What is SQL Injection? How does the attack work? In this post we show you how to Inject data from Inputs, an Attack against Google and How to Protect yourself . Check it out.
On January 3rd the largest Internet search engine suffered a DNS attack (made with SQL Injection). According to the images obtained by the internet users the responsible for the attack identifies himself as Kuroi’SH and the invasion happened only “for fun”.
According to the hacker, the action was performed by means of a SQL Injection. The tool that Kuroi’SH used to redirected the accesses and deface it, which means a modification in the appearance of some object or site.
Now you will learn everything you need to understand what the SQL Injection is!
# What is SQL Injection?
SQL Injection is a failure in the coding of any application (web or local) that makes possible through any input, the manipulation of an SQL query. This manipulation is called injection. In short: It is an attack technique based on the manipulation of SQL code, which is the language used to exchange information between applications and relational databases.
It is the universal standard language for data manipulation in relational databases through Relational Database Management System (DBMS). It is a type of attack where a “Hacker” can enter malicious commands (sql querys) in the database through the form fields or URLs of a vulnerable application, aiming to extract informations stored in the database.
“Think of SQL Injection as a simple logical failure, it’s simply a flaw that, because it leaves open interpretations, undesirable manipulations occur.”
Inurl Brazil, a group of security research, tool development and digital activism, said: “Computing is perfect, but whoever programs the devices and applications is naive, they do not see all the possibilities, they do not care about anything else of the ‘path that we have determined’, forget that there are always many other paths and that it is the function of the software developer and tester (something that does not exist in companies) to do all these paths and ensure that the software behaves properly; Do that, a hacker will. ”
# Narrating how SQL injection is done.
Imagine you are traveling and your car battery loses power capacity and it dies. What to do? If you have a charger in the car you can try to recharge, but if you do not have other methods to make the battery work, for example, to jump start your car, which is when you connect your battery to another car that is running.
Let’s say you do not have this charger, so you need to find another driver to provide the battery. You find it and ask the following question: “Hey man, I need a recharge. Don’t I?” The other driver will not understand what exactly you want, right?
That’s because you have not detailed that you need a recharge on your car battery. You have not been explicit, and so is the SQL question: they are interpretations. When a normal query with filter entry is made with vulnerability, a hacker can inject malicious code into your query and manipulate it, since you have left it open to multiple interpretations.
For example, by going back to the driver you asked to recharge, it would be like he loaned you a smartphone charger or a charger with the ability to damage your car.
# How is an injection made “technically speaking”?
Basically, an injection happens when someone inserts incorrect commands remotely on a server through a vulnerable application.
Now I will demonstrate an example of SQL injection in a more “technical” way.
See an SQl query application without an input filter:
$ Sql = “SELECT * FROM tableCM WHERE fieldCM = ‘$ _POST [” value “]’ ‘;
In the example above we have a query that is completely vulnerable. As you can see there is only a concatenation of a post variable received from outside, either by the INPUT of some user or even by the submission of a form. The query shown above works as follows:
“SELECT ALL OF THE TABLE WHERE THE COLUMN IS EQUAL TO THE VALUE RECEIVED”
In PHP we have the use of $ _POST, which is a global variable indicating the request by the HTTP POST method, much used in web form submission where there is the passage of variables in the submission, in our case called “value”. Assuming the POST value is “Scriptcase”, the query would be:
“SELECT * FROM tableCM WHERE fieldCM = ‘Scriptcase'”
The result would be a query in the Database (DB) that would bring the table “tableCM” where the column “fieldCM” is equal to “Scriptcase” and would return all values corresponding to the ‘where’ clause. However, a hacker exploits the flaw by injecting non-normal values. Thinking about a scenario that has a hacker, let’s assume that the value passed by the POST is:
“; SELECT * FROM information_schema.tables WHERE table_name! = ””
In the end the query would be:
SELECT * FROM table_name WHERE table_name! = ” SELECT * FROM tableCM WHERE fieldCM = ”; SELECT * FROM information_schema.tables WHERE table_name!
In this example, we were able to change the query so that it would also return the name of all tables in the MYSQL database (considered the most popular).
Thus a manual SQL injection works, “in practice, tools are used that automate and translate all the queries for each database until reaching the goal, if there is the injectable vulnerability.”
Now ask you: Is this a hacking technique that requires a lot of knowledge?
Now I would like to bring up to your attention to the fact that a hacking technique does not requires a lot of knowledge. Anyone with a basic knowledge of blank data and the SQL language can execute this type of attack.
So that’s all folks, I hope you have enjoyed this post, in the next I will show you how to defend against SQL Injection in and out of Scriptcase.