SQL INJECTION – WEB APPLICATION SECURITY VULNERABILITY

What is SQL injection?

SQL injection is a common web application security vulnerability.  It is an injection type of attack on a website that an attacker will use to inject code into a website in order to attack the back-end database.  Databases can contain anything from member usernames, full names, date of birth, delivery addresses, home addresses, email addresses, credit card information, national insurance details and anything that is typically input at registration of becoming a member and joining a site.  According to Veracode’s State of Software Security Report SQL Injection is one of the most prevalent types of web application security vulnerability.

 

SQL injection and syntax errors in web page addresses

One of the most common and easiest ways to find a vulnerable website is start by using a search engine to find a website with the string php?id=1.  Of course an attacker can use any number; it doesn’t have to be 1.  Once an attacker has a list of websites with that string in its address, the attacker will simply click on that page, add an apostrophe to the end of the address within the address bar and press enter.  If the selected website is vulnerable to attack the following statement is displayed within the browser Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”’ at line 1.

 

Attackers’ toolkit

There are many ways and methods in which an attacker can perform SQL injections but one of the easiest of them all in my opinion (although of course I have only used this method to test against my own webpages) is by using sqlmap.  By simply entering the website address followed by php?id=1’, (for example, http://www.example.com/php?id=1’) and then using specific commands within the terminal, an attacker can gain access to the database list.  It is then possible to delve deeper and find tables and columns and perform attacks in order to create, read, update, alter, or delete data stored in the back-end database.

 

How do I protect my website from SQL injection?

The easiest way to protect from an SQL injection is to perform input validation against anything an attacker, or anyone using your website, is sending to you.  A lot of web application languages contain methods for performing this inputted validation so you don’t have to go and rewrite the code structures.  Authentication can be set against a set of predefined rules such as syntax and/or business rules

For more in depth detail about SQL injection, have a read of The Register’ article at http://www.theregister.co.uk/2010/06/23/xxs_sql_injection_attacks_testing_remedy

~Sam Snook

Advertisements

One thought on “SQL INJECTION – WEB APPLICATION SECURITY VULNERABILITY

  1. Web vulnerabilities such as SQL injection are a concern because Stuffits has a legal obligation to protect the data of their customers stored on their web servers and to make sure their web servers aren’t compromised.

    ~ Lewis

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s