When applications use SQL queries to interact with database contain direct user input without performing any validation then there is a possibility for SQL Injection as the applications fail to distinguish between sql code and data values.
[php]
SELECT username, password FROM users_table WHERE username = ‘" +
userName + "’ and password = ‘" + password + "’
For example if user inputs ‘ or’1’=’1 for both username and password
fields in the above query then the interpreter will consider it as
sql code instead of data and execute sql query as the input ‘
or ‘1’=’1 is always true.
The above query changes as following which is a true condition,
gets executed and allows the user to login with privileges of first
user account in the DB which is usually of an administrator.
SELECT username, password FROM users_table
WHERE username = ”or ‘1’=’1′ and password = ”or ‘1’=’1′
[/php]
If applications are vulnerable to SQL injection then an adversary can take advantage
of this weakness and alter the data in database, view data or even worse delete
existing data from database.
#1. Perform white list input validation as it allows only trusted data to be entered into the application.
#2. Use Prepared Statements with bind variables as it distinguishes between code and data through use of methods such as setInteger(value), setString(value)
#3. Use Stored Procedures that do not construct dynamic sql queries
#4. Use least Privilege mechanism to avoid the damage potential in case of successful exploitation. For example create a first record in DB with least Privileges rather than administrator privileges to avoid damage potential in case an adversary were able to bypass login with a true condition.
Usually most security flaws occur in applications as the developers are unaware of the security weaknesses and build the application as per business requirement. It will be of great help if developers are trained on how to build secure software to avoid vulnerabilities in early stages of SDLC.
Hope this article provided some useful information on SQL Injection. Please share if you like it. Stay updated with the latest cyber security tip and tricks to get secured.
The first instance of a website dates back to November 1992, just a year after…
In today’s digital landscape, having a strong online presence is essential for any business. This…
Imagine trying to explain your movement through a crowded room using only the sounds of…
In the ever-evolving world of online commerce, having the right tools at your disposal is…
In the vast landscape of online content, YouTube has emerged as a powerhouse for creators…
In the ever-changing world of digital marketing, strengthening security goes beyond simply supporting firewalls. It…