What is a SQL Injection Attacks?
A SQL Injection attack is a form of attack that comes from user input that has not been checked to see that it is valid.There are two main types of attacks. First-order attacks are when the attacker receives the desired result immediately, either by direct response from the application they are interacting with or some other response mechanism, such as email. Second-order attacks are when the attacker injects some data that will reside in the database, but the payload will not be immediately activated. I will discuss each in more detail later in this article.
There is an example,here we have two form element,a textbox for user name and a password box for password.
<form action="myscript.aspx">
<input type="textbox" name="username">
<input type="password" name="password"><br/>
<input type="submit">
</form>
Then in the myscript.aspx.cs :
string sql = "SELECT * FROM Users WHERE UserName = ‘" +username.text +"’ AND Password = ‘" + password.text + "’";
In the previous code block it executes the built SQL script directly, if count is greater than one, then you know the values entered in for the user name and password were the ones matching the database.
Now with that code in the previous example, suppose someone entered the following string into your username text box:
‘ or 0=0 —
Then the sql like this:
string sql = "SELECT * FROM Users WHERE UserName = ‘nike’ or 0=0 –‘ AND Password = ‘12345678′";
The apostrophe will close the username value being sent to the SQL query, then pass another argument to the SQL query, after the last argument it then comments out the rest of the query using the "–". Since the second argument they entered into your texbox is an "or" statement, the first check on the user name doesn’t matter, and since 0 is always going to equal 0 the script will execute successfully and return a positive logon. Guess what? Your intruder now has access to your application.
Let’s take another example of SQL injection,lets do this:
‘; drop table users —
Definitely something that can ruin your day. Of course this type of an attack you’ll probably notice pretty quick.
How to preventing SQL Injection Attacks?
first: Parameterised Queries
secend:Using Stored Procedures
(to be continued)
