EDUCBA

EDUCBA

MENUMENU
  • Free Tutorials
  • Free Courses
  • Certification Courses
  • 360+ Courses All in One Bundle
  • Login
Home Data Science Data Science Tutorials SQL Tutorial SQL Injection Attack
Secondary Sidebar
SQL Tutorial
  • Advanced
    • SQL Aliases
    • SQL Hosting
    • SQL Auto Increment
    • SQL Injection
    • SQL Wildcards
    • SQL Check
    • SQL Indexes
    • Select Distinct
    • SQL BETWEEN
    • SQLPlus spool
    • SQL Create Table
    • SQL Schema
    • Comparison Operators in SQL
    • SQL_plus
    • SQL Formatter
    • SQL LEFT INNER JOIN
    • SQL Plus Command
    • SQLPlus not found
    • SQL Injection Attack
    • Aggregate Functions in SQL
    • SQL REVOKE
    • SQL Select Distinct Count
    • IF ELSE Statement in SQL
    • SQL CASE Statement
    • SQL While Loop
    • SQL BIGINT
    • SQL Crosstab
    • SQL Wildcard Character
    • SQL INSTR()
    • SQL now
    • SQL synonyms
    • SQLite?export to csv
    • What is Procedure in SQL
    • Stored Procedure in SQL?
    • SQL Server Constraints
    • SQL DELETE ROW
    • Column in SQL
    • Table in SQL
    • SQL Virtual Table
    • SQL Merge Two Tables
    • SQL Table Partitioning
    • SQL Temporary Table
    • SQL Clone Table
    • SQL Rename Table
    • SQL LOCK TABLE
    • SQL Clear Table
    • SQL DESCRIBE TABLE
    • SQL Mapping
    • Cursors in SQL
    • AND in SQL
    • Wildcard in SQL
    • SQL FETCH NEXT
    • SQL Views
    • SQL Delete View
    • Triggers in SQL
    • SQL UPDATE Trigger
    • SQL AFTER UPDATE Trigger
    • SQL Update Statement
    • SQL DROP TRIGGER
    • SQL DROP Table
    • Types of SQL Views
    • SQL Port
    • SQL Clustered Index
    • SQL COMMIT
    • Distinct Keyword in SQL
    • PARTITION BY in SQL
    • SQL Set Operators
    • SQL UNION ALL
    • Metadata in SQL
    • SQL Bulk Insert
    • Array in SQL
    • SQL REGEXP
    • JSON in SQL
    • SQL For loop
    • EXPLAIN in SQL
    • ROLLUP in SQL
    • Escape Character SQL
    • SQL Cluster
    • SQL Backup
    • SQL Pattern Matching
    • SQL Users
    • ISNULL SQL Server
    • SQL pivot
    • SQL Import CSV
    • SQL if then else
    • SQL ignore-case
    • SQL Matches
    • SQL Search String
    • SQL Column Alias
    • SQL extensions
    • SQL Substring Function
    • Charindex SQL
  • Basic
    • What is SQL
    • Careers in SQL
    • Careers in SQL Server
    • IS SQL Microsoft?
    • SQL Management Tools
    • What is SQL Developer
    • Uses of SQL
    • How to Install SQL Server
    • What is SQL Server
    • SQL Quick References
    • SQL Like Wildcard
    • SQL Like with Multiple Values
    • SQL Examples
    • SQL Server Versions
    • SQL DROP DB
    • SQL Case Insensitive
    • SQL Expressions
    • Database in SQL
    • SQL Data Types
    • SQL Keywords
    • Composite Key in SQL
    • SQL WAITFOR
    • SQL Constraints
    • Transactions in SQL
    • First Normal Form
    • SQL Server Data Types
    • SQL Administration
    • SQL Variables
    • SQL Enum
    • SQL GROUP BY WHERE
    • SQL ROW
    • SQL EXECUTE
    • SQL EXCLUDE
    • SQL Performance Tuning
    • SQL UUID
    • Begin SQL
    • SQL Update Join
    • Cheat sheet SQL
  • Operators
    • SQL Operators
    • SQL Arithmetic Operators
    • SQL Logical Operators
    • SQL String Operators
    • Ternary Operator in SQL
  • Commands
    • SQL Commands
    • sqlplus set commands
    • SQL Alter Command
    • SQL Commands Update
    • SQL DML Commands
    • SQL DDL Commands
    • FETCH in SQL
  • Clause
    • SQL Clauses
    • SQL IN Operator
    • SQL SELECT DISTINCT Multiple Columns
    • SQL Null Values
    • SQL LIKE
    • SQL LIKE Query
    • SQL LIKE Operator
    • SQL LIKE Clause
    • SQL NOT Operator
    • SQL Minus
    • SQL WHERE Clause
    • SQL with Clause
