SQL Injection attacks

One of the most prominent loopholes, which almost every site has, is an SQL security loophole. Sites that use the SQL database system are the ones vulnerable to it.
An SQL Injection Attack is a form of attack that comes from user input that remains unchecked on the user end. The objective is to fool the database system into running malicious code that will reveal sensitive information or otherwise compromise the server.
There are two main types of attacks. First-order attacks are when the attacker receives the desired result immediately, either by direct response from the application he is interacting with or by some other response mechanism, such as e-mail. Second-order attacks are when the attacker injects some data that will reside in the database, but the payload is not immediately activated.

To be very precise, it gives you the source of the files where all the important data is stored.
Here is an example-

1) Open the following site: http://www.sanjeevkapoor.com/ : I have already informed the administrator about the loopholes through a letter also, but no action has been taken.
2) Click on sign in and type the username as: admin OR 1=1—and password as: ‘OR”=’
Now you see how powerful this Injection Attack is. For me to explain how this happened, you need to know some amount of SQL. So this is what actually happens when you supply a password and login to a logon form.
SQLQuery=”SELECT Username FROM Users WHERE Username=’” & StrUsername & “ ‘ AND Password=’ “ & Strpassword & “ ‘ “
StrAuthcheck= GetqueryResult(SQL query)
If strAuthenticated=” “ then
Boolauthenticated=False
Else
Boolauthenticated= True
The logon and password actually form an SQL query, which goes through the user’s table, and tries to find a match for the username and password you supplied. If a match is found then a string is stored in a variable (strauthcheck) but if this string remains empty then you are not authorized. So by using the SQL queries like 1=1—(which means one is equal to one) you are able to fool the SQL sever which is actually checking for authentication.

Article by : – Ankit Srivastava
                       Head, Network Security – Exunclan

Leave a Reply

Your email address will not be published. Required fields are marked *