DEV Community

Mahima Bhardwaj
Mahima Bhardwaj

Posted on

SQL INJECTION AND ITS TYPES.

Image description

SQL Injection is a type of Cyberattack. It occurs when an attacker maliciously inserts sql code within input fields of a web application.

  • This application Exploits Vulnerablities in poorly sanitized user inputs.
  • It allows the attacker to execute unauthorized SQL queries on the application database.
  • The Primary Goal of SQL Injection attack is to gain unauthorized access to the database.
  • They Perform SQL Injection to modify , add or delete sensitive data.

How SQL Injection Attacks Works

Image description

  • User Input -> Many web applications allow users to enter data through login forms, search boxes, or other fields. This user input is typically incorporated into SQL queries to interact with the database.

  • Lack of Sanitization -> If the application does not properly validate, sanitize or escape this user input before using it in SQL query. It becomes vulnerable to SQL Injection.The untrusted input is treated as part of the SQL command , allowing the attacker to manipulate it.

  • Malicious Input -> Attackers craft Inputs that include malicious SQL commands or fragments. This input is designed to alter the structure of SQL query to bypass Normal Logic.
    for example
    In login form , an attacker might enter something like:
    ' OR '1'='1
    This can trick the SQL query into returning more data than intended or bypassing authentication checks.

  • Attack Execution -> The application executes the query, incorporating the attacker's input. Since the SQL injection changes the query’s behavior, it may lead to unintended actions, such as displaying sensitive data, modifying records, or performing administrative functions.

  • Impact -> Depending on the nature of the vulnerability and the attacker’s goals, SQL injection can result in:
    Data exposure: Access to sensitive information like usernames, passwords, and financial data.
    Data manipulation: The ability to alter, insert, or delete data in the database.
    Control over the database: In some cases, the attacker can gain administrative access or even execute system commands if the database privileges are high.

Types of SQL Injection

1> Classic SQL Injection -> Inserting malicious SQL into a query , such as 'OR '1'=1 to bypass authentication.

2> Blind SQL Injection-> Attacker doesn’t see the database output but can infer information by sending true/false conditions.

3> Error-based SQL Injection -> Exploits error messages returned by the database to gain information.

4>Union-based SQL Injection -> Uses the UNION SQL operator to combine multiple select statements into a single result, potentially exposing more data.

SQL Injection Prevention Methods

Input Validation and Sanitization -> Always validate and sanitize all user input before it is used in an SQL query.
Use parameterized queries or prepared statements to ensure that inputs are treated as data and not executable code.

Avoid Dynamic SQL -> Avoid creating dynamic SQL queries that concatenate user input directly into the query string.
Static SQL should be used whenever possible, or parameterized queries where the structure of the SQL statement is predefined, and user input is passed as parameters.
Bad Practice:

"SELECT * FROM users WHERE username = '" + user_input + "'";
Enter fullscreen mode Exit fullscreen mode

Good Practice

SELECT * FROM users WHERE username = ?;
Enter fullscreen mode Exit fullscreen mode

Least Privilege
Ensure that the database account used by the web application has the minimum privileges required to operate. For instance:
Only allow read permissions for retrieving data.
Restrict write access unless necessary.
Avoid granting administrative access to the database for standard queries.
Regular Updates
Keep the web application, frameworks, and related libraries up to date. New vulnerabilities are discovered frequently, and patches are released to fix them.
Regularly check for and apply security patches.
Web Application Firewall (WAF)
A WAF can monitor, detect, and block malicious traffic before it reaches the web application. WAFs can provide an additional layer of security by filtering out potentially harmful SQL injection attempts.
Security Testing
Conduct regular vulnerability assessments and penetration testing to identify weaknesses in the application.
Use tools like SQLMap or automated scanners to test for SQL injection vulnerabilities.

Top comments (0)