SQL Code Injection, Know more on it.

November 2nd, 2009 by sabby


The security applications are becoming increasingly complex, with the presence of techniques ranging from social engineering attacks to DoS via simple SQL injection code. You can not imagine the amount of daily applications programmers to create the critical failure.

What is SQL injection?

Hack is a technique with a fairly simple operation. It is based on attacking applications whose form Login or text boxes are not fully validated or adequately. Let me illustrate it with an example, you need to have knowledge of SQL.

Suppose we have an application built on PHP and MySQL locally if they can install WampServer, which has a login page: login.php.

But login.php has two text fields, one for the user and one for the password. The name fields are used to identify and recover the inputs from the page to which the action is sent. The form would be something like this:

Username:
key:

Suppose that log here to be redirected to a page type index.php. This is where mistakes happen often. Usually what they do here is to recover applications code this way:

$ user = $ _POST [ 'user'];
$ key = $ _POST [ 'pass'];

Which is not of great importance, if we’re using a POST method in form login.php, but what is causing the problem is the code that follows it …:

$ sql = “SELECT * FROM users WHERE user = ‘$ user’ AND password = ‘$ key’”;

hich returns the user’s record which match the username and password.

But, in the instance, where you  give the username as below

Username: ‘or 1 = 1 -’
key: -blank- (do not write anything, then we’ll see why)

Passing these values,

$ sql = “SELECT * FROM users WHERE user =”or 1 = 1 – AND password =” ‘dsadsadas’”;
MySQL in a – is the beginning of a commentary, so all that is after this pair of characters will not run, so we can only:

$ sql = “SELECT * FROM users WHERE user =”or 1 = 1″;
Obviously it is unlikely to be met there with our user login name empty (user =”), but the second condition (1 = 1) always true, so we can have access quite easily.

Here is the link where you can learn more on it. http://ferruh.mavituna.com/sql-injection-cheatsheet-oku

This reference sheet contains SQL code injection into a guide for Oracle databases, MySQL, SQL Server, PostgreSQL and programming languages like PHP, ASP, ASP.NET and Java, in addition to the various combinations.

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: , , , , , , , , ,

Published by sabby on Nov 2, 2009 under Software Tips | Post your comment now

Leave a Reply

One Response to “SQL Code Injection, Know more on it.”

  1. Comment by Chandra
    September 29th, 2009

    Thanks for this information, It will really help me as a developer!!!