5.2 SQL Injection (SQLi)
Last updated
Last updated
SQL Injection (SQLi) is an attack method that exploits the injection of SQL commands into a web application's SQL queries. A successful SQLi attack allows a malicious hacker to access and manipulate the backend database of a web application.
Web applications, ranging from complex systems to Content Management Systems (CMSs) and simple personal web pages, often utilize databases like MySQL, SQL Server, Oracle, PostgreSQL, and others to store data, user credentials, or statistics. Structured Query Language (SQL) is employed by entities such as system operators, programmers, applications, and web applications to interact with databases.
SQL, a powerful interpreted language, is used to extract and manipulate data from databases. Web applications embed SQL commands, known as queries, in their server-side code, with connectors serving as middleware between the web application and the database.
Before delving into attack techniques, understanding some SQL basics is essential. This includes knowledge of SQL statement syntax, query execution, union operations, the DISTINCT and ALL operators, and how comments function.
Here below the three common types of SQL:
SQL allows the selection of constant values, such as:
Understanding the UNION command is crucial, as it performs a union between two results:
The DISTINCT operator eliminates duplicate rows, and a UNION statement implies DISTINCT by default. To allow duplicates, the ALL operator can be used:
Comments in SQL can be denoted by either '#' or '-- '.
Example: The following queries showcase SQL operations on a database with two tables, "Products" and "Accounts."
In web applications, SQL queries are executed through the following steps:
Connect to the database.
Submit the query.
Retrieve and use the results in the application logic.
An example PHP code snippet demonstrates the process:
