SQL Injection

What is it ?

SQL Injection is a security vulnerability that occurs when a user is able to insert or "inject" a malicious payload into a SQL query, which modifies its intended behavior. This exploit allows the attacker to interfere with the queries that an application makes to its database.

What are the impacts ?

There are multiple impacts caused by SQL injections:

  • Data Breach: Attackers can view sensitive information stored in the database, such as usernames, passwords, financial data, or other confidential records.

  • Data Manipulation: Attackers can modify, delete, or insert data into the database, potentially causing data corruption or loss.

  • Authentication Bypass: In some cases, attackers can bypass authentication mechanisms by crafting payloads that trick the application into granting unauthorized access.

  • System Compromise: Advanced SQL injection attacks might allow attackers to execute commands on the host server, potentially leading to full system compromise.

How does it work ?

The illustration below shows the mechanics to go from web request on the client side to sql query on the server side.

  1. Client Side: The user sends input through a web form, URL parameter, or HTTP request.

  2. Server Side: The application processes the input and constructs an SQL query.

  3. Database Interaction: The query is executed on the database, and the results are returned to the application.

In the context of an SQL injection attack, malicious input is crafted to alter the query logic at step 2, allowing unauthorized actions during step 3.

Pentesterlab

SQL injections are caused by:

  • Improper Input Validation: Failing to validate and sanitize user inputs allows malicious data to be included in SQL queries.

  • Dynamic SQL Queries: Directly concatenating user inputs into SQL queries without proper safeguards opens the door to injection vulnerabilities.

  • Lack of Parameterized Queries: When applications do not use parameterized queries or prepared statements, they become susceptible to injection attacks.

  • Insufficient Access Controls: Weak database permissions and overly broad access rights can amplify the impact of an SQL injection attack.

  • Poor Error Handling: Detailed error messages exposed to users may inadvertently reveal information about the database structure, aiding the attacker in crafting malicious queries.

Tricks to succeed an SQL injection

  • Use Burpsuite if possible

  • Single comment: --, #

  • Block commen: /**/

  • Single quote: '

  • Double quotes: ""

  • Backtricks: ` or Alt Gr+7

  • evasion:

    • Replace space by tabulation (%09)

    • Replace key word by there equivalent so as to avoid using spaces or tabulation.

      Operator
      Description

      &

      Bitwise AND

      |

      Bitwise OR

      ^

      Bitwise exclusive OR

References

Cover

sql-injection-payload-list

Cover

Portwigger: SQL injection

Cover

Tryhackme: SQL injection

Cover

Autres

PreviousXXE injectionNextNoSQL injection

Last updated