You Are Here: Home » Database » Hacks » Programming » Security

SQL Injection – 1 (Introduction)

By Ricky on July 26th, 2009 
Advertisement

In this post we shall discuss a very common method of hacking a website (or rather, a database) called SQL Injection. The object of this post is not to help anyone destroy/deface other websites, but to help you protect your website from such an attack. In this post I shall explain the basics of how SQL Injection works and in my next post I shall focus on what can be done so that your website does not become a victim of SQL Injection.

SQL Injection? What is that?

SQL Injection is a technique of executing SQL queries in a server that was not not intended to be executed by the developer. The object of SQL Injection may be to bypass authentication and manipulate the databases of the server or application.

OK! How does it work?

The idea behind SQL Injection is pretty simple actually. To see how a very basic SQL Injection work, let us take a basic authentication procedure using username and password. (In our example we have considered the script to be PHP. But that really has nothing to do with the discussion to follow.)

Suppose we hav a HTML form as given below:

<form method="post" action="login.php">
<input name="uname" type="text" id="uname">
<input name="pword" type="password" id="pword">
</form>

Now if the SQL query to be executed in login.php is:

SELECT * FROM users
WHERE username ='$uname' AND password = '$pword'

Suppose we enter the username as a' OR 1=1 --. Then the SQL query becomes

SELECT * FROM users
WHERE username ='a' OR 1=1 --' AND password = 'pword'

As everthing after '--' is ignored, the query effectively become

SELECT * FROM users
WHERE username ='a' OR 1=1

As 1=1 is always true, the condition is always true and the login is always validated.

(Don't even think of hacking using this technique. It is the most basic of SQL Injection techniques and will not work with any websites. I have posted it just to give you an idea ofwhat SQL Injection is.)

So if there are no login screen we cannot execute SQL Injection?

Not really! Actually anything that acesses the database is a potential target for SQL Injection. These include almost all forms. It can even be done through the browser address bar. By proper (and creative) use of SQL injection it is possible to obtain the schema of the database.

How worried should I be about an attack through SQL Injection?

As I hav said before SQL Injection is a very common and effective method to hack into a database. If an unauthorized user manages to gain acess to your databases, he can wreck havoc like droping tables, changing values etc. So, SQL Injection is a very real threat.

So, when can I get some more advanced SQL Injection techniques?

You can read the second part of the series here.

Advertisement







SQL Injection – 1 (Introduction) was originally published on Digitizor.com on January 31, 2009 - 7:38 am (Indian Standard Time)