DEPARTMENT OF COMPUTER ENGINEERING

EXPERIMENT NO - 10
ROLL NO:-
DATE:-

Aim: To study and implement SQL Injection in cryptography.

Theory:
SQL injection is a type of security vulnerability that occurs when untrusted data is inserted into a
SQL query without proper validation or sanitization. This can allow attackers to manipulate the
structure of the SQL query, potentially leading to unauthorized access to the database or other
malicious activities. Let's delve into more detail:
How SQL Injection Works:
SQL injection attacks typically target web applications that interact with databases. Attackers exploit
vulnerabilities in these applications by injecting malicious SQL code into input fields, such as login
forms, search boxes, or URL parameters. When the application processes this input without proper
validation, the injected SQL code gets executed by the database server.
For example, consider a simple login form that executes the following SQL query to validate user
credentials:
SELECT * FROM users WHERE username = '<input_username>' AND password =
'<input_password>';

f an attacker enters ' OR 1=1 -- into the username field and leaves the password field blank, the
resulting query would become:

SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = '';

In this injected query:

 OR 1=1 always evaluates to true, bypassing the password check.
 -- comments out the rest of the query, preventing any syntax errors.
Advantages of SQL Injection for Attackers:
1. Data Extraction: Attackers can retrieve sensitive information from the database, such as
usernames, passwords, credit card numbers, or personal details.
2. Data Manipulation: They can modify, delete, or insert records into the database, altering its
contents according to their malicious intent.
1
 DEPARTMENT OF COMPUTER ENGINEERING

3. Authentication Bypass: SQL injection can be used to bypass authentication mechanisms,

allowing unauthorized access to restricted areas of the application.
4. Database Control: In severe cases, attackers might gain control over the entire database
server, enabling them to execute arbitrary commands and compromise the system.
Disadvantages of SQL Injection for Application Owners:
1. Data Breach: SQL injection can lead to the exposure of sensitive data, resulting in financial
losses, regulatory fines, and damage to reputation.
2. Data Loss or Corruption: Attackers might manipulate or delete critical data from the
database, causing operational disruptions and business downtime.
3. Legal Consequences: Organizations may face legal consequences for failing to protect user
data adequately, especially in regulated industries like healthcare or finance.
4. Reputation Damage: A successful SQL injection attack can erode customer trust and
confidence in the application's security, leading to loss of business and brand damage.
Mitigating SQL Injection:
1. Parameterized Queries: Use parameterized queries or prepared statements with bound
parameters to ensure that user input is treated as data rather than executable code.
2. Input Validation: Validate and sanitize user input to ensure that it conforms to expected
formats and does not contain malicious characters.
3. Least Privilege: Apply the principle of least privilege by restricting database access
permissions to only those necessary for each user or application component.
4. Web Application Firewalls (WAFs): Deploy WAFs to monitor and filter incoming HTTP
traffic, detecting and blocking SQL injection attempts in real-time.
5. Regular Auditing and Patching: Conduct regular security audits and apply patches promptly
to address any known vulnerabilities in the application or underlying frameworks.
By implementing these measures, organizations can significantly reduce the risk of SQL injection
attacks and safeguard their databases and sensitive information.

Implementation:
This is a little demonstration of a SQL injection in a simple login application. In our example, a
database as been provisionned with an admin user. Their credentials are:
username: admin
password: admin123
In theory it should only be possible to login in the application using this credential, but if the
application is not safely programmed, it is possible to penetrate in the system as an admin user without
knowing the admin password.

2
 DEPARTMENT OF COMPUTER ENGINEERING

Once you have played a bit with the login application and tried to used valid and invalid credential,
use the following values
username: admin
password: unknown' or '1'='1

app.js:

// {
var express = require('express');
var bodyParser = require('body-parser');
var sqlite3 = require('sqlite3').verbose();

var app = express();

app.use(express.static('.'));
app.use(bodyParser.urlencoded({extended: true}));

var db = new sqlite3.Database(':memory:');

db.serialize(function() {
db.run("CREATE TABLE user (username TEXT, password TEXT, name TEXT)");
db.run("INSERT INTO user VALUES ('admin', 'admin123', 'App Administrator')");
});
// }
app.post('/login', function (req, res) {
var username = req.body.username; // a valid username is admin
var password = req.body.password; // a valid password is admin123
var query = "SELECT name FROM user where username = '" + username + "' and password = '"
+ password + "'";

console.log("username: " + username);

console.log("password: " + password);
console.log('query: ' + query);

db.get(query , function(err, row) {

if(err) {
console.log('ERROR', err);
res.redirect("/index.html#error");
} else if (!row) {
res.redirect("/index.html#unauthorized");
} else {
res.send('Hello <b>' + row.name + '</b><br /><a href="/index.html">Go back to login</a>');
}
});

});
app.listen(3000);
3
 DEPARTMENT OF COMPUTER ENGINEERING

index.html:

<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>
<form action="/login" method="post">
<div class="container">
<label><b>Username</b></label>
<input type="text" placeholder="Enter Username" name="username" required>

<label><b>Password</b></label>
<input type="password" placeholder="Enter Password" name="password" required>

<button type="submit">Login</button>
</div>

<script>
if(document.location.hash === '#unauthorized') {
document.write('<div class="unauthorized">Invalid Username or Password</div>');
} else if(document.location.hash === '#error') {
document.write('<div class="error">An error has occured</div>');
}
</script>
</form>

</body>
</html>

style.css:

form {
border: 3px solid #f1f1f1;
}

input[type=text], input[type=password] {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
display: inline-block;
border: 1px solid #ccc;
box-sizing: border-box;
4
 DEPARTMENT OF COMPUTER ENGINEERING

button {
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
cursor: pointer;
width: 100%;
}

button:hover {
opacity: 0.8;
}

.cancelbtn {
width: auto;
padding: 10px 18px;
background-color: #f44336;
}

.imgcontainer {
text-align: center;
margin: 24px 0 12px 0;
}

img.avatar {
width: 40%;
border-radius: 50%;
}

.container {
padding: 16px;
}

span.psw {
float: right;
padding-top: 16px;
}

.unauthorized {
background-color: orange;
}

.error {
5
 DEPARTMENT OF COMPUTER ENGINEERING

background-color: red;
}

/* Change styles for span and cancel button on extra small screens */
@media screen and (max-width: 300px) {
span.psw {
display: block;
float: none;
}
.cancelbtn {
width: 100%;
}
}

Output:

Correct username and password:

6
 DEPARTMENT OF COMPUTER ENGINEERING

Incorrect username and password:

Conclusion: We have studied and implemented a SQL Injection in cryptography.