Databases and Injection Attacks
When data is stored in an organized manner for later use it is called a Database (loosely speaking).
Schools have a database of student details like their marks, attendance, pending fee, address etc.
They can search for a student’s details with his/her name or roll number. Databases are used by Websites too.
As programs are created using programming languages like C, Python, ruby etc. ,similarly to deal with Databases we need a language called SQL.
No no no its not ‘sequel’ , its S-Q-L having full form Structured Query Language.
Databases that use SQL include MS SQL Server, MySQL, Oracle, Access etc.
Wow! SQL is such a powerful language.
But remember, with Great power comes great possibility of doing mistakes. (Forget spiderman for now)
SQL does a mistake too. It has a weakness/vulnerability used by hackers too hack database of the website.
SQL can accept commands even from the users using the website. Well not in all cases but many (yes I said many) websites have this weakness.
And the process of using the weakness of SQL to hack the website database is called SQL Injection.
Understanding SQL Injection
One day the principal of my school told the peon to distribute gifts to all the students.
Principal ordered the students to stand in a row and to wait for their turn to receive gifts.
Every gift had a sticker on it with a name.
First student came and said “I am Nidhish…Please give me my gift” Peon searched the gift which said “Nidhish” and gave him his gift.
Then second student came and said “I am Grey…Please give me my gift”, and peon gave him the gift.
Meanwhile I heard some students that Karan is going to receive the best gift and I got an idea.
When my turn came I said to the peon, “My name is Karan…Please give me my gift”
And guess what…I got the best gift. I received something that I was not supposed to.
Well this is how SQL Injection works, we ask the database to give us a result that it is not supposed to give to a user.
Really Understanding SQL Injection
To really understand and perform SQL Injection we must have knowledge of basic SQL Commands.
So a database consists of tables and here is an example table:
As we can see there are Rows (Horizontal ones) and Columns (vertical ones).
Now lets see how SQL queries play with a database and tables,
1. select * from table1
This commands selects all the columns from table named “table1”
Always keep in mind that * means Everything
2. select column1,column2 from table1
This commands shows us how we can select specific columns from the desired table. Column names are separated with commas.
3. select * from table1 where Name=Jons
With this command we are trying to get all the rows from table1 in which the column “Name” has a value “Jons”
So now we know what happens behind the scenes when we demand data from database of a website.
So what is the vulnerability here?
As we discussed above there are queries that let the user interact with the database, so a hacker with knowledge of SQL can do whatever he want to with the database.
He can print confidential information, delete records and even bypass logins.
So basically SQL Injection is a commonly found vulnerability and can deal great damage if exploited by a hacker.
Thanks for reading.
Also Read: Login Bypass With SQL Injection