SQL INJECTION

Subject: cyber Security

Presented by: Syed Qamar Abbas
What is SQL?

• SQL stands for Structured Query Language

• Allows us to access a database
• ANSI and ISO standard computer language
- The most current standard is SQL99
• SQL can:
- insert new records in a database
- execute queries against a database
- delete records from a database
- retrieve data from a database
- update records in a database
SQL is a standard - but

• There are many different versions of the SQLlanguage.

• They support the same major keywords in a similar
manner (such as SELECT, UPDATE, DELETE, INSERT,
WHERE, and others).
• Most of the SQL database programs also have their own
proprietary extensions in addition to the SOL standard!
WHAT IS SQL INJECTION?

• SQL injection is a type of security vulnerability that occurs

when an attacker can insert or "inject" malicious SQL code
into a query.
• This usually happens when a web application or service
fails to properly validate or sanitize user input. As a result,
the injected SQL code can manipulate the database in
unintended ways.
• For example:
SELECT * FROM users WHERE username = 'user_input' AND
password = 'password_input';
DAIGRAM:
cont

SQL injection can be used to perform a range of malicious

actions, including:
• Bypassing authentication: Logging in as any user
without valid credentials.
• Retrieving data: Extracting sensitive information from the
database.
• Modifying data: Updating or deleting records.
• Executing administrative operations: Running
administrative commands on the database server.
How common is it? its vulnerable
application.

• Legacy Systems and Poor Practices: Many older systems

and applications were built before modern security practices
became standard. These systems might not use parameterized
queries or other defenses against SQL injection.
• Inadequate Input Validation: Some applications still fail to
properly validate and sanitize user input. This is often due to a
lack of awareness, oversight, or resources allocated for security.
• Human Error: Developers might inadvertently introduce SQL
injection vulnerabilities through mistakes or oversights,
especially if they’re not fully familiar with best practices for
secure coding.
EXAMPLE

• SQL injection has been used in numerous high-profile attacks.

For example, the 2009 SQL injection attack on the website of
the company T.J. Maxx led to the breach of over 45 million credit
card numbers.
• SQL injection consistently appears in the OWASP Top Ten list of
the most critical web application security risks, which is updated
regularly to reflect current threats.
• Security industry reports and vulnerability databases like CVE
(Common Vulnerabilities and Exposures) frequently list SQL
injection vulnerabilities. These reports indicate that it remains a
prevalent and exploited issue.
Detection and Mitigation

• Automated Scanners: Tools like OWASP ZAP, Burp Suite, or

SQLmap can help detect SQL injection vulnerabilities.
• Manual Testing: Security professionals often perform manual
penetration testing to uncover such vulnerabilities.
• Parameterized Queries: Ensure that all SQL queries are
parameterized to separate data from the SQL code.
• Regular Security Audits: Conduct regular security reviews and
penetration tests to identify and address potential vulnerabilities.
• Employ ORM Libraries: When using ORMs, make sure they are
properly configured and used to avoid manual SQL queries where
injection can occur.
Character or Patterns

Single quote (“ ' ”):

• Used to terminate a string literal
• SELECT * FROM users WHERE username = '' OR '1'='1';
• Can be used to bypass authentication or manipulate queries.
Double Quote(“ " ”):
• Also used for string literals, similar to single quotes, depending on SQL
dialect.
SEMI COLON(“ ; ”):
• Used to terminate one SQL statement and begin another.
• SELECT * FROM users; DROP TABLE users;
• Can allow the execution of additional commands.
Cont.

DASH DASH (“ –- “):

• Used for comments in SQL.
• Everything after –- is treated as a comment, which can be
used to ignore the rest of the query.
• SELECT * FROM users WHERE username = '' OR '1'='1' --' AND
password = '';
• This can bypass parts of the query.
Cont.

Union(‘union’):
• Combines results from multiple queries into one result set.
• SELECT username, password FROM users UNION SELECT
credit_card_number, expiration_date FROM credit_cards;
• Can be used to extract data from other tables.
Boolean Conditions(‘ 1=1,0=1’):
• Used to manipulate query logic
• SELECT * FROM users WHERE username = '' OR '1'='1';
Example.

• Bypassing Login Authentication:

SELECT * FROM users WHERE username = '' OR '1'='1' AND
password = '';
• Extracting Data:
SELECT username, password FROM users UNION SELECT
credit_card_number, expiration_date FROM credit_cards;
• Deleting Data:
SELECT * FROM users; DROP TABLE users;
SQL injection:

• SQL injection remains a prevalent and serious security

vulnerability due to its potential for exploitation and the
common occurrence of inadequate security practices
• Despite advances in security awareness and technology,
SQL injection can still be a significant risk for many
applications, especially those with legacy code, insufficient
input validation, or improper use of database queries.
PROCESS: