SQL Injection

    Most of the web-applications use SQL database to manage and organize the data of its users and content. Now, most of the websites are dynamic; they all use some kind of SQL relational database management system to fetch and store data. There are many active threats a website can face, and SQL injection is one of those threats. In SQL injection, the hacker sends a malicious SQL command using the website forms, and try to bypass the application authentication and other authorized security measures. A poorly designed web-application can easily be hacked using SQL Injection. Once the hacker success to avoid the security of the application, then he/she could modify, or delete the complete database and the app is as good as dead.

    SQL Injection

    How does SQL Injection Perform?

    First, the hacker tries to find all the input portals or forms in the website from where he/she can send data to the server. Now one by one hacker sends some SQL queries using all the forms present in the site to get some valuable response from the application. If the web application is not designed well, then the user could get some critical information about the app then which can be used to gain control over the application database.

    What can SQL injection can do?

    At the backend, if the script executes all the user input without verification, then SQL injection can bring some serious consequences such as:

    • With SQL Injection hacker can find the credential of all the users present in the database.
    • The attacker can access the database as an Administrator, which is the most dangerous scenario because with administration access Attacker can do anything with the database.
    • Most of the SQL Injections perform to get some critical information related to the application so that further attacks could be performed.
    • With SQL Injection attacker can delete records from the database or even create its database.

    SQL Injection Example

    Let's see a vulnerable login script, which can be easily attacked by SQL injection.

    Front End

    Login Form:
    
    <form action="login" method="post">
        <label for="uname"><b>Username</b></label>
        <input type="text" placeholder="Enter Username" name="username" required>
    
        <label for="psw"><b>Password</b></label>
        <input type="password" placeholder="Enter Password" name="password" required>
        <button type="submit">Login</button>  
    </form>

    Back-End Script

    u_n = request.POST['username']   #fetch username from Input Form
    pwd = request.POST['password']    #Fetch password from Input form
    
    # SQL Query to Check if Username and Password match
    
    sql = “SELECT id FROM users WHERE username=’” + u_n + “’ AND password=’” + pwd + “’”
    
    if  database.execute(sql):
        print(‘Login Successfully’)
    else:
        print(‘invalid Credential’)

    Here the backend script is supposed to check if the username u_n and password pwd match any data row in the table users. If the user name and password is correct then only the if statement will execute if not, then the else statement will execute.

    SQL Injection

    What if in username form user enter a valid username let suppose "sam" but in password form, he enters a statement 'anything' OR 1=1 then how the backend SQL script going to execute it?

    sql = SELECT id FROM users WHERE username='sam' AND password='anything' OR 1=1'
    
    if  database.execute(sql):
        print(‘Login Successfully')
    else:
        print('invalid Credential')

    Output

    Login Successfully

    Here username sam is valid, and it returns True, and however, the password is invalid, but it still returns True because the result of 'anything' OR 1=1' is True.

    SQL Injection Prevention

    There are some general techniques and strategies a developer can follow to prevent the SQL injection vulnerability.

    1. Awareness

    A developer should be aware of SQL injection threats, and during the process of database and application designing, this threat also put into consideration.

    2. User Input validation

    You should never trust the user input before you perform a SQL query on the user input; it should be filtered through the various validation process.

    3. Use Latest Technologies

    Now there are many third-party tools, libraries and frameworks present in the market which provide inbuilt security against threats like SQL Injection. The basic idea is rather than writing the code from scratch use the latest tools security.

    4. Keep the Credential Encrypted

    Never store the credential information in text, use encryption and hashing techniques on credential like password and transaction details.

    5. Keep Updating

    If there is a vulnerability in your application, the hacker will discover it soon, so it's a good practice to apply patches and update your database as quickly as possible.

    Summary

    • SQL injection is a technique of sending malicious SQL commands to hack the application database.
    • All the RDBMS such as Microsoft SQL Server, Oracle, and MySQL are vulnerable against SQL injection.
    • It is the most command and powerful hacking technique.
    • It can be prevented by taking some essential steps.

    People are also reading: