Scribd
Upload
4 views6 pages

SQL Injection

SQL injection is a code injection technique that can compromise databases by allowing unauthorized access to data. The report outlines basic SQL commands and provides a demonstration of how to test for SQL injection vulnerabilities. Preventive measures include using web application firewalls and avoiding detailed error messages to enhance security against such attacks.

Uploaded by

swatiarora8720
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views6 pages

SQL Injection

SQL injection is a code injection technique that can compromise databases by allowing unauthorized access to data. The report outlines basic SQL commands and provides a demonstration of how to test for SQL injection vulnerabilities. Preventive measures include using web application firewalls and avoiding detailed error messages to enhance security against such attacks.

Uploaded by

swatiarora8720
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

REPORT ON SQL INJECTION

Sql injection is a code injection that might destroy your database. This
can allow an attacker to view data that they are not normally able to
retrieve.
DATABASE SOFTWARES: mysql/mssql/oracle/postgreg/mariadb etc.
LANGUAGE: SQL(Structure Query Language)-it will pass the commands
to get information from database.
BASICS OF SQL COMMANDS-
 SELECT :- This command is used to verify the data /to fetch the
data from database(example: login)
 INSERT INTO:- It is used to add new data in to existing
database(example-signup)
 DELETE:- It is used to delete a particular data from database
 DROP:- It is used to delete the entire database /table
 UPDATE/ALTER:- This one is used to modify in existing data
( example: changing password
 INFORMATION – SCHEMA :- Public database (basic structure of
database)

DEMO ON SQL INJECTION


1) You need to check whether website is connected
to database or not
2)Will check the vulnerability is existed or not (insert
a ‘ after numerical number)
No error /page is same – secured
REPORT ON SQL INJECTION

Error/page is changed/some changes done in


webpage -vulnerability
3)Will check how many public columns are
available(order by 1,2,3 etc.)
No error- column is present
Error-column is not present(last column we need
to find)
11 columns are in public
4) We need to find how many columns are having
loop holes/vulnerability
Union select 1,2,3,4,5,6,7,8,9,10,11,12
5) We need to find database name
6)We need to find the table names from database
(group-concat (table_name)from
information_schema.tables where
table_schema=acuart
Artists,carts,categ,featured,guestbook,pictures,pro
ducts,users
Target – users
7)We need to find columns from users tables(replace
table with column)Target-uname,pass,address
REPORT ON SQL INJECTION

8)We need information from database about


selected columns(replace column name with
username,password,address,email)
REPORT ON SQL INJECTION
REPORT ON SQL INJECTION

PREVENTIVE STEPS TO AVOID SQL INJECTIONS


REPORT ON SQL INJECTION

1) Should use web application firewalls to avoid sql injections. It blocks


sql injection attempts.
2) Avoid displaying detailed database error messages to users. Use
generic messages and log detailed errors securely for debugging.

You might also like