-Dharani JM(2303717610421075)

9-5-2025

SQL Injection - DBMS Assignment

Introduction

SQL Injection (SQLi) is one of the most dangerous and widespread vulnerabilities found in database-
driven applications. It allows attackers to manipulate SQL queries by injecting malicious code, often
through user inputs, to gain unauthorized access, manipulate, or destroy data stored in relational
databases.

SQL Injection is categorized under OWASP Top 10 vulnerabilities, reflecting its criticality in modern
web application security.

Importance of Understanding SQL Injection

Understanding SQL Injection is essential for database administrators, backend developers, and
security analysts. It not only helps prevent data breaches but also ensures data integrity,
confidentiality, and availability within enterprise systems.

How SQL Injection Works

Working Mechanism of SQL Injection

SQL Injection typically exploits vulnerabilities in input fields where user input is directly concatenated
into SQL queries without proper sanitization or validation.

Example of a vulnerable SQL query:

SELECT * FROM users WHERE username = '$username' AND password = '$password';

If an attacker enters:

• username: admin' --

• password: (anything)

The resulting query becomes:

SELECT * FROM users WHERE username = 'admin' --' AND password = '';

The -- starts a comment in SQL, effectively removing the password check. The attacker is logged in
without knowing the password.
Types of SQL Injection Attacks

Types of SQL Injection

a) Classic SQL Injection

Direct insertion of malicious code into user input to change the logic of SQL statements.

b) Blind SQL Injection

Occurs when the application does not show errors, but attackers observe the behavior of the system
to infer information (True/False logic).

c) Time-Based Blind SQLi

Uses delays (like SLEEP(5)) to test if queries are executing in the background.

d) Union-Based SQLi

Used to retrieve data from other tables by using the UNION SQL operator.

e) Error-Based SQLi

The attacker intentionally triggers database errors to extract information from the error messages.

Real-World Impacts and Case Studies

Real-World Consequences

• Data theft: Sensitive user data (usernames, passwords, credit cards) can be leaked.

• Data manipulation: Attackers can modify or delete records.

• Authentication bypass: Attackers can log in as administrators.

• Loss of trust: Affects reputation of organizations.

• Legal consequences: Non-compliance with data privacy laws like GDPR, HIPAA, etc.

Famous SQLi Attacks

• Sony Pictures (2011): Over 1 million user records stolen using SQLi.

• Heartland Payment Systems: SQLi contributed to the breach of over 100 million credit cards.

• Yahoo (2012): SQL Injection used to steal 450,000 email addresses and passwords.
Prevention Techniques & Conclusion

How to Prevent SQL Injection

Use Prepared Statements (Parameterized Queries)

Avoid string concatenation and use safe methods to pass data:

cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username,

password))

Stored Procedures

Encapsulate SQL logic within database functions to isolate user input from query structure.

Input Validation

Reject or sanitize suspicious characters (', --, ;, etc.) before using inputs in queries.

Escaping User Input

Use database-specific functions to escape special characters.

Least Privilege Access

Database users should have the minimum privileges necessary to reduce the impact of a successful
injection.

Web Application Firewalls (WAFs)

WAFs can detect and block common SQL injection patterns before they reach the backend.

Conclusion

SQL Injection remains a significant threat in the cybersecurity world. Despite being an old
vulnerability, it continues to be exploited due to poor coding practices and lack of awareness. By
following secure coding techniques, validating inputs, and understanding the mechanics of SQLi,
developers and database professionals can build secure, resilient applications.