In this blog, we'll explain what SQL injection is, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarise how to prevent SQL injection.
What Is An SQL Injection?
SQL injection is a security vulnerability that exists in a computer program that runs on a SQL server. It allows an attacker to run commands to manipulate data in a database server in a way that the database server is unable to understand.
For example, an attacker can write a malicious command to execute malicious code or edit databases with malicious intent, instead of modifying data that an application user would normally see.
SQL injection can be triggered by tricking a database server into executing unauthorised commands, such as by maliciously directing the server to execute the SQL statement DISTINCT or by tricking the database server to execute a seemingly innocuous command such as INSERT INTO tables -- only for the database server to accept the command and continue executing.
How To Find And Exploit SQL Injection
1. Find Your First SQL Injection Finding and exploiting SQL injection vulnerabilities are typically the most time-consuming and complex part of exploit development. Fortunately, there's a very easy and straightforward way of finding the first SQL injection vulnerability. To start, write a crawler that can crawl all your website's URLs, like www.complex.com/login.php. Then start typing all the URLs into Google. After the crawling is done, we can identify one or two websites that contains all the vulnerabilities you've identified, e.g. two per page. These are the first SQL injection vulnerabilities in your crawler. Using this methodology, we will be able to find a couple of vulnerabilities. To start, let's focus on finding a single vulnerability on a website, like www.complex.com/login.
How To Prevent SQL Injection
Now let's get into the nitty-gritty of preventing SQL injection vulnerabilities. The key issue here is not how to prevent an SQL injection, it is how to defend against them. One of the ways is to mitigate the number of web application stacks and libraries that are vulnerable to SQL injection. Let's take a look at some of the major issues and how to solve them. Blocking Injection Through Scripting Language The first and easiest way to block SQL injection is by stopping script injection. Scripting language is what allows you to write your own SQL queries or send a SQL request to your database server. This allows you to execute any code on the server (although only within a certain context, i.e., within the script language).