Basics And Working of SQL Injection Attacks
SQl injection is a vulnerability that allows an attacker to influence the queries that are passed to the back-end database.It has been present since the time databases have been attached to the web applications.However, the main credit of bringing SQL injection into public notice goes to Rain Forest Puppy who in 1998 wrote an article on it and in 2000 he wrote another article describing how he hacked one of the popular website on the internet using SQL injection.
Before understanding the how SQL injection attacks we need to understand the Simple Three Tier Architectureor a Four Tier Architecture.This will clear your basics and give you a rough idea of how database-driven web applications work.
Three Tier Architecture
In a simple three tier datbase-driven architecture the three layers that are used are:-
- Presentation Tier(Browsers)
- Logic Tier
- Storage Tier(Database)
The three tier architecture follows a linear relationship i.e Presentation Tier connects to the Logic Tier and theLogic Tier connects to the Storage Tier
Presentation Tier <–> Logic Tier <--> Storage Tier
To understand this consider an example
Suppose you connect to the http://www.website.com using his web browser.This is your presentation tier.Now the web server residing in the logic tier will load the script for the entered url and will pass it to the scripting engine which will parse and execute the script.It will also open a connection to the database i.e Storage Tier .It will perform the queries and the data from the database is transferred to the logic tier which will now convert into HTML which is rendered by the Browser.
Four Tier Architecture
In Four Tier Architecture an layer of Application Server is inserted between a web server and the database.
- Presentation Tier(Browsers)
- Logic Tier
- Application Tier
- Storage Tier(Database)
In four tier architecture the connection to the database is opened by
application server which has Application Programming Interface (API) that implements the business logic before transferring the data to the Logic tier.
Presentation TierLogic Tier Application Server Storage Tier
Working Of SQL Injection
SQL injection can be used using various methods.In this tutorial I will explain to the basic concepts behind the SQL injection.
Suppose you are on a shopping site and you have selected the option of showing all the accessories that costless then 200$ and its Url is like
http://www.shoppingsite.com/products.php?val=100
To test this website for SQL injection try appending your SQl injection commands in the val parameter ‘OR ‘1’=’1
http://www.shoppingsite.com/products.php?val=100’OR’1’=’1
If the above injection works and shows the list of all the accessories then the website is vulnerable to this type of SQL injection
This means that at the backend the script will be executed as shown:
SELECT *
FROMProductstbl
WHEREPrice<’200.00’ OR ‘1’=’1’
ORDER BYProductdescription
As the condition 1=1 so this will give you list of all the products
How this SQL injection Attack Can Be Harmful
Suppose a website uses the following url for logging into admin panel
http://www.website.com/cms/login.php?username=saini&password=go
now if the above website is vulnerable to the SQL injection as mentioned in the above example then by entering any username and password in the url you can login
http://www.website.com/ms/login.php?username=dnt&password=dnt’OR’1’=’1
so you will just login without valid username and password to the admin panel of a website.
This tutorial is becoming very long so I will explain the rest and the best methods of SQL injection in my next post On SQL injection.