Understanding Code Injection and SQL Injection Attacks

Code Injection

• Definition: An application attack where the attacker inputs their own code into the application.
• Goal: Executed code is not allowed in the application, so developers must implement checks to prevent unwanted data injection.
• Types of Code Injection:
  • HTML Code Injections
  • SQL Injections
  • XML Injections
  • Others

SQL Injection

• SQL: Stands for Structured Query Language; used for interacting with databases.
• Purpose: Applications use SQL to input and query data from a database.
• Vulnerability: SQL Injection allows attackers to insert malicious SQL queries.
• Impact: If no proper checks, attackers can manipulate the database to retrieve, modify, or delete data.
• Ease of Exploit: Often easy to exploit and can be done via a browser without additional tools.

How SQL Injection Works

• Normal Query Example: SELECT * FROM users WHERE name = 'Professor'.
  • Queries data matching the username 'Professor'.
• Injection Example:
  • Input: ' OR '1' = '1 injected into name field.
  • Resulting Query: SELECT * FROM users WHERE name = 'Professor' OR '1' = '1'.
  • 1 = 1 is always true, hence retrieves all database entries.

Exploitation and Control

• Steps for Exploiting:
  1. Input legitimate name and password (e.g., name: Smith, password: 3sl99a).
  2. Inject additional code into input fields (e.g., ' OR '1' = '1').
• Outcome: Gain full control over the database's data.
  • View, modify, delete, or deny access to data.

Example Demonstration

• Vulnerable Application: WebGoat (webgoat.org).
• Scenario:
  1. Input employee name (Smith) and transaction authentication number (3sl99a).
  2. Perform a SQL Injection by adding ' OR '1' = '1' to the input fields.
  3. Result: Access all department information in the database.

Summary

• SQL Injections are a severe threat due to their ease of execution and potential data control.
• Applications must be safeguarded against such vulnerabilities through proper coding practices and checks.