Intro to SQL Injection

Web Applications and Databases

• Modern web applications typically use a database backend.
• Databases store and retrieve application data (e.g., content, user info).
• Applications dynamically query databases in real-time as HTTP(S) requests are received.

Three-Tier Architecture

1. Tier I: Client application (user-facing).
2. Tier II: Application server.
3. Tier III: Database Management System (DBMS).

SQL Injection (SQLi)

• Occurs when user input is used to construct a SQL query insecurely.
• Exploits input fields to change or add SQL code to backend queries.
• Specific to relational databases (e.g., MySQL); NoSQL injection applies to non-relational DBs.

Attack Process

1. Inject SQL code outside normal input (e.g., using ' or ").
2. Subvert the application logic (e.g., change or stack queries).
3. Retrieve output via the application's frontend.

SQL Injection Techniques

• Stacked Queries: Executes multiple SQL queries.
• Union Queries: Merges results of the injected query with the original.

Impacts

• Data Breach: Access to sensitive info (passwords, credit cards).
• Logic Subversion: Login bypass, unauthorized admin access.
• Server Control: File manipulation, backdoor insertion, full system takeover.

Prevention

• Use secure coding practices.
  • Sanitize and validate all user inputs.
  • Apply least-privilege access control on the DB and server side.