SQL Injection
sanket narawade
Defination :
When an attacker manipulates SQL queries within an application to interfere with database. This can lead to modify the database in unauthorized way.
Types of SQL Injection :
1) Error Based SQL Injection : When user provide an Input to the input field. If it showing an Error Messge to the client then it is vulnerable to the Error Based SQL Injection.
2) Union Based SQL Injection : When an attacker leverages the UNION operator to combine result of Original query with Malicious Queries. The goal is to retrieve the data from database.
3) Blind Boolean Based SQL Injection : When user provide input to the Input field but it is not showing any error directly but with the help of Boolean Operator like True/False we can easily gather information about the databse.
4) Time Based SQL Injection : When attacker inject SQL commands in the input field to see delay response. To determines the database information with response time.
Different Areas in the Web Application where I find SQL Injection;
1) In the POST request if we are seeing the Data is going in the JSON format. Add your payload into the JSON format
2) If the application asking me choose the Location manually.
3) Check if the Password Reset functionality find out on the “Support Page“ of application
4) If the application consist of Form in that “Select city/Data-of-birth“ input field check
5) If the “Source Code is available in the online website“ we can find out different Endpoints.
6) If the application using “Graph QL“ API we need to Test.
25 SQL injection Parameters:
Different Vulnerabilities chain with SQL Injection
1) SQL Injection + XSS : If the application is vulnerable to SQL injection then it is high chance it is vulnerable to “XSS“ also . An attacker can use SQL injection to insert the malicious JavaScript Code into Database
2) SQL Injection + Command Injection + RCE : If the application is vulnerable to SQL Injection then it is vulnerable to “Command Injection“. Command Injection is vulnerable then ultimately vulnerable to “Remote Code Execution“
3) SQL Injection + File Upload : If the web application has allow file upload. if those files are not correctly sanitized then it is vulnerable to SQL Injection
Impact
1) Data Breach and Data Theft : SQLI is allow an attacker to see senstive data like “Password“, “Personal Information“ , “Credit Card information“.
2) Authentication Bypass : Attacker gain unauthorized access to login form this can lead to impersonating legitimate user to do unauthorized action.
3) Reputation Damage and Financal Loss : A Security Breach from an SQL Injection can harm the Organziation Reputation and Financial Loss.
Mitigation
1) Use paramterized query : Using paramterized query we can bind the input as parameters rather than inserting them directly into SQL queries.
2) Input validation : All the time check when the user is interacting with database.Limit the input with expected character.
3) Error Handling and Disable Error Message : Avoid to show the detail error message . It can revel the database structure information.
4) Web Application Firewall : Deploy the WAF which can filter the SQL Injection Queries. it can act like additional defense.
5) Security Testing : Regular review the code and perform PT to identify the vulnerability.
Subscribe to my newsletter
Read articles from sanket narawade directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by