In this article, we will learn about DBMS Injection.
- The SQL
injectionis the most commonly used web hacking technique
- SQL injection is a technique used to exploit user’s data through web page inputs by injecting SQL commands as statements where these statements can be used to manipulate the application web servers by the malicious users
- Simply SQL injection is nothing but introducing malicious code in SQL statements via web page input to destroy your database.
Exploitation of SQL Injection in Web Applications
- Web servers are allowed to communicate with database servers at any time for storing and retrieving user’s data into the database
- In this process, attackers design SQL statements so that they can be executed when the web server is retrieving content from the application server by compromising the security of the web application.
Example of SQL injection
- An application that stores student records where any student can access and view his and her own records by entering his unique and private ID
- Student enters the following in the input field 13332345 or 1=1.
- As 1=1 holds true for all the records. Hence all the student details are accessed irrespective of ID details by the attacker which can be deleted or modified in the same way
Consider the following SQL query.
SELECT * from USER where
USERNAME = “” and PASSWORD=””
Malicious user can simply make use of = and or operator
Select * from User where
(Username = “” or 1=1) AND
(Password=”” or 1=1).
As backend code has been changed and even if the password is right or wrong no matter because 1=1 always returns true and all the records of the students are compromised. As a result the query when executed can easily modify and access the private and secure information which is not intended to be shown to users.
Impact of the SQL injection
- Hacker can retrieve all users’ data present in the database like mobile number, credit card information which is highly confidential and can gain access to admin portals
- Almost all online shopping applications, definitely use backend database servers and if they are exploited through SQL injection entire server is compromised.
Preventing SQL injection
- Strong user authentication: User input should be validated by predefining length and type of the input and then authenticating the user
- Restricting access privileges: Limiting the amount of information a user can view and restricting the user not to be granted permission to access everything in the database
- Using views: By using views, Virtual Table is displayed to the users and becomes difficult to manipulate the original database table and by making most of the views as read-only
- Secure Coding: Secure coding is applied so that a strong level of authentication is done each time the code has been updated.
Simple implementation example
- The login page is bypassed whereas injection can provide an attacker with unauthorized access to sensitive data like customer data trade secrets and intellectual property
- There is also an SQL Injection Automation tool sqlmap which is used to perform all type of SQL injection.
$stmt = $dbConnection->prepare('SELECT count(*) FROM users WHERE username = ? AND password = ?');
$result = $stmt->get_result();