Day 31: Security sql injection explained
SQL injection is something we hear about in the news quite often.
According to OWASP top 10 injection attacks are the most prevalent.
And for that same reason, you should be aware of it.
Let’s start with the name: SQLi or SQL Injection.
SQL(Structured Query Language) –> The language of databases (DB)
Injection –> We ‘inject’ malicious code that is interpreted by the Database.
SQLi happens due to improper sanitization of user input.
Say we have a textbox that accepts userID as input.
I happen to know that on this particular website, my user ID is 578920.
What if there was a way to get all user IDs and all data associated with all those user IDs.
SQLi allows an attacker to do just that.
Getting information he is not supposed to have access to.
Normally, a rookie way of knowing if an application is vulnerable to SQLi would be to use the single quote character
If that input is not sanitized, the single quote would be rightly interpreted by the application as SQL data.
And in SQL, single quote MUST end with another single quote.
Else, an error would be thrown at you:
ERROR: You have an error in your SQL syntax. Please check the manual...
If you see a message like this.
It means that you are interfacing directly with the Database, behind the web application.
Hope SQLi is clearer to you now :)