SQL Injection

SQL Injection occurs when user input is improperly sanitized allowing attackers to inject malicious SQL statements into a query. This can happen through web forms, URL parameters, or any input field that interacts with a database.

Imagine a login form where users enter their username and password. The backend query might look something like this:

      
        SELECT * FROM users WHERE username = 'input' AND password = 'input';
      
    

If the input fields are not properly sanitized, attackers can manipulate this query to gain unauthorized access.

OR-Based SQL Injection

The OR-based SQL Injection involves using the OR operator to manipulate the query logic. This can trick the system into granting access without proper authentication.

Let's say an attacker inputs the following in the username field:

      
        admin' OR '1'='1
      
    

      
        SELECT * FROM users WHERE username = 'admin' OR '1'='1' AND password = 'input';
      
    

• '1'='1' is always true, so the condition becomes true for all records.


• The system thinks the authentication check is satisfied, granting access without verifying the password as SQL prioritizes AND over OR.

The attacker can bypass authentication and access protected areas of the application, potentially exposing sensitive information.

Comment-Based SQL Injection

The Comment-Based SQL Injection uses SQL comments to ignore parts of the query. This can bypass certain security checks and expose data.

If an attacker enters the following into the username field:

      admin' --
    

      
        SELECT * FROM users WHERE username = 'admin' --' AND password = 'input';
      
    

• -- is a comment indicator in SQL, so everything after it is ignored.


• The query effectively becomes:

  SELECT * FROM users WHERE username = 'admin'

  Bypassing the password check.

This allows attackers to log in as any user if the username is valid, without needing the correct password.

09-09-2024 by azedev