SQL Injection Vulnerabilities

SQL Injection

It is a technique where attackers inject a code to get database details from a web application. In short it is an attack that hampers the confidentiality of user details by letting the hacker view data which he/she is not authorised to see. This can be either vertical or horizontal escalation.

SQL injection can also cause a threat to availability of the data if the hacker intends to implement blind SQL injection. Blind SQL injection is where the hackers comes with a motive to destroy the entire database by performing DOS or buffer overflow attacks. In this type of SQL injection the hacker’s intention is to not gain information of users but to make the information unavailable to the authorised users. This step is usually taken by attacker when he is unsuccessful in retrieving user credentials and user details from the database.




SQL Injection Vulnerabilities

SQL Injection attack is possible by manipulating query string parameters sent via HTTP GET/POST requests to the web server. It means hacker can try changing the string parameters by trying different numerical number or strings instead of the ones shown. Possible ways through which hacker can perform SQL Injection are:

  • Query Parameter [Ex. http://abc.com/id=1102]
  • Normal [Ex. 1102 OR 1=1]
  • Form input parameters [Ex. Name: , Place (drop down list): SQL injection]
  • Burp intercept

Blind SQL Injection can take place by submitting a large or small or zero or negative value in the input parameter on the web application. For example if there is a date column in the hospital management application, the hacker can perform any of the following functions:

  • NULL input
  • Blank input
  • Negative input
  • Positive large input
  • Lower bound
  • Upper bound

If the database service is found to be processing it, without treating it as an invalid input, it further can be used by the attacker in crafting a denial of service attack using parameter manipulation.

IMPACT

Large number of high-profile data breaches have been due to SQL injection attack, which has led to a lot of damage.

When SQL injection attack becomes successful it can result in unauthorized access to sensitive/critical information, such as passwords, credit/debit card details, personal information, etc. In some cases, a hacker is able to gain persistent backdoor into an organization's system, leading to a long-term compromise that can go unnoticed for an extended period of time.

SOLUTION



Sanitizing: Client-side validation is useful for providing the user input immediate feedback when filling up a form. But this solution is no defence against a serious hacker. Therefore server side validation is also needed. This will help in sanitizing unknown requests and blocking them from getting stored in the database and initializing the injected query.

CSRF attack