What is an SQL Injection (SQLI)

 

What is SQL Injection (SQLI) Attack?

SQL Injection (SQLI) is a tool used by hackers to gain control of a web server by inserting malicious SQL codes into the database. SQLI attacks are becoming common as they are easy to execute and require very little technical knowledge. SQLI is a server web application problem most developers do not know about.

Types of SQL Injections:

Hackers use different methods to insert malicious SQL codes which include data retrieval in the form of errors, conditions and time. Let’s take a closer look at the forms of SQL Injections:

  • SQL Injection Based on Error
  • SQL Injection Based on Boolean Errors
  • SQL Injection via Time Based Query

1. SQL Injection Based on Error:

Hackers can easily fetch details such as table names and content from visible database errors in this method and this can be easily identified by hackers on the servers in production. The best method here is to avoid displaying error messages from the database which in turn prevents hackers from retrieving that information.

2. SQL Injection Based on Boolean Errors:

In a few instances, when a SQL Query fails, the error message will not be displayed on a page which makes it difficult for hackers to access the vulnerable application. But the hackers are still finding a way to find information. Whenever a SQL query fails some parts of the webpage appear to disappear or the entire webpage fails to load.

sql-injection

The hacker inserts a false condition into the SQL query on confirmation of these notifications to test the application’s vulnerability level and the proximity of data extraction.

Example:
https://xyz.com/index.php?id=1+AND+1=1

Once this question is applied if the website usually loads then it provides an indication that it is vulnerable to a SQL injection. The hacker would put a wrong question to test this suspicion:

https://xyz.com/index.php?id=1+AND+1=2

If this condition is incorrect and if the webpage does not function as normal, it indicates that the webpage is vulnerable to an attack by SQL Injection.

3. SQL Injection through Time Based Query

The Vulnerable SQL queries will in many cases be visually presented on a web page but would still be easy to figure out. Hackers here are instructing the database to wait a certain amount of time before responding. If this is denied by the site and loads without any delay it means they are not vulnerable. The SQL query implemented here would be identical to Boolean Attack, but inside the query would have a sleep feature. For instance if the sleep time is 5 seconds then the database is instructed to sleep for 5 seconds.

Example:
https://xya.com/index.php?id=1+AND+IF(version()+LIKE+’8%’,sleep(5),false)

Preventing SQL Server Methods:

The entry of incorrect SQL queries can be avoided

Locating these SQL queries in a manual aspect would be costly as there are chances that they will be missing out. To have a protection program on the website is therefore a positive move.

Implementation of a web security program helps verify this question by providing a detailed test on any application. And if a weak query is identified it ensures that the web page is properly loaded by covering the database queries.

  • Replacing special characters like( “”, “%”, “\”, “_” ”#”)
  • Stored methods used in the database
  • Application of prepayment clauses in question