Code Injection Attack

Overview

• Code injection is a common type of application attack.
• Attackers insert their own code into input fields of applications.
• Developers must implement checks to prevent unwanted data injection.

Types of Code Injection

• HTML Code Injections
• SQL Injections
• XML Injections

SQL Injection (SQLi)

• SQL: Stands for Structured Query Language.
  • Most popular way for applications to interact with databases.
• How it occurs:
  • Application takes input data to create database queries.
  • Attackers inject their own requests into these queries.
  • Lack of proper checks allows malicious queries to be executed.

Exploiting SQL Injection

• Performed via the browser used as frontend to the application.
• Insert malicious SQL code into the application's input fields.
• Example of vulnerable query:
  • SELECT * FROM users WHERE name = 'Professor'
  • Can be altered to: SELECT * FROM users WHERE name = 'Professor' OR '1'='1'
    • '1'='1' always true, retrieves all data.

Impact

• Easy to exploit.
• Provides control over database data:
  • View all data.
  • Delete or alter data.
  • Potentially bring the database down.

Example using WebGoat

• WebGoat: A purposely vulnerable application for educational purposes.
  • Available at webgoat.org.
• Scenario:
  • Input fields for employee name "Smith" and transaction number "3SL99A".
  • Normal query shows department info for "Smith".
  • SQL Injection:
    • Injected code: ... OR '1'='1'
    • Retrieves all database information by exploiting the always true condition.

Summary

• SQL Injection is a critical vulnerability that allows attackers to control database data.
• Developers must secure applications by validating and sanitizing inputs.