Trusted answers to developer questions
Trusted Answers to Developer Questions

Related Tags

network security
sql

What is SQL injection?

Educative Answers Team

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

SQL Injections are a type of injection flaw. Injection flaws are a security vulnerability that allows the user to gain access to the backend database, shell command, or operating system call if the web app takes user input.

In SQL Injection, hackers append additional information within input boxes and can create, read, update, or delete data within the database. SQL Injection is the most common type of injection attack.

widget

Common techniques

  1. The 1=1 method is used to gain unauthorized access to the user’s account. The following command can be added to access a user’s account using SQL Injection.

In the password column type:

abc' OR 1==1 --

The backend SQL command is:

 SELECT * FROM users WHERE email = \$email AND PASSWORD = sha256($password)

Here, when the user adds the value or email and password, the command becomes:

 SELECT * FROM users WHERE email = abc@j.com AND PASSWORD = sha256(abc') OR 1==1 -- )

Since the above command contains 1==1, which is always true, the system grants access to the email abc@h.comabc@h.com.

  1. The “=” method is also used to gain unauthorized access. The following command can be added.

In the username and password column, type:

" or ""="

The backend SQL command is:

 SELECT * FROM users WHERE user = "+u+" AND PASSWORD = "+p+";

Here, when the user adds the value or email and password, the command becomes:

 SELECT * FROM users WHERE user = "" OR ""="" AND PASSWORD = "" OR ""="";

Since the above command returns true, access is granted.

  1. Batched Query is used to send multiple commands to the SQL database. It can be used to delete, modify, or show the database.

In the username column type:

"; DROP Table users

The backend SQL command is:

 SELECT * FROM users WHERE user = "+u+";

On input it becomes:

 SELECT * FROM users WHERE user = "" ; DROP Table users;

This attack results in the user’s Table being deleted from the database.

Prevention

  1. Make use of input validation (sanitization). Input validation results in the system automatically identifying troublesome input and dropping the requests.

  2. Make use of prepared statements. In prepared statements, the data is stored in a prepared statement that is passed into the SQL query after being sanitized.

PreparedStatement statement = connection.prepareStatement("SELECT * FROM users WHERE username = ?");

statement.setString(1, user);

ResutSet result = statement.executeQuery();
  1. The regular expression can be used to detect harmful data like “1=1”.
  2. Restricting database access to accounts further prevents SQL Injection techniques as not every user can modify a database.
  3. Hide system errors. Displaying errors as is can give the hacker a better understanding of vulnerabilities.

RELATED TAGS

network security
sql
Copyright ©2022 Educative, Inc. All rights reserved

Grokking Modern System Design Interview for Engineers & Managers

Ace your System Design Interview and take your career to the next level. Learn to handle the design of applications like Netflix, Quora, Facebook, Uber, and many more in a 45-min interview. Learn the RESHADED framework for architecting web-scale applications by determining requirements, constraints, and assumptions before diving into a step-by-step design process.

Keep Exploring