BLOG

SQLinjection

What is SQLinjection and how to prevent

What is SQL?

SQL – Structured Query Language, SQL is a standard language for accessing and manipulating databases.
the standard SQL commands such as “Select”, “Insert”, “Update”, “Delete”, “Create”, and “Drop” can be used to accomplish almost everything that needs to do with a database.

What is SQL injection (SQLi)?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database, First place in the OWASP TOP 10,
SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.
Retrieving hidden data, where you can modify an SQL query to return additional results.
Subverting application logic, where you can change a query to interfere with the application’s logic.
UNION attacks, where you can retrieve data from different database tables.
Examining the database, where you can extract information about the version and structure of the database.

How it works?


in SQL:

SELECT id, firstname,lastname from users WHERE firstname='$first' and lastname='$last'

Data entry by the attacker:

Firstname: cyberetic' -- 
Lastname: something

The string is injected into the query:

SELECT id, firstname,lastname from users WHERE firstname='cyberetic' -- ' and lastname='something'

In the example above we entered a first name with ” — “
And what actually happens is it makes everything after the first name for comment.

How to prevent:

1.  by removing special characters and reserved words. Also use field validation to ensure that data contains only expected inputs such as numbers, email addresses, etc. This strategy prevents only the simplest attacks. You must also apply strategies such as prepared statements

Escaping SQL in php for exam:

$stri = $dbConnection->prepare('SELECT * FROM employees WHERE firstname = ?');
$stri->bind_param('s', $firstname);
$stri->execute();
$result = $stri->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
$stri = htmlentities($firstname, ENT_QUOTES, "UTF-8");

Brute Force Attack

In the world of Cyber crimes, brute force attack is an activity which involves repetitive successive attempts of trying various password combinations to break into any website…

Read More »