Monday, 11 May 2009

SQL Injection

SQL injection is covered in more detail in the chapter on web exploits. SQL Injection has three primary goals:

  1. Accessing information,
  2. Destroying data, and
  3. Modifying data.
The goal of the attacker and the likelihood of each will vary dependant on the composition of the organization running the database. The most common form of SQL injection is through the addition of the SQL command, “OR 1=1” to an input field. The addition of this clause to the last part of a query may make the query true.

For example, with a query such as:
  • “SELECT * FROM users WHERE username = ‘administrator’ and password = ‘password’
An attacker could attempt to add ‘OR ‘’ = ‘ changing the SQL statement to:
  • “SELECT * FROM users WHERE username = ‘administrator’ and password = ‘password‘OR ‘’ = ‘’
This could potentially allow the attacker to bypass the database authentication.

No comments: