SQLi

Presented by Yacoub EREBIH

1
 INTRODUCTION
Imagine walking into a bank, whispering a magic
phrase, and suddenly, the vault door opens. That’s
SQL Injection – a hacker’s magic key to bypass
security and access confidential data. Let's dive
into how it works and how to stop it!

2
 PREREQUISITES
Basic SQL knowledge (tables, queries)

How web applications interact with databases

3
 WHAT IS SQL INJECTION?
Example of a Vulnerable Query:
SELECT * FROM users WHERE username = '" + userInput + "' AND password
= '" + userPass + "';"
SQL Injection (SQLi) is a web security vulnerability that
allows attackers to interfere with an application's 🔓 Attacker Input:
database queries. ' OR '1'='1
It occurs when user input is improperly validated, allowing
attackers to manipulate SQL queries. 🛑 Resulting Query After Injection:
SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '';

✅ This always evaluates to TRUE, allowing unauthorized access!

Fira Code
Courier New OS

4
How is SQLi
used
1️⃣ Identify Vulnerable Input Fields
2️⃣ Inject Malicious SQL Commands
3️⃣ Extract or Manipulate Data
4️⃣ Exploit Database Weaknesses
5️⃣ Compromise the Entire System

5
 LOGIN BYPASS SQL
INJECTION
🔹 Example Input:
Username: admin
Password: ' OR '1'='1

🔹 Resulting Query:
SELECT * FROM users WHERE username = 'admin' AND
password = ' ' OR '1'='1';

Fira Code
6
DATA EXTRACTION USING
UNION SELECT
🔹 Example Input:
' UNION SELECT username, password FROM users; --

🔹 Resulting Query:
SELECT name, email FROM customers WHERE id = 1 UNION
SELECT username, password FROM users;

7
BLIND SQLI WITH SLEEP()
DELAY
🔹 Example Input:
' OR IF(1=1, SLEEP(5), 0) --

🔹 Resulting Query:
SELECT * FROM users WHERE username = ' ' OR IF(1=1,
SLEEP(5), 0);

Fira Code
8
HOW TO PREVENT SQL INJECTION
Prepared Statements & Parameterized Queries
Input Validation & Escaping
Web Application Firewalls (WAFs)
Least Privilege Principle (limit database access)
Regular Security Audits & Penetration Testing

9
 EXERCISES
Santa has a database of bad and A company database stores Challenge: A pizza shop gives one
good children. The following query employee roles. The following free pizza per user and checks its
checks if a child is on the "bad" list: query finds your job title: database like this:

SELECT * FROM children WHERE SELECT role FROM employees WHERE SELECT * FROM orders WHERE user =
behavior = 'Good'; name = 'your_name'; 'user_input' AND free_pizza = 0;

🛑 Question: What input could a 🛑 Question: What input could you 🛑 Question: What input could an
bad child use to change their use to instantly promote yourself attacker use to get unlimited free
status and get presents anyway? to CEO? pizzas?

10
 CONCLUSION
1. SQL Injection (SQLi) is one of the most dangerous cybersecurity threats.
Allows attackers to bypass authentication, extract data, or modify databases.
Real-world attacks have caused massive data breaches and financial damage.
2. SQL Injection is ranked among the OWASP Top 10 vulnerabilities.
In OWASP Top 10 (2021), it falls under "A03: Injection", highlighting its critical risk in web
applications.
Attackers still widely exploit it due to poor input validation and outdated security practices.
3. SQL Injection is still a major threat, but with proper security measures, we can mitigate the
risk and protect sensitive data.

11
THANK
YOU
12