Code Injection Attacks

Definition and Overview

• Code injection is a common application attack.
• Attackers input their code into the application.
• Developers need to implement checks to prevent such attacks.
• Types of code injections include:
  • HTML Code Injections
  • SQL Injections
  • XML Injections

SQL Injection

• SQL stands for Structured Query Language.
• Most popular method for applications to interact with databases.
• Attackers manipulate queries sent to databases.
• If unchecked, attackers can send unauthorized requests to the database.
• Exploitation is often simple and can be done through a browser.

SQL Injection Detailed Example

• Common Query Format: SELECT * FROM users WHERE name = 'username'
• Vulnerable Query Example:
  • Instead of querying SELECT * FROM users WHERE name = 'Professor'
  • A vulnerable application might accept SELECT * FROM users WHERE name = 'Professor' OR 1=1
• OR 1=1 always evaluates to true, thereby returning all users.
• This vulnerability can lead to full control over the database:
  • View, delete, or modify data
  • Bring the database down*

Exploit Example with WebGoat

• WebGoat is a vulnerable application for learning purposes.
• Input fields for employee name (e.g., Smith) and transaction authentication number are used.
• Standard operation: Enter name and password to get department info.
• Injection Technique Used:
  • Normal login: Name and a password
  • SQL Injection: Include additional code `' OR '1'='1'
  • This injected code retrieves all records where 1=1 is true.
  • Results in gaining access to all database information.`