SQL INJECTION

WHAT IS SQL INJECTION

SQL Injection is a security vulnerability that occurs when an

attacker manipulates an application's SQL queries by injecting
malicious SQL code through input fields or parameters. This
can allow the attacker to view, modify, or delete data in the
database.
BASIC PICTURE: SQL INJECTION

Web Server
rm
a l i c i ous fo
post m
1

2
unintended
3 receive query response SQL query
Attacker

Victim SQL DB
WHAT LEADS TO SQL INJECTION

• Lack of Input Validation

• Dynamic SQL Queries
• Insufficient Escaping of special characters
• Insecure Database Configuration
SAMPLE OF A VULNERABLE PHP CODE

$username = $_POST['username’];
$password = $_POST['password’];
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $query);
SQL PAYLOADS

Sqli payloads are specific pieces of SQL code designed by attackers to exploit SQL
injection vulnerabilities in an application. These payloads are injected into user input
fields or parameters, ex :
Authentication Bypass:
Input: admin' --
SELECT * FROM users WHERE username = 'admin' -- ' AND password =
Resulting Query: 'password';
Explanation: The -- marks the start of a comment in SQL, making the rest of the query
irrelevant and potentially allowing an attacker to bypass password checks.
PRACTICAL EXAMPLE
HOW TO PROTECT AGAINST SQLI

• Input Validation and Sanitization:

Always validate and sanitize user inputs to ensure they conform to expected
formats and reject any suspicious inputs.
$username = filter_input(INPUT_POST, 'username',
FILTER_SANITIZE_STRING);
LEAST PRIVILEGE PRINCIPLE:

Ensure the application operates with the least amount of database privileges
necessary, avoiding the use of admin-level database accounts for routine
operations
DETAILED ERROR HANDLING:

Avoid revealing detailed error messages to users, as they can provide clues to
attackers. Log errors server-side and provide generic error messages to users.
THANKYOU

• Ahmad ayoub sawaeer 20200345