What is SQL-Injection

0 | 38461 Aufrufe
Sie können diese Wikiseite nach der Anmeldung auf Webmasterpro bearbeiten. Helfen Sie mit und verbessern Sie "What is SQL-Injection" mit Ihrem Wissen!

Anzeige Hier werben

Short description:

SQL Injection is the exploitation of a SQL database vulnerability caused by the lack of masking or validation of metacharacters in user input. if you any assistance to SQL Injection then write my assignment

Consequences:

The attacker is ready to deal with a successful attack, to spy on data, modify it or delete it altogether, and gain control of the server.

Functionality:

SQL injections are possible when data search as user input enters the SQL interpreter. For those who have special functions for the SQL interpreter and thus allow external influence on the executed database commands. Search metacharacters in SQL are for example \ „ ' and;

Often search gaps are found in CGI scripts and in programs that enter data as web page content or emails into SQL databases. If a program does not perform the masking, an attacker can manipulate the queries in an additional way. In some cases, you also have the option to gain access to a shell, which usually means compromising the entire server.

Example:

If user input is not masked or only insufficiently masked, the end user of the application can manipulate the queries to the database:

 
sql
1
Statement = "SELECT * FROM users WHERE name = '" + userName + "'"

This query is designed to retrieve the records of the specified username. However, userName in a certain way, the SQL statement can do much more damage. For userNameexample,' or '1'='1 ' or '1'='1';--using the variable or blocking the remainder of the query with comments results in the following SQL statement

 
sql
1
SELECT * FROM users WHERE name = '' OR '1' = '1'; - Rest of the query

If this code is used for authentication, this example would pick a valid username from the database, because it '1' = '1'is always true.

Of course, this works with passwords. Let's take a username, for example, Admin, and let the password, again with the string,' or '1'='1 be output from the database:

 
sql
1
SELECT * FROM users WHERE name = 'admin' AND user_pwd = '' OR '1' = '1';

So we log in as an admin, have all the rights and can do what we want.

The following input would read the table usersand all the data in the table,userinfo if an API is used, which allows several statements.

 
sql
1
a '; DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't

This input would generate this SQL statement:

 
sql
1
SELECT * FROM users WHERE name = 'a'; DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't';

Most SQL Server implementations support multiple statements on a call, and a few, search as PHP's mysql_query(), suppress this for security reasons.

Countermeasures:

An important countermeasure is to filter out or mask meta characters into user input (escaping). This can mitigate or even eliminate the threat of SQL injections.

The safest way, however, is to keep the data away from the SQL interpreter. Bound parameters are used in prepared statements. Here, the data is passed as a parameter to an already compiled command. SQL injection.

The example in PHP:

Instead of the following call for MySQL

 
PHP
1
<? 

the query should be used like this:

 
PHP
1
<? 

Conclusion:

In any case, SQL injections should not be underestimated; missing or masking means that data can be read out, manipulated or deleted. In the worst case, the attacker even gains control of the server. The countermeasures are not difficult to implement. Many frameworks already escape automatically, so the web developer does not have to worry about it.

back to overview Web security


Wikiseite bearbeiten

Diese Seite kann von jedem registrierten Benutzer bearbeitet werden. Bisher haben 3 Personen an der Seite "What is SQL-Injection" mitgewirkt.

Sie haben einen Fehler entdeckt oder möchten etwas ergänzen? Dann können Sie nach der Anmeldung "What is SQL-Injection" hier bearbeiten.

Mitarbeiter