SQL Injection is one of
the many web attack mechanisms used by hackers to steal data from organizations.
It is perhaps one of the most common application layer attack techniques used
today. It is the type of attack that takes advantage of improper coding of your
web applications that allows hacker to inject SQL commands into say a login form
to allow them to gain access to the data held within your database.
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
What is the impact of SQL Injection?
Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data, use sub selects, or append additional queries.
In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures, it could spell disaster.
Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered. Data is being unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.
SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database. If not sanitized properly, web applications may result in SQL Injection attacks that allow hackers to view information from the database and/or even wipe it out.
What is the impact of SQL Injection?
Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database.
An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information. Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data, use sub selects, or append additional queries.
In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures, it could spell disaster.
Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered. Data is being unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.
1.
Malicious SQL statements:
a. For
numeric Field :-SQL Injection Based on 1=1 is Always Return True.
b. For String Field:- SQL Injection Based on ""="" is Always Return True .
Note: The Hacker used these above malicious sql statement to fetch the record without knowing there
Password and Id.
Let See The Work Demonstration:
Is a Table Structure(Employee)
Emp_Id |
Emp_Name |
Emp_Password |
Emp_Salary
|
1001 |
RahulGanga |
HA123 |
10,000
|
1002 |
Sathya |
BA321 |
20,000
|
1003 |
Akhil |
SA132 |
30,000
|
1004 |
Bubi |
FA213 |
40,000
|
Our
Targets is:
1.Fetch
the Employee Details Without Knowing Their Password and even their name Or ID.
2.Modify
the Record of Employee Without Knowing Their Password.
3.
Delete the Record of Emplyee Without Knowing Their Password.
Example1.(InSQL)
1.
Fetch
the Employee Details Without Knowing Their Password and even ther name Or ID.
Sol:
select * from
employee where Emp_Id=1
or 1=1
and Emp_Pwd='Dhoom3'
or''=''
Out Put:
2.
Modify
the Record of Employee Without Knowing Their Password.
First
see actual result of table "empTb"
Sol:
update empTb set Emp_Name='Titanic',Emp_Pwd='0'
where Emp_Id=1
or 1=1
and Emp_Pwd=123
or 1=1
Out Put:
3.
Delete the Record of Emplyee Without Knowing Their
Password.
Sol:delete
from employee where
Emp_Id=1 or 1=1
Out Put:
How do I prevent
SQL Injection attacks?
This Problem is
solved by parameterized sql,
SQL parameters are values that are added to an SQL query at
execution time, in a controlled manner.And it Does not take any extra values
because it take the value by Add parameter .
code:
_con =
new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["con"].ConnectionString);
_cmd =
new SqlCommand("select
* from SqlInjectionTb where id=@0 and pwd=@1", _con);
_cmd.Parameters.AddWithValue("@0",Convert.ToInt32(TxtId.Text));
_cmd.Parameters.AddWithValue("@1",
TxtPwd.Text);
_con.Open();
_cmd.ExecuteNonQuery();
DataTable
_dt = new DataTable();
SqlDataReader _dr = _cmd.ExecuteReader();
_dt.Load(_dr);
GridView1.DataSource = _dt;
GridView1.DataBind();
Note:
It Not Accept any Extra Values by Hackers.
IT Fire Error…
After execution of this above code it absolutely fire the
exception as use see below :
.png)
.png)
.png)
