SQL
SQL
9-5-2025
Introduction
SQL Injection (SQLi) is one of the most dangerous and widespread vulnerabilities found in database-
driven applications. It allows attackers to manipulate SQL queries by injecting malicious code, often
through user inputs, to gain unauthorized access, manipulate, or destroy data stored in relational
databases.
SQL Injection is categorized under OWASP Top 10 vulnerabilities, reflecting its criticality in modern
web application security.
Understanding SQL Injection is essential for database administrators, backend developers, and
security analysts. It not only helps prevent data breaches but also ensures data integrity,
confidentiality, and availability within enterprise systems.
SQL Injection typically exploits vulnerabilities in input fields where user input is directly concatenated
into SQL queries without proper sanitization or validation.
If an attacker enters:
• username: admin' --
• password: (anything)
SELECT * FROM users WHERE username = 'admin' --' AND password = '';
The -- starts a comment in SQL, effectively removing the password check. The attacker is logged in
without knowing the password.
Types of SQL Injection Attacks
Direct insertion of malicious code into user input to change the logic of SQL statements.
Occurs when the application does not show errors, but attackers observe the behavior of the system
to infer information (True/False logic).
Uses delays (like SLEEP(5)) to test if queries are executing in the background.
d) Union-Based SQLi
Used to retrieve data from other tables by using the UNION SQL operator.
e) Error-Based SQLi
The attacker intentionally triggers database errors to extract information from the error messages.
Real-World Consequences
• Data theft: Sensitive user data (usernames, passwords, credit cards) can be leaked.
• Legal consequences: Non-compliance with data privacy laws like GDPR, HIPAA, etc.
• Sony Pictures (2011): Over 1 million user records stolen using SQLi.
• Heartland Payment Systems: SQLi contributed to the breach of over 100 million credit cards.
• Yahoo (2012): SQL Injection used to steal 450,000 email addresses and passwords.
Prevention Techniques & Conclusion
Stored Procedures
Encapsulate SQL logic within database functions to isolate user input from query structure.
Input Validation
Reject or sanitize suspicious characters (', --, ;, etc.) before using inputs in queries.
Database users should have the minimum privileges necessary to reduce the impact of a successful
injection.
WAFs can detect and block common SQL injection patterns before they reach the backend.
Conclusion
SQL Injection remains a significant threat in the cybersecurity world. Despite being an old
vulnerability, it continues to be exploited due to poor coding practices and lack of awareness. By
following secure coding techniques, validating inputs, and understanding the mechanics of SQLi,
developers and database professionals can build secure, resilient applications.