Wifi Password Recovery - UTM - Vulnerability Scanning

SHOP
CLOUD PEN
VIP LOGIN
Sun Sun Sun

You are here: Encyclopedia > Encyclopedia Part 3 > What is SQL Injection?

 What is SQL Injection?

SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.
 Detailed Description
Databases are fundamental components of Web applications. Databases enable Web applications to store data, preferences and content elements. Using SQL, Web applications interact with databases to dynamically build customized data views for each user. A common example is a Web application that manages products. In one of the Web application's dynamic pages (such as ASP), users are able to enter a product identifier and view the product name and description. The request sent to the database to retrieve the product's name and description is implemented by the following SQL statement.
Typically, Web applications use string queries, where the string contains both the query itself and its parameters. The string is built using server-side script languages such as ASP, JSP and CGI, and is then sent to the database server as a single SQL statement. The following example demonstrates an ASP code that generates a SQL query.
When a user enters the following URL:
The corresponding SQL query is executed:
An attacker may abuse the fact that the Product ID parameter is passed to the database without sufficient validation. The attacker can manipulate the parameter's value to build malicious SQL statements. For example, setting the value to the ProductID variable results in the following URL:
The corresponding SQL Statement is:
This condition would always be true and all Product Name and Product Description pairs are returned. The attacker can manipulate the application even further by inserting malicious commands. For example, an attacker can request the following URL:
In this example the semicolon is used to pass the database server multiple statements in a single execution. The second statement is  which causes SQL Server to delete the entire Products table.
An attacker may use SQL injection to retrieve data from other tables as well. This can be done using the statement. The  statement allows the chaining of two separate SQL queries that have nothing in common. For example, consider the following SQL query:
The result of this query is a table with two columns, containing the results of the first and second queries, respectively. An attacker may use this type of SQL injection by requesting the following URL:
The security model used by many Web applications assumes that an SQL query is a trusted command. This enables attackers to exploit SQL queries to circumvent access controls, authentication and authorization checks. In some instances, SQL queries may allow access to host operating system level commands. This can be done using stored procedures. Stored procedures are SQL procedures usually bundled with the database server. For example, the extended stored procedure xp _cmdshell executes operating system commands in the context of a Microsoft SQL Server. Using the same example, the attacker can set the value which returns the list of files in the current directory of the SQL Server process.
 
To see all the sql injection code used in this example please click
 

 

Related pages
Anti-Spam Firewall
Anti-Spam Software
Anti-Virus
Appliance VS Software
Cloud Security
WEP Key
What is a Man in the Middle Attack?
What is a Routing Table?
What is CISSP?
What is Cross Site Scripting(XSS)?
What is Data Leak Prevention?
What is Dumpster Diving?
What is Grey Listing?
What is GSM Encryption?
What is Instant Messaging?
What is Port Knocking?
What is search engine hacking?
What is Spyware?
What is SQL Injection?
What is TCP?
What is UDP?
What is UTM?
What is Virus?
What is VoIP?
What is Whitelisting?
WiFi Pen Test
WPA Key
Want to be Contacted?
Click here to Get Contacted

Free Services
Free Wi-Fi Top 15 Security Tips
Free Vulnerability Scan
SecPoint News

» Penetrator Vulnerability Scanner V20.0 Released
Get the new Penetrator Vulnerability Scanner V20.0...
Friday May 24, 2013

Awards & Reviews
  
Featured SecPoint Customers

Featured SecPoint clients



SecPoint® © Copyright 1999-2013
US Toll Free: +1-888-704-7297 - EU Toll Free: +44-808-101-2272