Loading, please wait...

SQL Injection

How To Use SQL Injection

 

Introduction:
In this article, you will learn what SQL injection is and how to use SQL Injection.

SQL injection is used to inject SQL commands into SQL database. This command is used to modify SQL database and adjust the security of a Web Application. SQL injection can effort conscious data from SQL, it updates and executes the data in the tables and recovers the data of a file in the DBMS file system.

 

The injection process works by determining a text string early and attaches a new command. SQL Injection attaches some strings, before it is run.

 

When we use SQL injection, we have no idea about its attack and an Application. There is a way to do SQL injection.

 

Identify the back end database

In this area, first, we will identify the database, which is used by the Web Application. We can use an extension name of the Web page to find the back-end database.

 

ASP.NET is a script language, which uses MS-SQL.

JSP is a script language, which uses Oracle.

PHP is a script language, which uses MYSQL.

 

 

All databases have a different syntax to execute a query such as a query to identify the database.

 

MS-SQL:

Select * from tablename where name = avi AND id=2

 

 

Oracle:

Select * from tablename where name=ashu \\ id=1

 

 

SQL:

select fieldname from tablename where salary > 2000 AND age < 25;

 

 

Escaping input

Each database has some attributes with the unique meaning. S as we use single quote (‘) and the braces ([,]) in SQL, but sometimes it is necessary to accept such characters.

 

We know that in SQL Injection, attacker doesn't know the username, then

 

  • We can simply use a "1=1" concept as in the following example.

 

We can say that actual purpose of the code was to create an SQL statement, to select a user with a given user data. It stop the user from include wrong input, the user can enter some smart input like:

 

fieldname: 105 or 1=1

select * from tablename where fieldname = 105 or 1=1;

 

 

Above query will return all rows of the table, so the condition is true.

 

  • If, SQL Injection Based on "=" is Always True

 

 

Explain this concept, we will use a simple login form of a user.

 

 

 

UserName = getRequestString("UserName");

UserPass = getRequestString("UserPass");

 

When we want to usernames and passwords in a database then only inserted " or "=" into the

required text box.

 

This code will create a valid SQL statement.

 

 

Output

select * from fieldname where Name AND Pass


Summary:
Thus, we learned that SQL injection is used to inject the queries and also learn its use in SQL.