SQL Injection - I



SQL Injection - I



SQL-Injection vulnerabilities and attacks occur between the Presentation tier and the CGI tier. Most vulnerabilities are accidentally made in the development stage. The data flow of each tier using normal and malicious input data are as shown in Figure 2. It depicts the users Authentication step. When an authenticated user enters its ID and Password, the Presentation tier uses the GET and  POST method to send the data to the CGI tier. The SQL query within the CGI tier connects to the database and processes the data.



When a malicious user enters an ID such as 1‘ or ‗1=1‘--, the query within the CGI tier becomes SELECT * FROM user WHERE id=1‘ or 1=1AND password=‘1111‘; after the --, the rest of the sentence becomes a comment and because or 1=1‘ is always true, the authentication step is bypassed. SQL Injection attacks are malicious data that changes the normal SQL query to a malicious SQL query and allows anomalous database access and processing.  Most web applications use data filters to prevent these  kinds of SQL injection attacks. However, there are many methods of SQL injection attacks which can bypass data filters which make it difficult to effectively defend the database from attacks. Therefore, a more effective way of detecting and preventing SQL injection attacks is necessary.


 Types of SQL Injection

  • Direct SQL Injection
Ex:  True Conditions (Tautology) like [   ‗or 1=1 --  ]

  • In-Direct SQL Injection
Ex: Query based injection, Blind Injection, String Based Injection, Character Based
Injection, Error Based SQLi, Error based Double Query Injection, XML Injection



Direct SQL Injection Understanding

if(username==franky) && (password==12345)
printf("Welcome to Email ");
else
{
printf("Invalid Username or password");
}

Explanation :
This above code meant the username and password both matches
with database then it will give a access to the email  Welcome

The email else the error message like Invalid username

Or password


Some Modification in Code

if(username==a ‘ or 1=1-- ) && (password==a‘ or 1=1--)
printf("Welcome to Email ");
else
{
printf("Invalid Username or password");
}

Pure dynamic SQL serves as the most common form of SQL injection attacks:
sqlString = ―SELECT… From [myTable] WHERE name =„‖.myInputValue.‖‟ ―;



Explanation
The same login coding with SQL injection attack then also email
Was logged and say a welcome



0 comments:

Post a Comment