SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data they are not normally able to retrieve. This might include data belonging to other users, or any other data that the application itself can access. An attacker can often modify or delete this data, causing persistent changes to the application's content or behaviour.
In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure or perform a denial-of-service attack.
Impact of a successful SQL injection attack:
A successful SQL injection attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information. Many high-profile data breaches in recent years have been the result of SQL injection attacks, leading to reputational damage and regulatory fines. In some cases, an attacker can obtain a persistent backdoor into an organization's systems, leading to a long-term compromise that can go unnoticed for an extended period. According to OWASP's Top 10, injection vulnerability such as this is the most used and dangerous vulnerability.
Types of SQL injection attacks:
- Error-based: This type of SQL injection relies on the error messages being thrown by the database server, which might provide us with some useful information regarding the database structure.
- Union-based: This technique uses the SQL UNION operator to combine the results of two SELECT queries and return a single table. It allows an attacker to extract information from other tables by appending the results to the original query made to the database.
- Blind Injection: This happens when the application is vulnerable to SQL Injection but the results of the SQL query are not returned in the HTTP response. In this case, we query the database for any true/false statement and see the changes for both true and false conditions. It is of two types:
- Content-based: In this technique, the database server is queried with any conditional statement and the response from the server is analyzed for any difference while sending a true condition and a false condition.
- Time-based: This technique relies on injecting an SQL query that makes the database wait for a specific time based on the specified condition. The time taken by the server to send back a response determines if the query is true/false.
- Out-of-band injection (uncommon): This is not a very common type of SQL Injection as it depends on the features being enabled on the database server. It relies on the database server's capability to make web requests like HTTP, DNS, and FTP to send data to the attacker.
- Other OWASP Top 10 Vulnerabilities
- How to do automation SQL Injection (SQLMAP)
- Intercepting Request using BurpSuite to use it in SQLMap
No comments:
Post a Comment