SQL Injection Attack 44

Overview

This lecture explains how SQL injection attacks work, why they are dangerous, and provides a practical example of exploiting an insecure application.

Applications typically require authentication such as a username and password.
Each user's access is intended to be limited to their own data.
Input validation is essential to block malicious data from entering an application.
Poor or missing input validation can leave applications vulnerable to attacks like SQL injection.

SQL (Structured Query Language) is used to access and manage data in relational databases.
SQL injection allows attackers to insert their own SQL code into input fields.
This can bypass authentication and grant access to all data in the database.
Injection can involve other languages and protocols like HTML, XML, and LDAP, not just SQL.

Applications may have code like: SELECT * FROM users WHERE name = 'username'.
A normal query: SELECT * FROM users WHERE name = 'professor', returns data for user 'professor'.
An attacker can inject code: ' OR '1'='1', altering the query.
The modified query: SELECT * FROM users WHERE name = '' OR '1'='1' returns all users because '1'='1' is always true.
This attack circumvents security and provides full access to view, modify, or delete data.*

A vulnerable application is tested using a tool called WebGoat.
Normal login: employee name 'Smith', TAN '3SL99A', shows only Smith's data when submitted.
Attacker input: ' OR 1=1;--, as the employee name, retrieves all records from the database.
This exposes all user IDs, names, departments, salaries, and authentication data.

Authentication — The process of verifying a user's identity.
Input Validation — Checking user-provided data to block harmful or malformed input.
SQL (Structured Query Language) — A language for managing and querying data in relational databases.
SQL Injection — An attack method where malicious SQL code is inserted into an application input to alter queries and access data.