What is SQL injection?
SQL injection is a common web application security vulnerability. It is an injection type of attack on a website that an attacker will use to inject code into a website in order to attack the back-end database. Databases can contain anything from member usernames, full names, date of birth, delivery addresses, home addresses, email addresses, credit card information, national insurance details and anything that is typically input at registration of becoming a member and joining a site. According to Veracode’s State of Software Security Report SQL Injection is one of the most prevalent types of web application security vulnerability.
SQL injection and syntax errors in web page addresses
One of the most common and easiest ways to find a vulnerable website is start by using a search engine to find a website with the string php?id=1. Of course an attacker can use any number; it doesn’t have to be 1. Once an attacker has a list of websites with that string in its address, the attacker will simply click on that page, add an apostrophe to the end of the address within the address bar and press enter. If the selected website is vulnerable to attack the following statement is displayed within the browser Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ”’ at line 1.
There are many ways and methods in which an attacker can perform SQL injections but one of the easiest of them all in my opinion (although of course I have only used this method to test against my own webpages) is by using sqlmap. By simply entering the website address followed by php?id=1’, (for example, http://www.example.com/php?id=1’) and then using specific commands within the terminal, an attacker can gain access to the database list. It is then possible to delve deeper and find tables and columns and perform attacks in order to create, read, update, alter, or delete data stored in the back-end database.
How do I protect my website from SQL injection?
The easiest way to protect from an SQL injection is to perform input validation against anything an attacker, or anyone using your website, is sending to you. A lot of web application languages contain methods for performing this inputted validation so you don’t have to go and rewrite the code structures. Authentication can be set against a set of predefined rules such as syntax and/or business rules
For more in depth detail about SQL injection, have a read of The Register’ article at http://www.theregister.co.uk/2010/06/23/xxs_sql_injection_attacks_testing_remedy