SQL Injection attacks are still as common today as they were ten years ago. Today I’ll discuss what are SQLi and how you can exploit SQLi vulnerabilities found in software.
In this SQL Injection tutorial I will cover the following topics:
– What is SQL
– What does SQL do
– How SQL is used
– SQL Injection attack example
– Enumerating database servers
– Dumping User Credentials
SQL Injections are easy to exploit as you need nothing more than a web browser to carry out a SQL attack. SQL injections usually take place during user input, like their username. Instead of a username the user enters a SQL statement that will unknowingly run on the database.
A prosperous SQL injection attack can read sensitive data from the database, modify database data (insert/update/efface), execute administration operations on the database (such as shutdown the DBMS), recuperate the content of a given file on the DBMS file system or write files into the file system, and, in some cases, issue commands to the operating system.
SQL Injection attacks can be divided into the following three classes:
– Inband: data is extracted using the same channel that is used to inject the SQL code. This is the most straightforward kind of attack, in which the retrieved data is presented directly in the application web page.
– Out-of-band: data is retrieved using a different channel.
-Inferential or Blind: there is no actual transfer of data, but the tester is able to reconstruct the information by sending particular requests and observing the resulting behavior of the DB Server.