SQL Injection
Dawid Czagan
SECURITY INSTRUCTOR
@dawidczagan
Overview
Understanding SQL Injection
↓
Bypass Password Verification
↓
Unauthorized Access to User’s Account
SELECT * FROM users WHERE email = '[email protected]' and password = 'xyz'
SQL Syntax is Correct / No Access to User’s Account
Understanding SQL Injection
User’s controlled data changes the underlying SQL query
SELECT * FROM users WHERE email = '
[email protected]'' and password = 'xyz'
SQL Syntax Error / No Access to User’s Account
Understanding SQL Injection
User’s controlled data changes the underlying SQL query
SELECT * FROM users WHERE email = '
[email protected]' -- ' and password = 'xyz'
↓
SELECT * FROM users WHERE email = '
[email protected]'
Password Verification Bypassed / Unauthorized Access to User’s Account
Understanding SQL Injection
User’s controlled data changes the underlying SQL query
Demo
SQL Injection
Sanitization (Parameterized Query)
dbQuery("SELECT * FROM users WHERE email = ? and password = ?");
dbBindParameters("ss", $email, $password);
dbStatementExecute();
Fixing the Problem
SQL Injection
Summary SQL Injection
↓
Bypass Password Verification
Sanitization
(Parameterized Query)