SQL Injection

 What is SQL Injection?

o SQL injection is a web security vulnerability and It is a code
injection technique. It can be used in data driven web application and using
this techniques attacker steal you data or destroy our data. In this technique
attacker give SQL query (malicious code) as a input in your input field so you
web application gives out corresponding that input and in real world your
web application not work for that input but its work and attacker can also do
whatever they can do.
 Types of SQL Database
o MySQL
o Oracle
o IBM DB2
o MS SQL Server
o Microsoft Azure
o MariaDB
o PostgreSQL
 Types of NoSQL Database
o MongoDB
o Apache’s CouchDB
o HBase
o Oracle NoSQL
o Riak
o Apache’s Cassandra DB
 Types of SQL Injection
o In-band SQLi
 Error-based SQLi
 Union-based SQLi
o Inferential SQLi (Blind SQL)
 Boolean-based Blind SQLi
 Time-based Blind SQLi
o Out-of-band SQLi
 In-band SQLi
o The attacker uses the same channel of communication to launch their attacks
and to gather their results.
o There are two sub-types of this method:
 Error-based SQLi
 the attacker performs actions that cause the database to
produce error messages. The attacker can use the data
provided by these error messages to gather information about
the structure of the database.
  Union-based SQLi
 this technique takes advantage of the UNION SQL operator,
which fuses multiple select statements generated by the
database to get a single HTTP response. This response may
contain data that can be leveraged by the attacker.
 Inferential SQLi (Blind SQL)
o The attacker sends data payloads to the server and observes the response
and behaviour of the server to learn more about its structure. This method is
called blind SQLi because the data is not transferred from the website
database to the attacker, thus the attacker cannot see information about the
attack in-band.
o There are two sub-types of this method:
 Boolean-based Blind SQLi
 that attacker sends a SQL query to the database prompting the
application to return a result. The result will vary depending
on whether the query is true or false.
 Time-based Blind SQLi
 attacker sends a SQL query to the database, which makes the
database wait before it can react. The attacker can see from
the time the database takes to respond, whether a query is
true or false.
 Out-of-band SQLi
o The attacker can only carry out this form of attack when certain features are
enabled on the database server used by the web application. This form of
attack is primarily used as an alternative to the in-band and inferential SQLi
techniques.
o Out-of-band SQLi is performed when the attacker can’t use the same channel
to launch the attack and gather information, or when a server is too slow or
unstable for these actions to be performed. These techniques count on the
capacity of the server to create DNS or HTTP requests to transfer data to an
attacker.
 SQL Injection Vulnerability Scanner Tool
o SQLMap
o jSQL Injection
o BBSQLMap
o NoSQLMap
o Whitewindow
o DSSS
o Blind-SQL-Bitshifting
o Leviathan
o Blisqy