Introduction to SQL Injection
Learn about the basics of SQL injection and the differences between its various types.
We'll cover the following...
Most web applications use some sort of database as a way of storing information. Quite a lot of these databases are programmed using the Structured Query Language (SQL). Consequently, SQL injection came about as one of the more prevalent vulnerabilities on the internet.
SQL injection works primarily with web applications with a database that takes input from users querying the database for a response.
The aim of an SQL injection technique is either to bypass the SQL query being made and execute malicious code or to have the database dump all its data. As such, pentesters should keenly look for SQL-related vulnerabilities within web applications because the consequences are often disastrous.
How does an SQL injection work?
The adversary first ensures that their target has a database. After that, the adversary notes all the areas of the web application where the user is allowed to provide input. They then try to probe those areas with basic checks to find out whether the areas are susceptible to SQL injection. They craft queries to achieve their goal, be it dumping schemas, bypassing logins, or overwriting the data in the database.
Let’s look at a brief example. Assume that we’re trying to log in to a web application. The web application handles input from the login fields like so:
query = "