SQL INJECTION

SQL Injection is the top vulnerability still found in many websites. It is a type of an injection attack
where the attacker will inject the SQL commands in the input session of a web application and try to
fetch details from the database.

DESCRIPTION

SQL Injection can be carried out by an attacker from the client side, the attacker
modifies the request sent from the application, simply injects SQL codes in the URL of the
website which will fetch details from the database, depends on the SQL query an attacker
gives.

There are some types of SQL attacks.

 In-band SQLi
o Error-based SQLi
o Union-based SQLi
 Inferential SQLi
o Boolean Based Blind SQLi
o Time based blind SQLi

IN-BAND SQLi

In-band SQL injection is a type of attack where a attacker will launch the attack and
get results in a same communication channel typically injecting the SQL codes in the URL and getting
results at the instance.

Error-based SQLi

It is an in-band SQLi where the attacker will gain information from the error
messages which was given by the database when an attacker sends SQL queries to the database by
modifying URL. The error message is enough for an attacker to enumerate about the database which
they are trying to fetch details from.
Union-based SQLi

It is also an in-band SQLi where the attacker uses union operator to combine more
select statements and send the query which will fetch data from the database.

INFERENTIAL BASED SQLi

It is also called as blind SQLi because the attacker cannot be able to see the results
like error-bases or union-bases SQLi. Attacker must observe the response of the web application and
behavior of the database by sending some payloads.

Boolean-based blind SQLi

It is also called as content based SQLi, where an attacker will inject a SQL query
which forces the application to return a different result by observing the result if it is true or false. It
allows the attacker to enumerate more about the structure of that database.

Time-based blind SQLi

Here the attacker will inject a SQL payload which forces the database to wait for a
specified time before responding by observing the result that it responded slowly or instantly the
attacker enumerate more about the database.

MITIGATION

Parameterized queries can be used for any situation where untrusted input appears
as data within the query, including the WHERE clause and values in
an INSERT or UPDATE statement. They cannot be used to handle untrusted input in other
parts of the query, such as table or column names, or the ORDER BY clause. Application
functionality that places untrusted data into those parts of the query will need to take a
different approach, such as white listing permitted input values, or using different logic to
deliver the required behaviour.

Database permissions Limiting the permissions on the database login used by the
web application to only what is needed may help reduce the effectiveness of any SQL
injection attacks that exploit any bugs in the web application.

For example, on Microsoft SQL server, a database logon could be restricted from
selecting on some of the system tables which would limit exploits that try to insert JavaScript
into all the text columns in the database.