SQL Injections Short note

Injections are ranked as the number one web application vulnerability by OWASP top 10. Injection  flaws can be stimulated by an intruder sending malicious data to the interpreter. In this article I will be talking about the SQL Injections in particular.

SQL Injections how?

When websites run dynamic queries against the database where the query contains user provided inputs.

Types of SQL Injections.

1. In-Band SQL Injections

Attacker launch the attack and gather information through same communication line

a. Error Based .

This is useful in gathering information about the structure of the database. The actions performed by the attacker stimulate error messages from the database. 

b. Union Based

Using the Union SQL operator that retrieve multiple statements which were generated by the database attacker is able to obtain single http response.

2. Blind SQL Injections

This is used when the application has vulnerabilities of SQL injections however the http response does not provide  results of a sql query or the database error. In blind sqli no data is really transferred through the web application and the attacker wouldn't be able to see the outcome.

a. Boolean Based

A sql query is sent to the database seeking the application to return result. The result (True or False) will be based to the changes of information within the HTTP response.

b. Time Based

The query sent by the attacker makes the database wait for sometime before a reaction. Attacker is able to predict whether the query is true or false from the time the database takes to respond. 

3. Out of Band

Attacker does not use the same channel to launch the attack and gather results. The attacker rely on the database servers ability to make DNS or HTTP requests to deliver data.

How to Prevent 

1.Use prepared statements / Parameterized queries

For this to be effective,

    - A hardcoded constant should be used as the string in the query

    - Any variable data from any origin should not be contained 

2. Sanitization of user inputs in the server side.

References

https://beaglesecurity.com/blog/support/vulnerability/2018/07/04/Boolean-based-Blind-SQL-Injection.html

https://medium.com/bugbountywriteup/out-of-band-oob-sql-injection-87b7c666548b

https://owasp.org/www-community/attacks/SQL_Injection

https://portswigger.net/web-security/sql-injection

Authors note

This is a short note to have a basic idea or refresh your memory on sql injection. In the future posts I will demonstrate some sql injection attacks. These facts ware gathered from above referred sites and please observe them for further information