What is SQL Injection
Definition, basic principles and categories of SQL injection
SQL injection (SQLI) is a technique that allows a user to inject SQL commands into the database engine from a vulnerable application. By leveraging the syntax and capabilities of SQL, the attacker can influence the query passed to the back-end database in order to extract sensible information or to get control over the database. This security issue is mostly present in websites but it can also exist in software. In fact, SQL injection attacks (SQLIA) can be done anywhere a database is used and user input is not sanitized correctly.
Below are listed the main categories of SQL injection attacks. They are explained in further details in referred articles but it will give you a rough idea how SQLIA are classified.
Most attacks rely on basic SQL manipulation and are considered to be classic attacks. It includes WHERE clause modification, UNION operator injection and query stacking. Those are by far the most popular kinds of SQLIA and they are explained in the SQL injection tutorial.
Inference attacks involve a SQL manipulation that will provide the hacker the ability to verify a true/false condition. Depending on the database system reaction, it is possible to find out if the condition was realized or not. This information gathering technique is covered in the blind SQL injection article.
DBMS specific attack
This type of SQLIA is used as an alternative to classic SQL injection. It is especially useful when trying to fingerprint the database system, but it can also provide the ability to achieve a complete attack when some particular conditions are met. These techniques are detailed in the advanced SQL injection section.
Dynamic Query Building
It is important to mention that SQL injection vulnerabilities are not caused by a database system flaw. In fact, a SQL injection attack can be made against a vulnerable system not matter what its DBMS is. The security flaw is an error made by the programmer who built a query without sufficiently validating user input.
SQL injection attacks are among the most popular security issues today. The presence of transactional websites combined to the misunderstanding of SQL injection clearly contributed to increase the problem. In fact, it has created a perfect environment for the growth of SQL injection attacks.
Misinformation about possible impacts and causes of SQL injection are so generalized that it is important to make a clear distinction between myths and reality. It is often thought that this kind of attack is pretty limited in terms of possible damage and it achievability mainly relies on luck since it requires a lot of guessing to find enough information to perform an attack. The truth is totally the opposite. By using the right techniques, the attacker will be able to exploit almost any SQL injection flaw without relying on luck or guessing. Moreover, a SQL injection attack can lead to a full system control of the database server. Obviously, this is without mentioning that database content can be read, modified and deleted by the hacker who has gain some access to the database.