    • SQL HAVING Clause
    • GROUP BY clause in SQL
    • SQL GROUP BY DAY
    • ORDER BY Clause in SQL
    • SQL ORDER BY CASE
    • SQL ORDER BY DESC
    • SQL ORDER BY DATE
    • SQL ORDER BY Alphabetical
    • SQL ORDER BY Ascending
    • SQL Order by Count
    • SQL GROUP BY Month
    • SQL GROUP BY Multiple Columns
    • SQL GROUPING SETS
  • Queries
    • SQL Insert Query
    • SQL SELECT Query
    • SQL SELECT RANDOM
    • SQL Except Select
    • SQL Subquery
    • SQL SELECT DISTINCT
    • SQL WITH AS Statement
  • Keys
    • SQL Keys
    • SQL Foreign Key
    • Primary Key in SQL
    • Foreign Key in SQL
    • Unique Key in SQL
    • SQL UNIQUE Constraint
    • SQL Primary Key
    • Alternate Key in SQL
    • SQL Super Key
  • Functions
    • SQL Date Function
    • SQL Server Functions
    • SQL String Functions
    • SQL Compare String
    • Timestamp to Date in SQL
    • SQL REGEX
    • SQL Window Functions
    • SQL Syntax
    • SQL CONCAT
    • SQL ALTER TABLE
    • SQL MOD()
    • SQL Timestamp
    • SQL Min and Max
    • SQL TO_DATE()
    • SQL DATEADD()
    • SQL DATEDIFF()
    • SQL HOUR()
    • SQLite? functions
    • ANY in SQL
    • LIKE Query in SQL
    • SQL NOT NULL
    • SQL NOT IN
    • SQL MAX()
    • SQL MIN()
    • SQL SUM()
    • SQL COUNT
    • SQL identity
    • SQL DELETE Trigger
    • SQL Declare Variable
    • SQL Text Search
    • SQL COUNT DISTINCT
    • SQL TEXT
    • SQL Limit Order By
    • BETWEEN in SQL
    • LTRIM() in SQL
    • TOP in SQL
    • SQL Select Top
    • Merge SQL
    • SQL TRUNCATE()
    • SQL UNION
    • SQL ALL
    • SQL INTERSECT
    • SQL Alias
    • SQL Server Substring
    • CUBE in SQL
    • SQL RANK()
    • SQL CTE
    • SQL LAG()
    • SQL MID
    • SQL avg()
    • SQL WEEK
    • SQL DELETE
    • SQL DATEPART()
    • SQL DECODE()
    • SQL DENSE_RANK()
    • SQL NTILE()
    • SQL NULLIF()
    • SQL Stuff
    • SQL Ceiling
    • SQL EXISTS
    • SQL LEAD()
    • SQL COALESCE
    • SQL BLOB
    • SQL ROW_NUMBER
    • SQL Server Replace
    • SQL Ranking Function
    • SQL Server Permission
  • T-SQL
    • T-SQL pivot
    • T-SQL Formatter
    • T-SQL TRY CATCH
    • T-SQL CTE
    • T-SQL CASE
    • T-SQL DATEPART
    • T-SQL Date Format
    • T-SQL ROUND
    • T-SQL Loop
    • T-SQL IIF
    • T-SQL Union
    • T-SQL CREATE TABLE
    • T-SQL INSERT
    • T-SQL Stuff
    • T-SQL ISNULL
    • T-SQL ADD Column
    • T-SQL DATEDIFF
  • Joins
    • Join Query in SQL
    • Types of Joins in SQL
    • Types of Joins in SQL Server
    • SQL Inner Join
    • SQL Join Two Tables
    • SQL Delete Join
    • SQL Left Join
    • LEFT OUTER JOIN in SQL
    • SQL Right Join
    • SQL Cross Join
    • SQL Outer Join
    • SQL Full Join
    • SQL Self Join
    • Natural Join SQL
    • SQL Multiple Join
  • SqlAlchemy
    • What is SQLAlchemy
    • SqlAlchemy ORM
    • SQLAlchemy count
    • SQLAlchemy update object
    • SQLAlchemy pip
    • SQLAlchemy Connection
    • SQLAlchemy Metadata
    • SQLAlchemy Raw SQL
    • SQLAlchemy Filter in List
    • SQLAlchemy Alias
    • SQLAlchemy unique
    • SQLAlchemy JSONB
    • SQLAlchemy Async
    • SQLAlchemy Types
    • SQLAlchemy Many to Many
    • SQLAlchemy Example
    • SQLAlchemy Model
    • SQLAlchemy Data Types
    • SQLAlchemy Filter
    • SQLAlchemy SQLite
    • SQLAlchemy DateTime
    • SQLAlchemy create_engine
    • SQLAlchemy Delete
    • SQLAlchemy Migrations
  • NoSQL
    • NoSQL Databases List
    • NoSQL Data Modeling
    • Types of NoSQL Databases
    • NoSQL Injection
    • NoSQL vs SQL Databases
    • NoSQL Use Cases
    • NoSQL Key Value
  • Interview Questions
    • SQL Interview Questions
    • Advance SQL Interview Questions
    • SQL Joins Interview Questions
    • SQL Server Interview Questions
    • SQL Current Month

