, search pages, shopping carts and general delivery of dynamic content, modern website shapes and provide businesses with the necessary means to communicate with potential customers and customers. These features are all examples of web applications that can be either purchased off-the-shelf or developed as separate programs.
These features are all vulnerable to SQL Injection attacks because the fields available to users enter SQL statements that allow passing and querying the database directly.
SQL Injection: A simple example
Take a simple login page where a legitimate user will enter his or her username and incorporate a password to enter a secure area to view his or her personal details or upload his or her opinion in a Forum.
When the user legitimately submits his details, an SQL query is generated from the details and submitted to the database for verification. If valid, users are allowed access. In other words, the web application that controls the login page will contact the database through a series of planned commands to verify the username and password combination. Verify, legitimate users are granted appropriate access.
Through SQL Injection , hackers can input crafted SQL commands specifically for the purpose of bypassing login pattern barriers and seeing what lies behind it. This is only possible if the input is not properly disinfected (ie, impenetrable) and sent directly to the SQL query into the database. SQL Injection vulnerabilities provide a means for a hacker to communicate directly with the database.
Vulnerable technologies for this attack are dynamic scripting languages including ASP, ASP.NET, PHP, JSP, and CGI. All attackers need to perform a hacked SQL Injection attack as a web browser, knowledge of SQL queries and work to make important guessing tables and school names. The great simplicity of SQL Injection has fueled its popularity.
Why is it possible to pass SQL queries into the database even though this is hidden behind a firewall?
- Is my database at risk to SQL Injection?
- What is the impact of SQL Injection?
Example of a SQL Injection attack
How to prevent SQL Injection attacks?
Why is it possible to bypass SQL queries directly to a database that is hidden behind a firewall and secure any other mechanism?
Firewalls and intrusion detection mechanisms similarly provide little or no defense against full scale SQL Injection web attacks.
Since your website needs to be public, the security mechanism will allow public web traffic to communicate with your web application / s (usually on port 80/443). Web applications have accessed the database to return (update) information (changes) requests.
In SQL Injection, hackers use creative and SQL queries to get the company's database of sensitive data through web applications.
SQL queries or language structures are computer languages that allow you to store, manipulate, and retrieve stored data in a relational database (or a collection of organized and structured tables) material). SQL is, in fact, the only way that a web application (and user) can interact with the database. Examples of relational databases including Oracle, Microsoft Access, MS SQL Server, MySQL, and Filemaker Pro all use SQL as their basic building blocks.
SQL includes SELECT , INSERT , DELETE and DROP TABLE commands . DROP TABLE is ominous because it is sound and will in fact remove tables with a specific name.
In the legitimate scenario of the above login page examples, the SQL statement that plans for the web application might look like this:
SELECT count (*)
WHERE username = 'FIELD_USERNAME'
And password = 'FIELD_PASSWORD'
In simple English, this SQL command (from the web application) instructs the database to match the username and enter the legitimate user's password to combine it has been stored.
Each type of web application is difficult to specifically encode with the SQL query that it will perform when its legal implementation of the function and communication with the database. If any of the input fields of web applications are not properly disinfected, a hacker can insert SQL statements that extend the scope of the SQL web application statements that will execute, thus going beyond Out planned original design and function.
A hacker will therefore have a clear communication channel (or, in layman's terms, a tunnel) to not distinguish the database of all intrusion detection systems and network security devices. Install before the physical server database.
Is your database at risk to SQL Injection?
SQL Injection is one of the most common application classes in the attacks being used on the Internet. Despite the fact that it is relatively easy to protect against SQL Injection, there are a large number of web applications that are also vulnerable.
According to Web Application Security Consortium (WASC) 9% of the total reported hacking incidents in the media until July 27, 2006 was due to SQL Injection. Recent data from our research shows that about 50% of the websites we scanned this year are sensitive to SQL Injection vulnerabilities.
It may be hard to answer the question of whether your website and web applications are prone to SQL Injection especially if you are not a programmer or you are not the one who has encrypted web applications. yours.
Our experience will take us to believe that there is a significant chance that your data has been risked from SQL Injection.
Whether an attacker can see the data stored in the database or not, it really depends on how your site is encoded to display the results of the queries sent. It is certain that attackers will be able to execute arbitrary SQL commands on the vulnerable system, or to compromise that or else to get information.
If not properly encrypted, then you run the risk of having your customer data and company compromised.
What an attacker gains access to also depends on the level of security set up by the database. The database can be set to restrict certain commands. A normal read access is enabled for use by the back-end web application.
Even if an attacker cannot modify the system, he will still be able to read valuable information.
What is the impact of SQL Injection?
Once realizing that an attacker is vulnerable to SQL Injection, he can inject SQL Query / commands through an input form field. This is equivalent to handing over your attacker database and allowing you to execute any DROP TABLE SQL command including the database!
An attacker can execute arbitrary SQL statements on vulnerable systems. This can compromise the integrity of your database and / or expose sensitive information. Depending on the back-end database used, SQL injection vulnerabilities lead to different levels of data / access systems for attackers. It may be possible to manipulate the current query, to UNION (used to select related information from two tables) arbitrarily data, use subselects, or append additional queries.
In some cases, it may be possible to read or write the work, or to execute shell commands on the underlying operating system. Some SQL servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can gain access to these procedures, it can spell disaster.
Unfortunately the impact of SQL Injection is only detected when the theft is detected. Data is being accidentally stolen through hacked attacks all the time. More experts of hackers are rarely caught.
Example of a SQLInjection attack
This is a basic HTML form template with two inputs, login and password.
<form method="post" action="http://sql.hvngroups.net">
name="tfUName" <input type="text" id="tfUName">
name="tfUPass" <input type="password" id="tfUPass">
The simplest way for login.asp to work is by building a database query that looks like this:
WHERE username = '$ username'
And password = '$ password'
If $ username and $ password variables are required directly from user input, this can be easily compromised. Suppose we have "Joe" as a username and that the following string is provided as a password: anything 'OR' x '=' x
WHERE username = 'Joe'
And password = 'anything' OR 'x' = 'x'
When the inputs of web applications do not disinfect properly, the use of single quotes has turned the WHERE SQL command into a two-component clause.
The 'x' = 'x' ensures a part is true regardless of what the First Part.
This will allow an attacker to pass the login form without actually knowing a valid password username!
How to prevent SQL Injection?
Firewalls and similar intrusion detection mechanisms provide defense against full-scale web attacks. Since your website needs to be public, the security mechanism will allow public web traffic to communicate with your database server via web application. Isn't that what they were designed to do?
Fixing your server, database, programming language and operating system is very important but there is no way to be the best way to prevent SQL Injection attacks.
If conditions permit you read through the article: Security check service for website
I will have videos on this security bug in the following article.