SQL injection attacks use a series of malicious SQL queries or SQL statements to manipulate the database directly. An application often uses SQL statements to authenticate users to the application, validate roles and access levels, store and obtain information for the application and user, and link to other data sources. SQL injection attacks work because the application does not properly validate an input before passing it to an SQL statement.
SQL injection is a major issue for all database-driven websites. An attack can be attempted on any normal website or software package based on how it is used and how it processes user supplied data.
The different types of SQL injection are as follows:
- Error-based SQL Injection: An attacker intentionally inserts bad inputs into an application, causing it to return database errors. The attacker reads the resulting database-level error messages to find an SQL injection vulnerability in the application.
- Union SQL Injection: In a UNION SQL injection, an attacker combines a forged query with a query requested by the user using a UNION clause. The result of the forged query will be appended the result of the original query, which makes it possible to obtain the values of fields from other tables.
- Blind/Inferential SQL Injection: In blind/inferential injection, the attacker has no error messages from the system to work on. Instead, the attacker simply sends a malicious SQL query to the database.
- Boolean-based blind SQL injection: Boolean-based blind SQL injection is performed by asking the right questions to the application database. Multiple valid statements evaluated as true or false are supplied in the affected parameter in the HTTP request.
SQL Injection Techniques Covered in the Learning Path:
- Error-based SQL Injection
- Boolean SQL Injection
- Time-based Blind SQLi
- SQLi through sqlmap
- Metasploit Exploit
- SQLi through Burpsuite and sqlmap