Steps for SQL Injection Attack
1 Answer

Following are some steps for SQL injection attack:

  1. The attacker looks for the webpages that allow submitting data, that is, login page, search page, feedback, etc. The attacker also looks for the webpages that display the HTML commands such as POST or GET by checking the site's source code.
  2. To check the source code of any website, right click on the webpage and click on "view source" ,source code is displayed in the notepad. The attacker checks the source code of the HTML, and look for "FORM" tag in the HTML code. Everything between the $\lt FORM \gt$ and $\lt /FORM \gt$have potential parameters that might be useful to find the vulnerabilities.
  3. The attacker inputs a single quote under the text box provided on the webpage to accept the username and password. This checks whether the user-input variable is sanitized or interpreted literally by the server. If the response is an error message such as use "a"="a" (or something similar) then the website is found to be susceptible to an SQL injection attack.
  4. The attacker uses SQL commands such as SELECT statement command to retrieve data from the database or INSERT statement to add information to the database.

Here are few examples of variable field text the attacker uses on a webpage to test for SQL vulnerabilities:

  1. Blah' or 1=1--
  2. Login: blah'or 1=1--
  3. Password:: blah' or 1=1--
  4. http://search/index.asp?id =blah'or 1=1--

Similar SQL commands may allow bypassing of a login and may return many rows in a table or even an entire database table because the SQL server is interpreting the terms literally. The double dashes near the end of the command tell SQL to ignore the rest of the command as a comment.

Blind SQL Injection

Blind SQL injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be the one that displays data; however, it will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information have been established.

In summary, using SQL injections, attackers can:

  1. Obtain some basic information if the purpose of the attack is reconnaissance
  2. May gain access to the database by obtaining username and their password
  3. Add new data to the database.

    Execute the INSERT command: This may enable selling politically incorrect items on an an E-Commerce website.

  4. Modify data currently in the database

    Execute the UPDATE command: May be used to have an expensive item suddenly be deeply "discounted,"

Please log in to add an answer.