What is an SQL Injection Attack?
Posted by Jon Lee in Web Development, tags: double-quotes, hacking, MySQL, PHP, security, single-quotes, SQL, SQL-Injection, web development
Database security is a huge issue. Having your database compromised is about the worst thing that can happen to a web developer; especially if it contains sensitive user information (passwords, credit card numbers, e-mail addresses etc.). Even if you store your confidential data securely, you don’t want anything to be accessible to anyone but yourself. SQL injection attacks are a common vulnerability that many beginning programmers fall victim to.
What is it?
In PHP/MySQL, an SQL injection attack is performed by submitting a particular string through a form that causes your SQL query to behave differently than expected. For example, say you have a login form that checks a username/password combination with a database using a simple SQL query:
SELECT * FROM users WHERE username = ‘$input_username‘ AND password = ‘$input_password‘
where $input_username and $input_password are submitted values taken from the login form. So if there is a person with username “admin” and password “secret”, when you enter “admin” and “secret” into the login page, the query becomes:
SELECT * FROM users WHERE username = ‘admin‘ AND password = ‘secret‘
The query will indeed find a row with these values and thus will log the user in. The problem arises when an unauthorized user enters “admin” as the username and something like this as the password: ‘ or 1=1
The query then becomes:
“SELECT * FROM users WHERE username =’admin‘ AND password = ‘‘ OR 1=1
This will find a matching row no matter what the username is. The single quote entered as part of the password is added into the query statement and is treated as a closing single quote as opposed to being part of the password. And since 1=1 is always true, your unauthorized user is now logged in as “admin” without knowing the password.
This is a very basic version of an SQL injection attack but it gives a good illustration of how it works. You’d be surprised how often this works due to poor code implementation. Just last month, it was reported that the Nokia Canada administration site was open to the simple SQL injection attack described above. Needless to say, many people were able to access it and change product information across the site. I’m sure someone got fired over it.
Read part 2 – How to Prevent an SQL Injection Attack
Popularity: 4% [?]
Entries (RSS)
Glad to hear you’re posting the prevention solution tomorrow – you’ve got me sufficiently nervous. Something to think about for tomorrow’s post – could you keep tech newbies like me in mind when you write it? I want to be protected, but I don’t speak the language quite like you yet.
I’ll try my best
Which magic quotes are you using haha!!
In Java you can use a prepared statement as opposed to concatenating strings which stops sql injection (at least at the point it is inserted, it could still be exploited if it is read back out and concatenated)
Think you did the right thing splitting your posts on this one!!
Magic quotes are coming! Don’t spoil the fun! hahaha
Embarassing as it is, I had one site that I admined have this vulnerability. I closed it up quick, and at least I did not do the original design. So if you ever take over a site for someone else, make sure you check all the security you ‘assume’ should be there.
PHP 5 has prepared statements as well, but they are underused.
[...] « What is an SQL Injection Attack? May 24 [...]
[...] Lee writes 2 articles on SQL injections. The first explains the injections and the second provides tips on how to prevent [...]
[...] to make sure it is secure and of course, deploy it. The security section covered the usual stuff: SQL Injection attacks, Cross-Site Scripting etc. This wasn’t too exciting since Rails has most of its bases [...]
[...] original post here: What is an SQL Injection Attack? mysql hackingmysql hackingRelated Posts Security Issues with MySQL – 12.1.1 Securing MySQL at the [...]
[...] right! Their new company name is an SQL injection attack! Luckily for the Norwegian industry, they took the appropriate steps to prevent SQL injection [...]