SQL Injection is a security vulnerability occuring in the DB layer. It is method to inject SQL command/query through the webpage. Hacker can come up with an intelligent input which may cause the application to do what it is not supposed to do. Here is a simple example of how to do this for a badly written application.
Let try to inject the malicious SQL query for a login page. When user enters the login user name and password, their will be some query similar to this running in the background:
Select * from USER_TABLE where user_name='username' and Pass_word='password';
Now assume there is no client or server side validation for the input entered by the user. If the user enters username as HelloWorld' OR 5=5;-- and password as xyz. The above query gets translated as
Select * from USER_TABLE where user_name='HelloWorld' OR 5=5;--'and Pass_word='xyz';
{-- is used for commenting in SQL} So the query effectively turns out to be
Select * from USER_TABLE where user_name='HelloWorld' OR 5=5;
Since 5=5 is always true it will return some record and thus will be successful login into someone account.
Though most of the applications may not be so easy to hack but this example is given to explain what actually is SQL injection which can be applied properly to find some serious vulnerabilities in the application.
Let try to inject the malicious SQL query for a login page. When user enters the login user name and password, their will be some query similar to this running in the background:
Select * from USER_TABLE where user_name='username' and Pass_word='password';
Now assume there is no client or server side validation for the input entered by the user. If the user enters username as HelloWorld' OR 5=5;-- and password as xyz. The above query gets translated as
Select * from USER_TABLE where user_name='HelloWorld' OR 5=5;--'and Pass_word='xyz';
{-- is used for commenting in SQL} So the query effectively turns out to be
Select * from USER_TABLE where user_name='HelloWorld' OR 5=5;
Since 5=5 is always true it will return some record and thus will be successful login into someone account.
Though most of the applications may not be so easy to hack but this example is given to explain what actually is SQL injection which can be applied properly to find some serious vulnerabilities in the application.
Hi Mallik,
ReplyDeleteYou said that SQL injection is a vulnerability in DB Layer. But as per the example you gave, isnt it a loophole in the application's front-end itself rather than in the DB Layer?
Hi Shuchita,
ReplyDeleteSQL injection is DB layer vulnerability, but user exploits it at the application layer itself.
-
Mallik