What is SQL Injection and How Does it Work

SQL Injection is a web hacking technique of inserting SQL commands in user-supplied data fields of web applications and submitting them for execution by the database server.

To perform a SQL injection attack, an attacker inserts malicious SQL code, most often a database query, into a string that’s eventually executed by the database through a web application (e.g. a login form).

SQL injection can generally be used to perform the following types of attacks:

• Authentication Bypass
• Insert, modify, or delete data.
• Extracting data.
• Denial of service to authorized users by locking or deleting database tables.

What is a Database?

A database consists of one or more tables. Each table is made up of rows and columns and contains information such as user ids, passwords, web page details…

Databases are used for storing, maintaining, and accessing any sort of data. They collect information on people, places, or things. There are many databases available like MySQL, Oracle, MongoDB, PostgreSQL, SQL Server, etc.

SQL Injection Attack Examples

This example shows how an attacker can use SQL injection to bypass login authentication and gain administrator privileges.

Consider a simple authentication login form using a database table with usernames and passwords. A user’s POST request will provide the variables user and pass, and these are inserted into a SQL statement:

SELECT * FROM users WHERE username =”John” AND password =”mypass”

The attacker can bypass the password field using the following statement:

SELECT * FROM users WHERE username =’John’ AND password=’mypass’ OR 1=1'

Because 1=1 is a condition that always evaluates to true, the entire WHERE statement will be true, regardless of the username or password provided.

The WHERE statement will return the username from the users table, which is commonly the administrator. This means the attacker can access the website without authentication, and also has administrator privileges.