What is Sql injection
A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information.
Two types of Sql injection attacks -
First order attack - Attacker harm the DB immediately, when attacker passes some malicious query via any web application to DB.
Example 1 -
User id -> hi' or 1=1;--
Password -> hello' or 1=1;--
This will enter the user in.
Example 2 - If web application displaying some data in three columns with some filter criteria. If attacker type below given string in criteria then it will show name, type and id of sysobject table with application data.
' UNION SELECT name, type, id FROM sysobjects;--
Now attacker can type below given string, it will show columns and their lenths of a perticular table of given id.
' UNION SELECT name, '', length FROM syscolumns WHERE id = 1845581613;--
Now attacker have enough information to destory your DB. Now below given string can be passed to criteria, it will provide admin user details.
' UNION SELECT UserName, Password, IsAdmin FROM Users;--
A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid. The objective is to fool the database system into running malicious code that will reveal sensitive information.
Two types of Sql injection attacks -
First order attack - Attacker harm the DB immediately, when attacker passes some malicious query via any web application to DB.
Example 1 -
User id -> hi' or 1=1;--
Password -> hello' or 1=1;--
This will enter the user in.
Example 2 - If web application displaying some data in three columns with some filter criteria. If attacker type below given string in criteria then it will show name, type and id of sysobject table with application data.
' UNION SELECT name, type, id FROM sysobjects;--
Now attacker can type below given string, it will show columns and their lenths of a perticular table of given id.
' UNION SELECT name, '', length FROM syscolumns WHERE id = 1845581613;--
Now attacker have enough information to destory your DB. Now below given string can be passed to criteria, it will provide admin user details.
' UNION SELECT UserName, Password, IsAdmin FROM Users;--
