This document discusses SQL injection (SQLI), which is a code injection technique used to attack data-driven applications. SQLI works by inserting malicious SQL statements into entry fields for execution on the backend database. This allows attackers to read sensitive data, modify database contents, and perform administration tasks. The document outlines common SQLI attack methods like error-based and union-based techniques. It also categorizes SQLI attacks as in-band, inferential/blind, or out-of-band based on how results are returned. Examples are provided to illustrate how SQLI exploits vulnerabilities in dynamic SQL queries.

1. SQL INJECTION
Mudassar Ali
Muhammad Azam

2. CONTENTS
SQL Injection
SQL Injection Attack
Types/Classes
SQLI Examples
Conclusion

3. SQL INJECTION
 SQL Injection(SQLI) s a code injection technique, used
to attack data-driven applications, in which
nefarious SQL statements are inserted into an entry field
for execution.
 SQL Injection is one of the most common web hacking
techniques.
 SQL Injection is the placement of malicious code in
SQL statements, via web page input.

4. CONSEQUENCES
Read sensitive data
from
database
Modify database data
 Insert
 Delete
 Update
Execute database
administration
operations
What can
SQLI do?

5. SQLI ATTACK
What is
SQLI
attack?
How does it
work?
Reconnaissance
Attack
Automation
SQL Map
SQL Ninja
Havij

6. SQLI ATTACK

7. ATTACK ARCHITECTUER

8. TYPES/CLASSES
 In-band SQL Injection is the most common and easy-to-
exploit of SQL Injection attacks.
 In-band SQLI occurs when an attacker is able to use
the same communication channel to both launch the
attack and gather results.
 The two most common types of in-band SQL Injection
are Error-based SQLI and Union-based SQLI
In-Band SQLI(Classical SQLI)
Continue…

9. Inferential SQLI(Blind SQLI)
 In an inferential SQLI attack, no data is actually
transferred via the web application and the attacker
would not be able to see the result of an attack in-band
(which is why such attacks are commonly referred to
as “Blind SQL Injection attacks”).
 The two types of inferential SQL Injection are Blind-
boolean-based SQLI and Blind-time-based SQLI
Continue…

10. Out-Band SQLI
 Out-of-band SQL Injection is not very common,
mostly because it depends on features being enabled on
the database server being used by the web application.
 Out-of-band SQL Injection occurs when an attacker is
unable to use the same channel to launch the attack and
gather results.
 Out-of-band techniques, offer an attacker an alternative
to inferential time-based techniques.

11. SQLI EXAMPLES
Example:1
The following line of code illustrates this vulnerability:
statement = "SELECT * FROM users WHERE name = '" + userName + "';"
SELECT * FROM users WHERE name = '' OR '1'='1';
SELECT * FROM users WHERE name = '' OR '1'='1' -- ';
Resultant Query
' OR '1'='1' --
' OR '1'='1' ({
' OR '1'='1' /*
SQL Comments
Result = ?

12. Example:2
SQLI EXAMPLES
The following line of code illustrates this vulnerability:
statement = "SELECT * FROM users WHERE name = '" + userName + "';"
a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 'tUserName =
Resultant Query
This input renders the final SQL statement as follows and specified:
SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo
WHERE 't' = 't';
Result = ?
Batched SQL
Statement

13. SQLI EXAMPLES
Example:3
Here is an example of a user login on a web site:
statement = "SELECT * FROM users WHERE name = '" + userName +
"‘ AND password = ‘"+ password + "’;"
A hacker might get access to user names and passwords in a database by simply
inserting " OR ""=" into the user name or password text box:
Resultant Query
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
SQLI Based on
“=”
Result = ?

14. CONCLUSION

16. THANK YOU !