> SQL Injection allows a user to specified query to execute in
> SQL queries run in Database.
> Most of time it alters the original database.
SQL attack Steps
>Searching for a Vulnerable point.
>Fingerprinting the backend database.
>Retrieving data of interest- tables, username/password
>After information Handy=>
● OS take over
● Data change
● Webserver take over
>The attacker can delete, Modify or even steal your data.
>Compromises the safety, security and trust of user data.
>Compromises the ability to stay in business.
Hacking on login Page
1. Enter in username and password this text 'or''=' , this should
logged in and show username but not password.
2. Enter username admin and password 'or'1'='1
Like this there are many code to put for login:-
'or'x'='x ')or('x'='x and1=1 'or0=0-- “or0=0--
== and1=1-- etc.
Attacker inputs abcd as a username and ';drop table xyz--' as a
password in the login form.
Then query is like this:-
Select * from user_details where userid='abcd' and
password=';drop table xyz'
Attacker using this query delete the table.
Some sites for test:-
Attacker enter query union select * from emp_details-- in
username and password abcd. Then attacker able to see
all the data from database.
●No paratheses or anular brackets in the URL.
●URL should not end with two or more dashes(--)
●URL should not end with “/*”.
●No schema, table or column names should be
part of your URL.
Escape and validate Inputs
Escape all Inputs:-
Whether supplied via Post data or via url.
Anything goes to DB is escaped.
Validate all inputs:-
Validating a free form Text fields for allowed chars(Numbers,
latters, whitespace, ._-)
When have large setup or lots of code, then put some SQL
injection detetion pattern in Load balancer.
And check easily and quickly.