What is "SQL Injection"?

Question

Can anyone tell me, what is sql injection?

What Harm it may cause?

How should I avoid it?

Answer 1

SQL Injection
http://www.imperva.com/application_defense_center/glossary/sql_injection.html

SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Answer 2

Learn SQL Injection in detail and ways to protect it:
http://www.hackingloops.com/2014/09/sql-injection-injection-attacks-owasp-1.html

Answer 3

Normal Command to check whether a valid user name is present is the database is

select count(*) from logintable where username='testUser ' and password='testPass';

If there is any record in the database which contains username as testUser and password as testPass. If u input those in the textbox (of website or something) the count will return as 1...If count is 1 then username exists.

SQL Injection
--------------------------
if u enter username = testUser';--

Then command becomes

select count(*) from logintable where username='testUser'; --' and password='UserInputPass';

here the -- denotes comment in sql...so the part where the password is checked is commented..So it'll check only whether that username is present in the database or not and not the right password. Thus by injecting sql commands in the text box we can bypass login

NOTE: we can even drop the login table in the database by writing username = drop table logintable';--


Prevention
---------------
Using validation...in the username field only accept alphabets(or numbers as required) and remove all the special characters

Answer 4

I would write an SQL database personally, but I could be wrong.

Answer 5

Whats SQL Injection?

* SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations.
* It is perhaps one of the most common application layer attack techniques used today.
* It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database.

* In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass through and query the database directly.

Its Effect:
Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Databases are central to modern websites – they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.

SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.

Such features as login pages, support and product request forms, feedback forms, search pages, shopping carts and the general delivery of dynamic content, shape modern websites and provide businesses with the means necessary to communicate with prospects and customers. These website features are all examples of web applications which may be either purchased off-the-shelf or developed as bespoke programs.

These website features are all susceptible to SQL Injection attacks which arise because the fields available for user input allow SQL statements to pass through and query the database directly.
What is the impact of SQL Injection?
Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database!

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data, use subselects, or append additional queries.

In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures, it could spell disaster.

Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered. Data is being unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.

How do I prevent SQL Injection attacks?
Firewalls and similar intrusion detection mechanisms provide little defense against full-scale web attacks. Since your website needs to be public, security mechanisms will allow public web traffic to communicate with your databases servers through web applications. Isn’t this what they have been designed to do?


Patching your servers, databases, programming languages and operating systems is critical but will in no way the best way to prevent SQL Injection Attacks.