Do you really believe your data is safe?
Here is an example of a severe security breach that will make you think otherwise:
“April 15th 2016, 11.5 million documents were leaked that had details about financial and attorney–client information for more than 214,488 offshore entities. The Panama Paper leak named 12 current or former world leaders; 128 other public officials and politicians; and hundreds of celebrities, businessmen, and other wealthy individuals of over 200 countries.”
This is simply a small example out of thousands of security compromised situations. Still believe your credit and debit card details are safe? What about your personal details like your passport number?
SQL Injection is seen to be once again listed as the top OWASP (Open Web Application Security Project) vulnerability.
SQL Injection
SQL injection is an attack technique used by hackers to steal data from organizations by targeting web-based applications.
How Exactly Is It Implemented?
Hackers take advantage of improper coding styles or insufficient database privileges assigned to users who access this database.
SQL injection arises because user input fields – if not checked correctly at the application – allow SQL statements to pass through and directly alter or retrieve information from the database.
This allows attackers to tamper with or even delete existing data, spoof identity, change administrative rights and in some cases void transactions and change balances.
In short, someone could steal your identity, all your money in a day and you could pretty much become nonexistent in the world!
Different Types of SQL Injections
Blind SQL Injection
A Blind SQL injection attack doesn’t reveal data directly from the database being targeted. The attacker makes different SQL queries that ask the database TRUE or FALSE questions. Then they analyze differences in responses between TRUE and FALSE statements.
Blind SQL Injections are often used to build the database schema and get all the data in the database. This is done using brute force techniques and requires many requests but may be automated by attackers using SQL Injection tools.
Union-Based SQL Injection
It is the most popular type of SQL injection. This type of attack uses the UNION statement to obtain data from the database. The UNION keyword lets you execute one or more additional SELECT queries and append the results to the original query.
In order to implement this attack, some amount of information such as number of columns of the table, data types etc. have to be known beforehand.
Error-Based SQL Injection
An error-based SQL injection is the simplest type. In this attack, we cause an application to show an error to extract the database. Normally, you ask a question to the database, and it responds with an error including the data you asked for.
Let’s look at a very simple SQL Injection technique.
Consider logging in to a site.
The query for doing so would look like this:
SELECT * FROM User WHERE username = uname AND password = pass
Where ‘uname’ is the variable that stores the input you type in the username field, and ‘pass’ is the variable that stores the password you type in the password field. The query looks pretty good and will definitely work, but the truth is that it’s ridiculously insecure.
Consider in the username and password field you type in the following:
| Username | JakePeralta |
| Password | ‘’ OR 1=1 |
So now, the query ends up looking like this:
SELECT * FROM User WHERE username = ‘JakePeralta’ AND
password = ‘’ OR 1=1
The statement 1=1 is always TRUE. Since there is a ‘OR’ statement, it doesn’t matter if the username or password given is wrong and logging in with wrong credentials ends up as a success.
Conclusion
Not to worry though, sites nowadays are highly resistive to such an attack and have taken major precautions to prevent a variety of different SQL Injection attacks.
Prevention measures include form validation, restricting access and simply writing better code. SQL Injections are seen to be one of the most classic attacks used by attackers to gain sensitive information.
Though nowadays all websites are built keeping in mind a variety of threats, highly complex SQL injections can still pose a danger to the security of any website.
– An article by Meghna Kashyap, 3rd Year Information Technology