Types Of SQL Injection Attacks - Error Based
Hello all,
We will be diving into the different types of SQL Injection attacks. Before delving into SQL Injection attacks, however, let's look at the OWASP definition of what a SQL Injection is. An SQL Injection attack consists of injecting a query via input data from the client to an application. This can allow the attacker to access to the database's CRUD (create, read, update, and delete) permissions if done successfully. It may even give the attacker access to administrative privileges. SQL Injection is consistently at or near the top of the OWASP top 10, so it is worth while to look at each of these attacks.
There are 3 types of SQL Injection attacks, error based, union based injection, and blind sql injection. Each of these types deserves multiple pages so we will focus on one at a time. We shall start with the most basic attack, error-based.
Let's first consider the following web address:
http://www.site.com/table?column=x
If the attacker was to append a ' to the end of this address:
http://www.site.com/table?column=x'
This could create a server error. Errors are an attacker's greatest tool as they usually exploit the details of the underlying system. What is basically happening behind the scenes is the following SQL query is executing:
SELECT Id, Column FROM table WHERE Column = 'x''
This is an invalid query which is what causes the error. Expanding on the previous attack:
http://www.site.com/table?column=x' or 1=1--
This effectively creates the following query in the backend:
SELECT Id, Column FROM table WHERE Column='x' or 1=1--'
This creates a tautology or formula that is always true.
There is a lot more to error based sql injection attacks, so further studying should be done by following the references below:
The OWASP Foundation (2016, April). SQL Injection. Retrieved from https://www.owasp.org/index.php/SQL_Injection
Hunt, T. (2015, May). Ethical Hacking: SQL Injection. Retrieved from https://app.pluralsight.com/library/courses/ethical-hacking-sql-injection
We will be diving into the different types of SQL Injection attacks. Before delving into SQL Injection attacks, however, let's look at the OWASP definition of what a SQL Injection is. An SQL Injection attack consists of injecting a query via input data from the client to an application. This can allow the attacker to access to the database's CRUD (create, read, update, and delete) permissions if done successfully. It may even give the attacker access to administrative privileges. SQL Injection is consistently at or near the top of the OWASP top 10, so it is worth while to look at each of these attacks.
There are 3 types of SQL Injection attacks, error based, union based injection, and blind sql injection. Each of these types deserves multiple pages so we will focus on one at a time. We shall start with the most basic attack, error-based.
Let's first consider the following web address:
http://www.site.com/table?column=x
If the attacker was to append a ' to the end of this address:
http://www.site.com/table?column=x'
This could create a server error. Errors are an attacker's greatest tool as they usually exploit the details of the underlying system. What is basically happening behind the scenes is the following SQL query is executing:
SELECT Id, Column FROM table WHERE Column = 'x''
This is an invalid query which is what causes the error. Expanding on the previous attack:
http://www.site.com/table?column=x' or 1=1--
This effectively creates the following query in the backend:
SELECT Id, Column FROM table WHERE Column='x' or 1=1--'
This creates a tautology or formula that is always true.
There is a lot more to error based sql injection attacks, so further studying should be done by following the references below:
The OWASP Foundation (2016, April). SQL Injection. Retrieved from https://www.owasp.org/index.php/SQL_Injection
Hunt, T. (2015, May). Ethical Hacking: SQL Injection. Retrieved from https://app.pluralsight.com/library/courses/ethical-hacking-sql-injection
Comments
Post a Comment