Hacker's Docs
  • Main
  • Web Security
    • Security Headers
      • Content Security Policy
      • Same Origin Policy
    • Web Vulnerabilities
      • Cross Site Scripting
        • Stored XSS
      • Cross Site Request Forgery
        • CSRF Best Practices
        • CSRF Example Usages
      • Server Side Request Forgery
      • SQL Injection
  • Secure Coding Practices
    • Learning Resources
  • Cheatsheets
    • Security Tools
      • Nmap
      • Tcpdump
    • Cloud Tools
      • Argo
      • Docker
      • Kubernetes
    • Coding
      • Bash
      • Go
      • Python
      • C++
  • AI Security
    • Learning Resources
  • Coding Practices
    • Leetcode
    • API
    • Log Parsing
  • Penetration Testing
Powered by GitBook
On this page

Was this helpful?

  1. Web Security
  2. Web Vulnerabilities

SQL Injection

SQL Injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries an application makes to its database. It typically involves injecting malicious SQL code into a query, which can manipulate the database to execute unintended commands.

How an Attacker Can Exploit SQL Injection:

  1. Injection via Input Fields: Attackers insert malicious SQL code into input fields (e.g., login forms, search boxes) that are concatenated into SQL queries.

  2. URL Manipulation: Attackers modify query parameters in the URL to include SQL code.

  3. Cookies: Malicious SQL code can be inserted into cookies that are used in SQL queries.

  4. HTTP Headers: SQL code can be injected through HTTP headers such as User-Agent.

Potential Damage:

  1. Data Theft: Unauthorized access to sensitive data (e.g., user credentials, personal information).

  2. Data Manipulation: Modification or deletion of data.

  3. Authentication Bypass: Gaining unauthorized access by bypassing login mechanisms.

  4. Database Corruption: Destroying or corrupting database data.

  5. Escalation of Privileges: Gaining administrative access to the database server.

  6. Remote Code Execution: In some cases, executing commands on the server hosting the database.

Brief Use Cases:

  1. Extracting User Data: Accessing usernames and passwords stored in the database.

  2. Dumping Database: Retrieving the entire contents of a database.

  3. Administrative Operations: Performing administrative operations like adding or deleting users.

  4. Compromising Systems: Escalating privileges to control the database server and potentially the underlying operating system.

Protection Measures and Implementation:

  1. Parameterized Queries (Prepared Statements):

    • Description: Ensures that SQL code is defined separately from the data.

    • Implementation:

      # Example in Python using SQLite
import sqlite3

conn = sqlite3.connect('example.db')
cursor = conn.cursor()
cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username, password))

    • Requirements: Database and application support for parameterized queries.

  2. Stored Procedures:

    • Description: Encapsulates SQL queries within the database, reducing direct SQL manipulation.

    • Implementation:

      -- Example in SQL Server
CREATE PROCEDURE AuthenticateUser
@username NVARCHAR(50),
@password NVARCHAR(50)
AS
BEGIN
    SELECT * FROM users WHERE username = @username AND password = @password
END

    • Requirements: Database support for stored procedures.

  3. Input Validation:

    • Description: Validates and sanitizes user input to ensure it adheres to expected formats.

    • Implementation:

      # Example in Python
import re

def validate_input(user_input):
    if re.match("^[a-zA-Z0-9_]+$", user_input):
        return True
    else:
        return False

    • Requirements: Implementation of robust input validation functions.

  4. Escaping Inputs:

    • Description: Escapes special characters in user inputs to neutralize any SQL code.

    • Implementation:

      // Example in PHP
$username = mysqli_real_escape_string($conn, $_POST['username']);
$password = mysqli_real_escape_string($conn, $_POST['password']);

    • Requirements: Functions or libraries for escaping inputs.

  5. Web Application Firewalls (WAF):

    • Description: Inspects and filters traffic to block malicious SQL injection attempts.

    • Implementation: Configure a WAF like ModSecurity with rules to detect and prevent SQLi.

    • Requirements: Deployment and configuration of a WAF.

  6. Least Privilege Principle:

    • Description: Restrict database user permissions to the minimum necessary for the application to function.

    • Implementation:

      -- Example in MySQL
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE ON database.* TO 'appuser'@'localhost';

    • Requirements: Proper database user role configuration.

By implementing these protective measures, you can significantly reduce the risk of SQL Injection attacks on your web applications.

PreviousServer Side Request ForgeryNextSecure Coding Practices

Last updated 9 months ago

Was this helpful?