Ethical Hacking and Penetration Testing Guide
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- SQL Injection Attacks
- What Is an SQL Injection
- Types of SQL Injection
|
SQL Injection Attacks
In this section, we will discuss about various SQL injection techniques. Our focus would be on extracting the database and getting our commands to execute on the OS via SQL injection. To understand an SQL injection attack, you must be familiar with the concept of databases and the syntax of SQL, which is a language that all the applications use to communicate with the database. What Is an SQL Injection? Now a days, most of the websites you would come across are dynamic, which means that they take the user input and act upon it. When the user supplies an input to the application, it is parsed by the interpreter, where the user-supplied input is combined with the application code. An SQL injection occurs when the user-supplied input or query is considered as a database query; in simple words, the input is not filtered by the application, which means that an attacker could inject malicious code in the application that would be parsed by the interpreter as an SQL statement resulting in an SQL injection flaw. This will then allow an attacker to conduct a wide variety of attacks. SQL, LDAP, and XPath injection all fell down in the “Injection attacks” cat- egory which secure the first spot inside the OWASP 2013 Top 10 attacks. Types of SQL Injection The following are the three types of SQL injection attacks: Web Hacking ◾ 343 Union-Based SQL Injection This is the most common type of SQL injection. It comes from the class of inband SQL injection, and this type of attack utilizes the use of a UNION statement, which is the combination of two select statements, to extract information from the database. We will discuss this attack in detail later. Error-Based SQL Injection An error-based SQL injection is the easiest; however, the only problem with this technique is that it works only with MS-SQL Server. In this technique, we cause an application to throw an error to extract the database. Typically, you ask a question to the database, and it returns with an error containing the information you asked for. Blind SQL Injection The blind SQL injection is the hardest of them all. In this technique, no error messages are received from the database; therefore, we extract the data by asking questions to the database. The blind SQL injection is further divided into two categories: 1. Boolean-based SQL injection 2. Time-based SQL injection Both of these methods can be used to extract the database by either asking a question or inducing a time delay. We will discuss more about them later. Yüklə 22,44 Mb. Dostları ilə paylaş:
|