SQLi

last edited Wed, 24 Jul 2024 05:21:40 GMT
backlinks: null


A threat actor can manipulate queries that a web application makes to its database. SQL injections can enable DDoS attacks or a furhter compromise of the server's backend.

Detection direct link to this section

Use systemic tests against every entry point in the application:

While most injections occur in the WHERE clause of a SELECT query, it can occur at any location within the query. In UPDATE statements, within the updated values or the WHERE clause. In INSERT statements, within the inserted values. In SELECT statements, within the table or column name. In SELECT statements, within the ORDER BY clause.

Examples direct link to this section

Retrieving hidden data direct link to this section

The given URL https://insecure-website.com/products?category=Gifts displays the following:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1

using a comment indicator -- can erase portions of the original SQL query:

https://insecure-website.com/products?category=Gifts'--

Alternatively:

https://insecure-website.com/products?category=Gifts'+OR+1=1--

Subverting application logic direct link to this section

SQL query example for password authentication

SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'

SQL UNION attacks direct link to this section

Blind SQL injection direct link to this section