Know All About SQL Injection In Depth

June 05, 2019

SQL injection is a common attack technique used to attack a web application. In this post, you will know different types of SQL injection attack in depth.

After completely reading this post about SQL injection, you will have a clear concept about it in-depth.

Sql Injection

It is an attack technique used to exploit applications by tricking a database engine in such a way so that it allows an attacker to view data that they are not normally able to retrieve.

This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior.

What are different types of SQL Injection

Union Based

Union Based Injection

The UNION operator is used to join multiple SQL queries. An attacker can use this operator to create a query, so that the result of the new query will be joined to the result of the original query, allowing the attacker to execute multiple queries at once.

Error Based

Error Based Injection

In this injection technique, the attacker relies on error messages generated by the database server to obtain information about the structure of the database. In some cases, this attack alone is enough for an attacker to enumerate an entire database.

Blind SQL Injection

This technique is used when detailed error messages are not provided to the attacker. It is often the case, when the application displays user friendly error messages, with little or no technical error messages.

This type of injection is divided into 2 types.

Boolean Based

In this type of attack the attacker creates SQL query such that after executing the query the result returned will be either true or false. Thereafter, by examining the outcomes of the true or false values, attacker understands that the application is vulnerable to this type of attack. Then he or she uses that to further exploit the application.

For example, suppose following web page displays a post detail having id equal to 2.

http://www.example.com/post.php?id=2

If a SQL injection weakness is present, then executing following request on the web application:

http://www.example.com/post.php?id=2+and+1=1

should return the same web page as:

http://www.example.com/post.php?id=2

It happens as the SQL statement "and 1=1" is always true.

Executing the following request to a web application:

http://www.example.com/post.php?id=2+and+1=0

would return a friendly error or no page at all. This happens because the SQL statement "and 1=0" is always false.

Time Based

In this type of attack, the attacker constructs SQL query in such a way so that, if the query is successful then the database is forced to wait for some time (in seconds) before responding. If the query generates response after some time then attacker knows that the attack is successful.

For example, if following request is sent to a web application:

http://www.example.com/post.php?id=2-SLEEP(15)

And if the page is displayed after some delay, then the application is vulnerable to time based attack.

Final Words

If you like this post as helpful, please do share and comment your thoughts about it. Thank you!


Profile picture

Written by Nilesh Sanyal who is passionate about cloud and javascript technologies. You can follow him on  Twitter  Facebook  Pinterest