Sanjay Singh Bhandari

CS22M111

Cyber Security ASSIGNMENT 3

1. Demonstrate four different SQL injection attacks on the same

instance

Created A demo Student table with Demo Data

1. Classic SQL Injection (Error-Based)

In this type of attack, malicious SQL code is inserted into a query, and the application throws a
database error if the structure of the SQL query is disrupted. By analyzing the error messages
received, attackers can glean valuable information about the database structure, such as table
names, column names, and more, to execute further attacks.

Example I am trying to find the database structure what could be the table name.
Hypothesis : 1. table name is student?
2. It has studentId?
-- Error-Based

SELECT * FROM student WHERE studentId = '1' OR '1'='1';

Result : Failed

Hypothesis : : 1. table name is students?

2. It has studentId?

-- Error-Based

SELECT * FROM students WHERE studentId = '1' OR '1'='1';

Result : In above it shows the table name students is correct but the “studentId” is not in Students
schema we need to do more testing.

2. Blind SQL Injection (Boolean-Based)

Attackers determine whether the hypothesis they make is true based on whether the application
behaves normally or not.
 Outputs Nothing

Here instead of rollno, and we can use userid, password

3. Time-Based SQL Injection

The attacker determines if the hypothesis is true based on how long it takes the application to
respond.

If the condition is true, the attacker observes a delay in the response for 10 seconds.

How It Works

Sending Payloads: The attacker sends a SQL query that includes a statement causing the
database to wait for a specified amount of time before responding.

Observing Response Time: The attacker observes how long it takes for the application to
respond.
Infer Information: If the application’s response is delayed as per the injected time delay, the
attacker can infer that their condition in the SQL statement is true.

4. Second-Order SQL Injection

Second-order SQL Injection involves two steps. In the first step, the attacker inserts malicious
data into the database. In the second step, this malicious data is used in a subsequent query,
which leads to SQL injection.

In another table of students with username and password we can try this
Prevention
Use Prepared Statements: Employ parameterized queries to safely pass parameters to SQL
queries.

Implement ORM: Object-Relational Mapping like Hibernate can reduce the risk as it doesn’t
require writing raw SQL queries.

Conduct Regular Security Audits: Regularly test and scan your applications for SQL injection
vulnerabilities.