SQL Injection - Explained

Discussion in 'Databases' started by darkdrgn2k, Jan 27, 2010.

0
  1. #1
    SQL Injection occurs then poorly written code is exposed to highly clever individuals. Here is a simplified example for those that have no idea what this is all about but want to lean;

    Take for example the SQL Select Command

    SELECT access FROM users WHERE username='$username' and password='$password';

    This command wuould look up the access level of a person via the username and password provided by a person logging in.

    If the code was not "ESCAPED" properly there is potential for SQL injection here.

    Assume $username was "John" and $password "Doe" the line above would read
    SELECT access FROM users WHERE username='John' and password='Doe';

    Now assuming same person for $username "John" but now we will make the $password "' or 1='1"

    This looks a little odd but if we put the select statement togeter now
    SELECT access FROM users WHERE username='John' and password='' or 1='1';

    Notice this has changed the meaning of the whole statement, now it returns the access from John if his password is "" (blank) OR 1 is equile to 1 (which is always)

    A smart coder would have ESCALED the user input, replacing the ' with \'.

    This can get more complicated by "injecting" completly NEW sql commands that can INSERT users UPDATE records or even DELETE records.

    So be warned. Never take the easy way out.
     
    darkdrgn2k, Jan 27, 2010 IP
  2. denniss

    denniss Well-Known Member

    Messages:
    591
    Likes Received:
    27
    Best Answers:
    0
    Trophy Points:
    120
    #2
    Great information, thank you!

    One of my WordPress sites got hacked this way twice last year, I guess that's what you can expect from opensource software....
     
    denniss, Jan 27, 2010 IP
  3. taminder

    taminder Peon

    Messages:
    581
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #3 
    http://articles.sitepoint.com/article/sql-injection-attacks-safe
    Code (markup):
    good article.
     
    taminder, Jan 27, 2010 IP
  4. darkdrgn2k

    darkdrgn2k Active Member

    Messages:
    159
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #4
    good article.[/QUOTE]


    .Net hs an anoying feature that creates an exception if you want to use " in your message.....

    theres also Magic Quots

    But the lesson is.. any time you take a shrot cut.. you WILL regret it
     
    darkdrgn2k, Jan 28, 2010 IP
  5. darkdrgn2k

    darkdrgn2k Active Member

    Messages:
    159
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #5
    Open source software is usualy safer then closed source.... You will ALWASY have bugs that are not forseen by the programmers

    (Back in highschool the web team made a BASH cgi program that would template a simple page... Looking at it.. and adding a few ../../../etc/passwd into the query string nicly formated the password file :))

    Closed source software has fewer people looking at the code, which means the bugs are harder to spot, both to FIX and to take advantage of.

    you have to ALWYS keep on top of updates! they are there for a reason
     
    darkdrgn2k, Jan 28, 2010 IP