📖
NOTES
  • Welcome!
  • Reference
    • Hacking
      • Penetration Testing Resources Bookmarks
        • Research Links
        • Cheat Sheet
        • Learning/Training
        • Tools
        • Payloads
        • Shell
        • AI
        • Reads
        • Podcast
        • Social Engineering
        • Payloads
      • Web/App Pentesting
        • SQL Injection
          • SQL Injection In The URL
          • SQL Injection In The Search Field
          • SQL Injection in Login forms
          • Boolean SQL Injection Blind
          • Time based SQL Injection Blind
          • Bypassing SQL Filters
          • SQL Injection with sqlmap
          • XPath Injection - Authentication Bypass
            • XPath Advanced Data Exfiltration
          • Payloads
        • XSS
          • Payloads
          • XSS Reflected
          • XSS Stored
          • Dom-based
          • Blind
        • Command Injection
          • Payloads
        • File Upload
          • Payloads
          • Bypass Filters
          • File Upload Tricks
        • SSRF
          • Payloads
        • LFI/RFI
          • Payloads
        • LDAP Injection
      • Port Swigger
        • Access control
          • Lab: Unprotected admin functionality
          • Unprotected admin functionality with unpredictable URL
          • User role controlled by request parameter
          • User ID controlled by request parameter, with unpredictable user IDs
          • User ID controlled by request parameter with password disclosure
        • Authentication
          • Username enumeration via different responses
        • Server-side request forgery (SSRF)
          • Basic SSRF against the local server
          • Basic SSRF against another back-end system
        • File Upload Vulnerabilities
          • Remote code execution via web shell upload
        • SQL Injection
          • SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
      • Burp
        • Setting up Macro for intruder
      • ☁️Cloud
        • Tools
        • AWS
          • 🪣S3 Buckets
          • Amazon IAM
          • Dockers
            • Tools
        • Azure
        • GCP
      • Networking
        • Cheat Sheet
      • Hardware Hacking
        • Computer BIOS
    • HTML/CSS/JAVA
      • Tools
      • HTTP Response Status Codes
      • Bootstrap Templates
      • SSL
      • cURL
      • Grep
    • DataBase
      • My SQL
        • Cheat Sheet
        • Tools
    • PYTHON3
      • Code Resources
      • Python Reference Guide
        • Cheat Sheet
      • Code Projects
        • Jiggler Mouse
        • loan calculator
        • Bilnd LDAP Data Exfiltration
    • SEO
      • Tools
      • On-Page SEO
      • Local SEO and Keyword Research
      • Content Optimization
      • Technical SEO
      • Off-Page SEO Tools
      • Google Ads
    • Cloud
      • AWS
        • Light Sail
          • Hosting Website on Light Sail and Namecheap
        • Boto3
      • Azure
      • GCP
    • Files
      • PDF
Powered by GitBook
On this page
  1. Reference
  2. Hacking
  3. Web/App Pentesting

SQL Injection

Note: Take care when injecting the condition OR 1=1 into a SQL query. Even if it appears to be harmless in the context you're injecting into, it's common for applications to use data from a single request in multiple different queries. If your condition reaches an UPDATE or DELETE statement, for example, it can result in an accidental loss of data.

Overview of SQL Injection

  1. Introduction to SQL Injection:

    • Definition: SQL Injection (SQLi) is a technique where attackers exploit vulnerabilities in web applications that interact with databases. It involves manipulating SQL queries to gain unauthorized access or manipulate a website's backend database.

    • Impact: SQLi can lead to data theft, destruction, or unauthorized access to sensitive information, posing a severe threat to an organization's data integrity and security.

  2. Common SQL Injection Vulnerabilities:

    • User Input Fields: Web applications often use SQL queries for functions like login, sign-up, and content posting. If these inputs are not properly sanitized, they can be exploited to manipulate underlying SQL queries.

    • Database Management Tools: SQL is used in tools or interfaces for direct database interaction. Vulnerabilities here can be exploited through crafted SQL queries.

    • Backend Server Applications: Server-side code that interacts with databases is a common target for SQL injection. Attackers can manipulate queries used for data retrieval and manipulation.

    • Database Administration: SQL used by administrators for tasks like managing database structures and user permissions can also be vulnerable if not properly secured.

    • Data Analysis and BI Tools: SQL employed in data analysis and BI tools can be a vector for SQLi, especially if these tools interact directly with databases and lack proper input validation.

  3. Advanced Exploitation Techniques:

    • Union-Based SQLi: Exploiting the UNION SQL operator to combine the results of two or more SELECT statements into a single result.

    • Blind SQLi: Inferring data from the database by sending true or false SQL queries and observing the web application's response.

    • Error-Based SQLi: Utilizing error messages from the database server to gather information about the structure of the database.

    • Time-Based Blind SQLi: Sending SQL queries that cause the database to wait (using commands like WAITFOR DELAY) to infer information based on the response time.

  4. Mitigation Strategies and Security Practices:

    • Input Validation and Sanitization: Ensure all user inputs are validated against a whitelist and sanitized to prevent malicious SQL code injection.

    • Use of Prepared Statements and ORM: Implement prepared statements with parameterized queries to separate SQL logic from data. Object-Relational Mapping (ORM) frameworks can also help by abstracting SQL code.

    • Least Privilege Access: Ensure that database accounts used by web applications have only the necessary privileges required for their function.

    • Regular Security Audits and Code Reviews: Conduct regular audits and reviews of application code and database queries to identify and fix potential vulnerabilities.

  5. Reporting, Remediation, and Ethical Considerations:

    • Detailed Reporting: Provide comprehensive reports detailing vulnerabilities, how they were exploited, their impacts, and step-by-step reproduction.

    • Remediation Strategies: Suggest specific strategies for fixing vulnerabilities, such as implementing secure coding practices, regular updates, and employee training.

    • Responsible Disclosure: Adhere to ethical guidelines for responsible vulnerability disclosure, allowing adequate time for remediation.

PreviousWeb/App PentestingNextSQL Injection In The URL

Last updated 3 months ago