MySQL

SQL Injection

Please support our MySQL advertiser: PostgreSQL or MySQL? Compare and contrast the two most popular open source databases

•

Join Date: Jul 2008

Posts: 147

Reputation: anuj576 is an unknown quantity at this point

Solved Threads: 10

anuj576

Offline

Junior Poster

SQL Injection

Sep 21st, 2008

Hey Guys,
I've heard that SQL Injection is one of the most common tool that the hackers use to hack a web application. Can anyone please give me a brief overview of what SQL Injection is or any webpages that I can refer to.
Thanks

•

Join Date: Nov 2007

Posts: 596

Reputation: buddylee17 has a spectacular aura about

Solved Threads: 125

buddylee17 buddylee17 is offline

Offline

Posting Pro

Re: SQL Injection

Sep 21st, 2008

SQL injection is an attack on the database. Basically, injectors take an educated guess about your query design and try to manipulate it. Let's take a look at the following login:

Help with Code Tags

php Syntax (Toggle Plain Text)

$query = "SELECT * FROM customers WHERE username = '$name' and password = '$password'";

$name and $password come from a form using input type='text'. Thus, anything can be typed into these fields. So, the injector types in ' OR 1' for each field. Let's substitute the variables and actually take a look at what gets sent to MySQL:

Help with Code Tags

php Syntax (Toggle Plain Text)

$query = "SELECT * FROM customers WHERE username = '' OR 1'' and password = '' OR 1''";

Adding ' OR 1' to the variable will a.) keep the query from failing due to parse errors and b.)make the query default to true, giving the user access to anything in the db that he/she is capable of getting to.

Lost time is never found again.
- Benjamin Franklin

•

Join Date: Jul 2008

Posts: 147

Reputation: anuj576 is an unknown quantity at this point

Solved Threads: 10

anuj576

Offline

Junior Poster

Re: SQL Injection

Sep 21st, 2008

Does the injector type in the URL or hacks into the coding????
Please give some resources on the net.
Thanx

•

Join Date: Dec 2004

Posts: 4,191

Reputation: peter_budo has much to be proud of

Solved Threads: 485

peter_budo peter_budo is offline

Offline

Code tags enforcer

Re: SQL Injection

-1

Sep 21st, 2008

This is done through URL as intruder firstly examine URL string that is send to server and if he sees any possibility of vulnerability he will try to modify this string and submit

Learn to see in another's calamity the ills which you should avoid.
Publilius Syrus
(~100 BC)
LJC - London Java Community, Graduate & Undergraduate Software Development Community, JAVAWUG (Java Web User Group), The London Android Group

•

Join Date: Jul 2008

Posts: 147

Reputation: anuj576 is an unknown quantity at this point

Solved Threads: 10

anuj576

Offline

Junior Poster

Re: SQL Injection

Sep 21st, 2008

Is there any method by which SQL Injection can be stopped or any software available???

•

Join Date: Dec 2004

Posts: 4,191

Reputation: peter_budo has much to be proud of

Solved Threads: 485

peter_budo peter_budo is offline

Offline

Code tags enforcer

Re: SQL Injection

-1

Sep 21st, 2008

Depends on the technology used. I think that Java and its PrepareStatements is something that you can not beat, with PHP you need to do lot of checking and set up many rules to prevent injections. I expect that Microsoft web pages build with C# or VB are reasonably secure dunno about plain ASP, I never worked with it.