What is SQL Injection?

-


Greetings, it's like forever since the last time I share a post. a lot of things happened, now I'm working at a cybersecurity company in Malaysia as a Security Consultant. straight to the point, today I want to share about SQL Injection.

note: all the knowledge shared is for educational purposes only. 

What is a SQL injection?

SQL injection is one of the common vulnerabilities found during application penetration testing. This vulnerability happened because the developer of the application did not apply secure coding during development. 

This vulnerability mainly allows the attacker to manipulate the SQL query that the application uses to call data from the database with their own SQL query. 

There are three common types of SQL Injection.

Error Based

The reason for the name "Error Base" is because when the original SQL query is used to query data from the database interrupted ( ' ) it will throw an SQL error.

For example:

Injected  SQL query: SELECT A From B where ID='123''






Boolean Based

This type of SQL injection did not throw an error like error base injection. This may be because the developer implements a sort of error handling. However, we able to find this type of SQL injection using boolean true and false conditions. We can find the response from the server will be different when we sent true and false conditions. 

SQL query: SELECT A From B where ID='123'' OR '1' ='1  
SQL query: SELECT A From B where ID='123'' OR'1'='2    

SQL query: SELECT A From B where ID='123'' AND '1'='1 
SQL query: SELECT A From B where ID='123'' AND '1'='2 

Example:

                                                              

                                                              


Time-Based

This type of SQL injection will not show any error nor any difference in the response. We can find this type of SQL injection with a time delay response from the server. 

SQL query: SELECT A From B where ID='123'" or sleep(5)#
SQL query: SELECT A From B where ID='123'' or sleep(5)#
SQL query: SELECT A From B where ID='123';waitfor delay '0:0:5'--
SQL query: SELECT A From B where ID='123'' or benchmark(10000000,MD5(1))#

Example:
 

 





 


Comments

Post a Comment

Popular posts from this blog

FREE !! Certified Ethical Hacker (CEH)

-
Image
Certified Ethical Hacker (CEH) is a qualification obtained in assessing the security of computer systems, using penetration testing techniques. The code for the CEH exam is 312-50, the certification is in Version 8 as of late 2013. Penetration tests are usually employed by an organization who trusts them to attempt to penetrate networks and/or computer systems for the purpose of finding and fixing computer security vulnerabilities. Unauthorized hacking (i.e., gaining access to computer systems without prior authorization from the owner) is a crime in most countries, but penetration testing done by request of the owner of the victim system(s) or network(s) is not. The EC-Council offers another certification, known as Certified Network Defense Architect (CNDA). This certification is designed for United States Government agencies and is available only to members of selected agencies. Other than the name, the content of the course is exactly the same. The exam code for
Read more