SQL injection is one of the common techniques of attacks used by the hackers where malicious users can inject SQL commands into an SQL statement, via web page input.
SQL commands can be injected and alter SQL statement to compromise the security of a web application.
An Example:
SQL Injection Based on 1=1 is Always True
The intention of the code is to create an SQL statement to select a user with a given user id.
If the web application is made in such a way that there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:
SELECT * FROM Users WHERE UserId = 10 or 1=1
The above SQL is valid. It will return all rows from the table Users, since WHERE 1=1 is logically always true.
The above example will seem dangerous If the Users table contains names and passwords.
The SQL statement above is much the same as this:
SELECT UserId, Name, Password FROM Users WHERE UserId = 10 or 1=1
A smart hacker might get access to all the user names and passwords in a database by simply inserting 10 or 1=1 into the input box.
Conclusion
Web sites require constant access to the database. Firewalls provide little or no defense against SQL injection attacks. Antivirus programs are equally ineffective at blocking SQL injection attacks. They are intended to spot and stop an entirely different kind of incoming data.
The most commonly used SQL injection defense is made up of two components –
• Routine updating and patching of all servers, services and applications.
• Producing and using well written and well tested website code that disallows unexpected SQL commands.
Saarah Nadia
Test Analyst
Adactin Group