What is SQL Injection Attack With Example

What is SQL Injection Attack With Example ? Impact | Mitigation

Cyber Attacks Cyber Security
Spread the love

What is SQL Injection With Example?

Attacking database and can modify, delete data

  • By commands attack takes place
  • Malicious SQL  statements are inserted into the entry field

Should not be executed by external IP

Impact:

  • By SQL injection attack in Cyber Security, hackers can get unauthorized access to sensitive data
    user passwords, personal user information, credit card details.
  • Usually this type of attack remains unnoticed for long periods.

SQL Injection Examples:

UNION : You can get data from different database tables
Hidden data: You can modify SQL query to get additional results

It is code based vulnerability.

Types of SQL Injections

  1. In Band (Error and Union Based)
  2. Blind (Boolean and time based)
  3. Out of Bound

1. In Band: In this attackers take help of same communication channel to carry their attacks

Now In Band you have types

Error Based: In this attackers performs some actions cause which can make
database to get error messages.

By this error messages details like server versions, databases information can be known.

Union Based: It is used to know combining results of two or more select statements generated by database

2.Blind : Here data transfer not happens by web application.

Boolean Based: Attacker send SQL query to the database, ask application to return results
based on conditions like true or false.

Time based : Same here attacker send sql query to database, here database wait for some amount of time, before shared the result. This will attacker whether query is True or else false.

3. Out- of Bound : It make be result of misconfiguration error done by database administrator.

How SQL works on website?

Generally website consists of 3 Main components.

Frontend: HTML, CSS, JavaScript
Backend: Scripting languages, Python, PERL, PHP
Serer side: Database Mysql, ORacle, MS SQL

Query is written send get request from website.
You get response back from the website in the from of HTML code.

Attacker can use SQL queries to
Modify
Update
Add
Delete records in a database

How to prevent SQL Injection attack?

Mitigation:

  • Input validation
  • Sanitize all inputs (Example remove quotes, special characters)
  • Use IPS
  • Turn off visibility of database errors on production servers

Leave a Reply

Your email address will not be published. Required fields are marked *