LightBlog

Tuesday, 4 December 2018

Ethical Hacking Tutorials - What is SQL Injection Attack

Ethical-Hacking-Tutorials-SQL-Injection-Attack


Ethical Hacking Tutorials - What is SQL Injection Attack?


SQL Injection Attack is a technique where a malicious user can inject SQL commands into an SQL statement, via web page input. Injected SQL commands can alter SQL statements and compromise the security of web applications. SQL is used to display data on a web page.

The primary database used in e-commerce today is the Microsoft SQL Server and Oracle. The Microsoft SQL Server is a great example of a database that grew too quickly, with little thought to security.

Two of the most ubiquitous database on the market today 

  • Microsoft's SQL Server
  • Oracle's Oracle 9i
Web and Database servers are the Heart and Brains of the Internet organism. Every beat comes from a Web Server and every memory storage and recalls action goes to and comes from a database. Thus both components are crucial to a robust Internet application and that's precisely why they are favorite playgrounds for Hackers.

To secure your assets, you must understand the underlying technologies that handcuff your Web Application and, in some cases predetermine their susceptibility to hacking.

Instead, Passwords use one of this String

'or 1=1 --
"or 1=1 --
'or 'a'-'a
"or "a"="a
') or ('a'='a

The simplest SQL Injection Attack Technique is bypassing form-based Logins 

Let's say that

SQLQuery = "SELECT Username FROM USers WHERE Username='"&

strUsername & AND Password="' & strPassword & "'

str AuthCheck=""Then

boolAuthenticated=False

Else

boolAuthenticated=True

End if

When a user submits a user name and password. The query will go through the Users table to see if there is a row where the username and password in the row match those supplied by the user.

If such a row is found, the username is stored in the variable strAuthCheck, which indicates that the user should be authenticated. If there is no row that the user-supplied data matches, strAuthCheck will be empty and the user will not be authenticated.
It strUsername and strPassword can contain any characters that you want, you can modify the actual SQL query structure so that name will be returned by the query even if you do not know a valid username or a password. How does this work?

Let's say a user fills out the login form like this

Login: 'OR"='
Password: 'OR"='

This will give SQL Query the following value:

SELECT Username FROM Users WHERE Username="OR"=" AND Password="OR"="

Instead of comparing the user-supplied data with that present in the Users table, the query compares " (nothing) to " (nothing), which of course, will always return true. (Please note that nothing is different from null.) Since all of the qualifying conditions in the WHERE clause are now met, the username from the first row in the table that is searched will be selected. This username will subsequently be passed to strAuthCheck,

Related:

Tags: sql injection,sql,sql injection attack,injection,sql injection tutorial,sql injection basics,sql injection attack step by step,blind sql injection,what is sql injection,sql injection tutorial for beginners,sql (programming language),sql injection hack tool,sql injection tool,sql injection kali,sql injection practical,sql injection demo,sql injections,sql attack,sql injection explained,what is a sql injection

No comments:

Post a Comment