Easy! IT | Security | SQL injection

This article is a rough explanation of SQL injection.

Everything might be not exactly correct in this article but it’s very useful for beginners to understand IT terms. If you want to learn IT but you don’t have any experience to work in the IT industry, I wish it helps you to understand IT. And I hope this article makes you study IT more.

Let’s start our 3 minutes lesson!

What is SQL injection?

  • SQL injection is the type of cyberattack.
  • SQL injection is used to execute malicious SQL statements.

1. What is SQL?

SQL injection is used to execute malicious SQL statements. When do you use SQL statements? For example, you input a username and a password when you log in to the web application. And you can access the web application if your ID and your password are correct.

Login ID and Password

You can only see the web interface. But actually, web servers provide the website, and web servers store a lot of information into a database. Usually, database servers provide the database.

Web servers ask the account management with a database.

You use the text box when you input your ID and password, but webservers give IDs and passwords with the special statement for the database. One of those statements is provided by SQL(Structured Query Language). The example of the SQL statement of the above image is here:

SELECT id,pass FROM login_user WHERE id=’rubberking’ AND pass=’japanteams’;

2. SQL injection

SQL injection is a code injection technique, which is used to execute malicious SQL statements. What can hackers do with SQL injection?

  • Extract sensitive information
  • Misuse authentication accounts
  • Delete data and drop tables and so on
SQL injection is still a big threat for companies.

How to attack

I explain how to do SQL injection. For example, how to make unauthorized login available.

I explained how to log in to the web application. You input values(an ID and a password). If your ID is ‘rubberking’ and your password is ‘japanteams’, the SQL statement is like this:

SELECT id,pass FROM login_user WHERE id=’rubberking’ AND pass=’japanteams’;

If you set ‘ OR 1=1– as a value instead of rubberking, the SQL statement is:” OR 1=1–‘

SELECT id,pass FROM login_user WHERE id=” OR 1=1–‘ AND pass=’$password’;

You can log in to the web application without IDs and passwords. Why? In this example code, a single quote() escapes the string as a prepared single quote (‘) is replaced as a double quote (). And, 1=1 in SQL is always true. What’s more, SQL databases will ignore the text after the ‘‘ string as this denotes a comment. So, this code means “Return true(=make the user login)”.

That’s the how-to log in to the web application without accounts.

3. Mitigation

An SQL injection is a well-known attack and, you can easily prevent those attacks by simple measures. But it’s still a big threat. If you have opportunities to manage databases, you can take the following measures against SQL injection.

  • Object Relational Mappers
  • Web Application Firewalls(WAF)
  • Detection
  • Parameterized statements
  • Escaping
  • Pattern check
  • Database permissions

Information source: SQL injection – Wikipedia

Related articles: IT Learning | Security | Malware | Japan Teams

fin



Follow me!

  • X

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です

CAPTCHA