Related Courses

JDBC Training Course

PHP course

Windows 10 Training

SQL Course Training

PL/SQL Certification Courses

Oracle Certification Courses

SQL Injection Attack

SQL Injection Attack

Introduction to SQL Injection Attack

Whenever the application interacts with the database server and requests for some data then the attackers may interfere in between and get access to those things and the data that is being retrieved or being sent from and to the database server is called an Injection attack in SQL. In case, if the data transfer involves sharing of some sensitive data like the information about some third parties, personal data, passwords, credit card details, etc then it becomes extremely dangerous if it gets access by some attacker and may lead to a bad impression of the company’s reputation and also financial loses.

Besides this, the attacker may not only get access to the data but can also be able to modify the data and get the continuous persistent access to the back end database of the organization for a long-duration which might cause huge losses to be incurred by the organization later. In this article, we will see about some of the vulnerabilities that can be caused due to SQL injection attacks and get known with some of the possible injection attacks and the preventive measures that should be taken o maintain the security of applications from the attacks like this.

Start Your Free Data Science Course

Hadoop, Data Science, Statistics & others

All in One Data Science Bundle(360+ Courses, 50+ projects)
Python TutorialMachine LearningAWSArtificial Intelligence
TableauR ProgrammingPowerBIDeep Learning
Price
View Courses
360+ Online Courses | 50+ projects | 1500+ Hours | Verifiable Certificates | Lifetime Access
4.7 (85,992 ratings)

Different Injection Attacks

When an unauthorized person and get access and modify the contents of the database that it is not supposed to then this type of attack that compromises the security of sensitive and private contents of the database is called as injection attacks as the attacker tries to change the query statements and then get the access to it using it. Many of the recent attacks and breaches of the data from the database has been proved to be the result of the Injection attacks and this needs to be seriously taken care of in every application.

Some of the types or examples of the SQL injection attacks, techniques and vulnerabilities include as specified below:

1. Examining the Database

This type of injection attack involves getting to know about the details of the version of the SQL that is being used by the application and also the structure of the database including tables and column details which will help the attacker to get know your database and then further find new ways to exploit it.

For example, in many of the database management systems for relational data their exist a schema named information_scheme which stores the details of the tables and its structure. This type of information can easily be retrieved by executing the following query statement.

Code:

SELECT * FROM information_schema.tables

Output:

SQL Injection Attack 1

2. Subverting Application Logic

This type of attack involves changing the application logic to change its behavior permanently by simply modifying the resultset retrieved from the query request sent to the database server.

For an example of subversion of application logic using the query changes in injection attacks let us consider a simple example where we are asked for the name and password of the user whenever he/ she tries to log in to our application. For instance, let us consider that the user with name “abc” and password “xyz” tries to log in and internally we have made the use of the select query statement to verify the user’s credentials in the following manner.

Code:

SELECT * FROM user_information where name="abc" and password ="xyz";

And if the result obtained from the above query is greater than zero then our application permits access to out application to that user. The attacker may simply add after the specification of the name the double dash and space (– ) which is for the comment specification in SQL as shown below.

Code:

SELECT * FROM user_information where name="abc"-- " and password ="xyz";

This will result in the execution of the query that finds out the record whose name is abc. The attacker can simply log in with name abc without mentioning any password and he will get access to the application straight away.

