Saturday, 30 April 2016

SQL Injection

SQL Injection

Hello Friends, Today we are going to study SQL injection. What they are ? How they Work ? Who can Use them ?


What is SQL Injection ?

SQL injection attacks have been around for more than a decade and they remain popular with hackers.

SQL injection is an exploit used by hackers to steal data from Organizations. It is used to target web application Which generates Content based on user input.

Most Website have a database on the backend which Contains User data, Personal details of Customers, Credit card information, etc. A language called Structured Query Language (SQL) is used to enter and retrieve the data from the database as well as to manipulate it. This language is universal. Almost all database Support SQL, Including Oracle, MS SQL Server, My SQL.

Web application query the backend database to display custom content on the web page. The website presents a form to be filled in by users before serving them appropriate content. The web application assumes that users will provide simple text inputs to the form. Instead, hacker enter SQL queries in the form as input. If user input is not properly validated or sanitized, the SQL query gets executed. Hacker may get the whole database to dump itself on the web page, using a well crafted SQL query.

dynamic script language like PHP, .NET, ASP are susceptible to SQL injection attacks. The tools required by the hacker are very simple - some knowledge of SQL queries , a web browser and a little smarts for guessing table name and field names. there are also tools available online which automates most of the process for hacker.

This is one of the most popular attacks due to its sheer simplicity. Through SQL injection vulnerability has been known for a number of years, many website still remain susceptible.

Firewalls offers almost no protection against SQL injection. That is because all http data is passed on the wen application which in turn has "full access" to the backend database , so that it can present relevant data to the user. Nowadays , we have web application firewalls which provide some degree of protection. However , it is best to safeguard against this attacks by validating and sanitizing all user inputs before passing it to the database.

Effects of SQL Injection ?

An SQL Injection attacks can have a huge impact on the organization.

The hacker gets complete control of the server and all the data on that server. Also , Since this is an internal Server, an attacked server may be used to cpmpromise all the elements on the network. If the intension of the hacker is to steal confidential data , Them he goes about this attacks with great stealth. As we often see in the news orgnization seem to know nothing about the attacks , till all the credit card information of their customers is stolen and gone ! The attacks on target (Holiday season , 2014) is a classic example of this. This wasnahuge loss of face for target , and caused customer to stay away even after repeated assurance that not a data was lost.

Types Of SQL Injection Attacks

SQL injection attacks can be classified based on the injection mechanism.

1.Injection through User Input

This is the simplet form of an SQL injection attacks.SQL queries are sent as users inputs in forms submitted to web application.OIf no user input is done by the web application , the query is executed and the attacks gets underway.

2.Injection Through Cookies

web application store stae information on clients in the form of cookies. since these are stored on the user's system . malicious hacker can tamper with cokie and put SQL queries inside the cookie. When the hacker accesses the website again , the web application inadvertenly uses the tamperes cokkie to construct SQL queries which may have disastrous consequences. 

3.Injection Through Server Variables

Http headres , IP geadres , enviroment variable are all server variables and may be stored in databases for logging and determining usage statistics. It is quite easy for hacker to midify http headers and insert SQL queries in them. If these headers are stored without any sanitization or validation , then the attacks is triggered when the command is issued to log them to the database.

All the above are comsidered first order attacks which means that the attack is executed immediately on initial contact with the database.

4.Second Order SQL Injection Attacks

This is also knows as the stored SQL injection attacks. This attacks is not executed when the malicious inputs in initially entered in the database. It is triggered when the web application later tries to use that stored input by retrieving it with a legitimate query

The second order SQL injection attacks is inherently more complex than first order attacks as the sttacker has to guess how the input will be used later by the application. Web application usually trust data retrived from database and use it as"as is " with out validation> This is when the attack kicks in.

The best safeguard against SQL injection attacks is to validate all the input-whether from user or the database.

No comments:

Post a Comment