Databases And Injection Attacks
When data is stored in an organized manner for later use it is called a Database (loosely speaking).
Schools have a database of student details like their marks, attendance, pending fee, address, etc.
They can search for a student’s details with his/her name or roll number. Databases are used by Websites too.
As programs are created using programming languages like C, Python, Ruby, etc. , similarly to deal with Databases we need a language called SQL.
No no no its not ‘sequel’, its S-Q-L having full form Structured Query Language.
Databases that use SQL include MS SQL Server, MySQL, Oracle, Access, etc.
Wow! SQL is such a powerful language.
But remember, with Great power comes the great possibility of doing mistakes. (Forget spiderman for now)
SQL does a mistake too. It has a weakness/vulnerability used by hackers to hack the database of the website.
SQL can accept commands even from the users using the website. Well not in all cases but many (yes I said many) websites have this weakness.
And the process of using the weakness of SQL to hack the website database is called SQL Injection.
Also Read: Cross-Site Scripting (XSS): Getting Started
Understanding SQL Injection
One day the principal of my school told the peon to distribute gifts to all the students.
The principal ordered the students to stand in a row and to wait for their turn to receive gifts.
Every gift had a sticker on it with a name.
The first student came and said “I am Nidhish…Please give me my gift” Peon searched the gift which said “Nidhish” and gave him his gift.
Then the second student came and said “I am Grey…Please give me my gift”, and peon gave him the gift.
Meanwhile, I heard some students that Karan is going to receive the best gift and I got an idea.
When my turn came I said to the peon, “My name is Karan…Please give me my gift”
And guess what…I got the best gift. I received something that I was not supposed to.
Well, this is how SQL Injection works, we ask the database to give us a result that it is not supposed to give to a user.
Really Understanding SQL Injection
To really understand and perform SQL Injection we must have knowledge of basic SQL Commands.
So a database consists of tables and here is an example table:
As we can see there are Rows (Horizontal ones) and Columns (vertical ones).
Now let’s see how SQL queries play with a database and tables,
1. select * from table1
This command selects all the columns from the table named “table1”
Always keep in mind that * means Everything
2. select column1,column2 from table1
This command shows us how we can select specific columns from the desired table. Column names are separated with commas.
3. select * from table1 where Name=Jons
With this command, we are trying to get all the rows from table1 in which the column “Name” has a value “Jons”
So now we know what happens behind the scenes when we demand data from the database of a website.
So what is the vulnerability here?
As we discussed above there are queries that let the user interact with the database, so a hacker with knowledge of SQL can do whatever he wants to with the database.
He can print confidential information, delete records, and even bypass logins.
So basically SQL Injection is a commonly found vulnerability and can deal with great damage if exploited by a hacker.
This is all for now, in the next article we will learn how login forms use Databases (SQL of course) and how a hacker can breach them with SQL Injection.
Till then keep reading…keep learning.
Also Read: How data travels over the internet?