What is the SQL injection attack?
In many web applications, input data are taken from users, and corresponding SQL queries are executed on the server side to fetch or store proper data in the database. For example, if a user wants to see all books authored by an author, he searches with the author’s name. That input data is taken from the user, and the corresponding SQL query is executed in the database to fetch data. And the results are displayed back with proper formatting.
But, sometimes, attackers exploit the security vulnerabilities in the application software and trick the server into executing malicious SQL queries. Thus, attackers delete or change the data in the database or steal sensitive data from the database to perform even more attacks. This type of attack is called the SQL injection attack.
How does the SQL injection attack work?
Let’s understand how the SQL injection attack works in more detail with some examples.
Example 1: Suppose the username and the corresponding sensitive data are stored in a database. A registered user provides the username as requested on a webpage. The server takes the username and executes the following SQL query in the database:
SELECT * FROM users WHERE name = ‘ ” + userName + “ ‘ ; “
where userName is the username, and it is taken as input from the user through a form.
At this point, the attacker can input,
‘ OR ‘1’=’1
And if proper care is not taken while writing the code, the server will execute the following query:
SELECT * FROM users WHERE name = ‘ ‘ OR ‘1’=’1′;
As a result, the sensitive data of all the users will be revealed to the attacker.
Example 2: In another example, the attacker can input,
a’ ; DROP TABLE users; SELECT * FROM userinfo WHERE ‘t’ = ‘t
As a result, the server will be tricked to execute the following query in the database:
SELECT * FROM users WHERE name = ‘a’ ; DROP TABLE users; SELECT * FROM userinfo WHERE ‘t’ = ‘t’;
This will delete the username table altogether if proper care is not taken.
Example 3: In the next example, let’s suppose the following query is …
0 Comments