CODEWITHSUNDEEP
sqlsql-injection
John Smith
John Smith

Reputation: 409

"Manual" SQL injection- how does it work?

I've seen it's possible to get into website's sql database just by typing certain sql lines into browser's address bar.How is this even possible? Shouldn't address bar only redirect us to website? How's that address bar can accept sql syntax? I'm total layman to browsers itselves, but it fascinates me that address bars offer vulnerabilites.

Upvotes: 0

Views: 5331

Answers (3)

Abstract
Abstract

Reputation: 684

SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

For example let's say that you have a textField that receives a value and then assign that value to variable username, then you have a statement that receives the valor, and it concatenates the value to a string representing your query like this:

statement = "SELECT * FROM users WHERE name = '" + userName + "';"

let's say that the value that you are passing it's something like this ' or '1'='1 this example could be used to force the selection of a valid username because the evaluation of '1'='1' is always true. This only an example! check this site in order to learn more about it

Upvotes: 1

Jonathan Warden
Jonathan Warden

Reputation: 2502

Are you going to use the answer to this question for good, or for evil?

In any case, assume you have a url in the form

http://mysite.com/dosomething?email=$EMAIL

And you have some code that executes a query that looks like this:

SELECT fieldlist
FROM table
WHERE field = '$EMAIL';

Then this page explains how someone can manipulate the contents of EMAIL to execute essentially an arbitrary query:

Upvotes: 1

Blender
Blender

Reputation: 298048

How is this even possible?

The application is executing arbitrary SQL that is read from the URL. Think http://example.com/search.php?query=SELECT%20....

Shouldn't address bar only redirect us to website?

That's exactly what it's doing. The vulnerability is in the website's handling of that URL.

How's that address bar can accept sql syntax?

The SQL query is just text that's part of a URL. The address bar doesn't know (or care) that your URL contains SQL.

Upvotes: 4

Related Questions