SQL Injection and Blind SQL injection

SQL injection
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application (like queries). The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.
Incorrectly filtered escape characters
when the user input string into a form that is not filtered then the user can input a querythat can be dangerous, such as display tables or even delete the table. The following line of code illustrates this vulnerability:
SELECT * FROM `users` WHERE `name` = '$name';
This SQL code is designed to pull up the records of the specified username from its table of users. However, if the "userName" variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended. For example user insert :
1' or '1'='1  
so the condition will be true and can cause the system will display the database and can also cause the user bypass the login form by it.
 

Blind SQL injection
Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established

Comments

Popular posts from this blog

Grabbing Proxy With Selenium and Python

Authorization Testing

Bypass HTML Field Restrictions