What is SQL Injection (SQLi)?
SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data they are not normally able to retrieve.
How Does it Work? (The Logic)
Imagine a login form where you enter your username. The database query looks like this:
SELECT * FROM users WHERE username = 'YOUR_NAME' AND password = 'YOUR_PASSWORD'
If the website is vulnerable, an attacker can enter ' OR 1=1 -- in the username field. The query becomes:
SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = '...'
Since 1=1 is always true, the database grants access without a valid password!
Types of SQL Injection
In-band SQLi (Classic): The attacker uses the same communication channel to launch the attack and gather results.
Error-based: Forcing the database to produce an error message.
Union-based: Using the
UNIONSQL operator to combine results.
Inferential SQLi (Blind): The attacker sends data to the server and observes the response (True/False or Time Delay).
Out-of-band SQLi: The attacker gets data through a different channel (like DNS or HTTP requests).
Hands-on Lab: Solving Your First PortSwigger SQLi Lab
To master SQLi, I recommend starting with PortSwigger’s SQL injection vulnerability in WHERE clause allowing retrieval of hidden data lab.
Step-by-Step Solution:
Access the Lab: Open the lab and go to a product category (e.g., 'Gifts').
Intercept the Request: Use Burp Suite to intercept the request or just look at the URL:
https://your-lab-id.web-security-academy.net/filter?category=GiftsTest for Vulnerability: Add a single quote
'after the category name. If the page shows an error or changes, it might be vulnerable.Exploit: Change the URL to:
.../filter?category=Gifts' OR 1=1 --Result: You will see all items from all categories, including hidden ones!
How to Prevent SQL Injection?
If you are a developer, here is how you can stop these attacks:
Use Prepared Statements (with Parameterized Queries): This is the most effective defense.
Input Validation: Never trust user input.
Principle of Least Privilege: Ensure the database user has limited permissions.
Conclusion
SQL Injection is a fundamental skill for every Penetration Tester. Mastering this will help you understand how databases interact with web applications.
Final Note
Always practice XSS only in authorized environments such as security labs and training platforms.
Comments
Post a Comment