Sql stands for Structured Query Language. Its a language used for querying database. In most of the websites, this is been used. In websites it is used for store and retrieve user information from databases. For example, the login username and password will be compared with the data retrieved for the user information database. So Sql is used in a wide range of websites.
But the websites using sql as back-end are facing a vulnerability known as sql injection. It is very critical one, which should be eliminated from any websites. Because using this vulnerability, anyone can spoof other users who are registered in that website.
Here in this post, first we will see how sql is been used and then we are going to see how to perform sql injection.
In any website that asks user to login will prompt to enter the username and the password. Those information will be used to frame a query that will be sent to the database. For example in an ordinary login page, you are providing your username as arun and the password as arunasks as int this figure,
those data will be placed in a query like this
select * from user_info where username='arun' and password='arunasks'
consider in this website, user_info is the database table that stores the user information. So this query will return details of a user whose username is arun and the password is arunasks. If no user having this username and the password, you will be returned an error message as login failed. This is what actually happens.
See here in the query, the data that entered in the username field and the password field will be inserted in the appropriate position. So if you insert username as
x' or '1'='1' -- and enter whatever(blank now) in the password.
Then the query will be framed as,
select * from user_info where username='x' or '1'='1'-- and password =''
so now even the username is wrong, the or condition one equal one is true. and in sql '--' is the comment line. so anything after '--' won't be considered. So you will be logged in.
Not only this method. There are millions of methods in Sql injection. As much as you are creative, you will get more and more.
No comments:
Post a Comment