SQL Injection (SQLI) is a type of an injection attack that makes it possible to execute malicious sql statement. These statement controls a database server behind a web application. Attacker can use sql injection vulnerable to bypass application security measures. They can go around authentication and authorization of web page or web application retrieve the content of the entire database they can also use SQL injection to add, modify and delete record in the database.
An SQL Injection vulnerability may effected website or web application that uses an SQL database such as MYSQL, oracle,SQL servers or other, criminals may use it to gain unauthorized access to your sensitive data, customer information, personal data, trade secrets, intellectual property and more.
Types of SQL Injection:
Out of bound
Inbound SQL injection: In bound SQL injection is the most common and easy to exploit of SQL injection attacks. Inbound SQL injection occurred when an attacker is able to use same communication channel to both launch the attack and gather results
In inbound we have two types of SQL injection types
- Error based SQLI
- Union based SQLI
Error based SQLI: Error based SQLI is an in-band SQLI injection technique that relies on error messages thrown by the database server to obtain information about the structure of the database.
In some cases, error-based sql injection alone is enough for an attacker to enumerate an entire database. While errors are very useful during the development phase of a web application they should be disable on a live site or logged to a file with restricted access instead.
Union based SQLI: Union based SQLI is an in-band SQL Injection technique that leverages the union SQL operator to combine the results of two or more select statements into a single result which is then returned as part of the http response.
Blind SQL Injection: Blind SQL injection is used to when there is no output and no form the web application that means we can’t inject the union based injection in which we use to get the output nor we can inject or sub query injection which use to get the output in from of error. While doing a blind injection we make queries from the database and ask if we are right or wrong.
Time based blind injection: It is the same as like blind injection. Time based injection is little change so as in blind injection we were getting to know that questions we asked the database return true or false.
But this time we will know that by the delay in loading the page.
Out of band, SQLI is not very common, mostly because it depends on features being enabled on the database server being used by the web application. Out-of-band SQL Injection occurs when an attacker is unable to use the same channel to launch the attack and gather results.
SQLMAP: SQL MAP is an automation tool for SQL Injection.
Step 1 : Enumerating Database
Sqlmap –u testphp.vulnweb.com/artists.php?artist=1 –dbs
Sqlmap –u testphp.vulnweb.com/artists.php?artist=1 –D acuart –tables
sqlmap -u testphp.vulnweb.com/artists.php?artist=1 -D acuart –T users(tablename) –columns
sqlmap -u testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C users(column) dump
sqlmap -u testphp.vulnweb.com/artists.php?artist=1 -D acuart -T users -C pass dump
SQLl Attack Preventions:
The only sure way to prevent SQL injection attacks is input validation and parameterized queries including prepared statements.
The application code should never use the input directly.
The developer must sanitize all inputs not only web form inputs such as login forms.
They must remove malicious code element such as single quotes (‘)
It is also good idea to turn off the visibility of database errors on your product site.