3. UNION Attacks

Using this technique for injection attacks the attacker can retrieve some additional contents from the database along with the resultset of the current request being made. For instance, consider that the user is trying to retrieve the list of his / her contacts the using UNION clause appending to the original query statement the attacker may be able to find out the adjoining table details like password details and so which can hamper the security and unauthorized access of application by the attacker in future.

4. Retrieving Hidden Data

This type of attack involves when there are no preventive measures taken against the SQL injections by the application.

Let us see this technique simply by considering an example of online shopping where the customer or user enters the search string and searching for the particular product say for the cartwheel and the URL that generates for that request is somewhat like following.

https://something.nothandled.com/shopping?items=cartwheel

And internally check for items takes place using query shown below and the resultant is sent back to the user that satisfies its requirements.

Code:

SELECT * FROM shopping WHERE items = 'cartwheel';

And the attacker simply changes the URL to the following that includes the addition of OR and a condition that will always result to true as shown below.

“https://something.nothandled.com/shopping?items=cartwheel”+OR+1=1

And this change by attacker leads to following query construction.

Code:

SELECT * FROM shopping WHERE items = 'cartwheel' OR 1=1;

Which will result in the items that will include the list of all items even those to which the customer should not be accessed.

Prevention of SQL Injection Attacks

Most of the above-mentioned SQL injection attacks can simply be prevented by using the prepared statements than the concatenated strings for building the query statements in your application.

For example, if you are creating the SQL statements in the following manner in your application.

Code:

String queryString = "SELECT * FROM items WHERE object = '"+ requiredObject + "'";
Statement sqlStat = connection.createStatement();
ResultSet finalResult = sqlStat.executeString(queryString);
then simply replace it with the following coding pattern -
PreparedStatement sqlStat = connection.prepareStatement("SELECT * FROM items WHERE object = ?");
sqlStat.setString(1, requiredObject);
ResultSet finalResult = sqlStat.executeString();

Conclusion

When an unauthorized person get access and modify the contents of the database that it is not supposed to then this type of attack that compromises the security of sensitive and private contents of the database is called as injection attacks as the attacker tries to change the query statements and then get the access to it using it. We can prevent this simply by using prepared statements instead of concatenated strings for specifying our query statements in our applications.

Recommended Articles

This is a guide to SQL Injection Attack. Here we discuss the introduction, different injection attacks and prevention respectively. You may also have a look at the following articles to learn more –

  1. SQL UNION
  2. EXPLAIN in SQL
  3. SQL Outer Join
  4. SQL TRUNCATE()
Popular Course in this category
JDBC Training (6 Courses, 7+ Projects)
  6 Online Courses |  7 Hands-on Projects |  37+ Hours |  Verifiable Certificate of Completion
4.5
Price

View Course

Related Courses

PHP Training (5 Courses, 3 Project)4.9
Windows 10 Training (4 Courses, 4+ Projects)4.8
SQL Training Program (7 Courses, 8+ Projects)4.7
PL SQL Training (4 Courses, 2+ Projects)4.7
Oracle Training (14 Courses, 8+ Projects)4.7
0 Shares
Share
Tweet
Share
Primary Sidebar
Footer
About Us
  • Blog
  • Who is EDUCBA?
  • Sign Up
  • Live Classes
  • Corporate Training
  • Certificate from Top Institutions
  • Contact Us
  • Verifiable Certificate
  • Reviews
  • Terms and Conditions
  • Privacy Policy
  •  
Apps
  • iPhone & iPad
  • Android
Resources
  • Free Courses
  • Database Management
  • Machine Learning
  • All Tutorials
Certification Courses
  • All Courses
  • Data Science Course - All in One Bundle
  • Machine Learning Course
  • Hadoop Certification Training
  • Cloud Computing Training Course
  • R Programming Course
  • AWS Training Course
  • SAS Training Course

ISO 10004:2018 & ISO 9001:2015 Certified

© 2022 - EDUCBA. ALL RIGHTS RESERVED. THE CERTIFICATION NAMES ARE THE TRADEMARKS OF THEIR RESPECTIVE OWNERS.

EDUCBA
Free Data Science Course

SPSS, Data visualization with Python, Matplotlib Library, Seaborn Package

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA Login

Forgot Password?

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA
Free Data Science Course

Hadoop, Data Science, Statistics & others

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

EDUCBA

*Please provide your correct email id. Login details for this Free course will be emailed to you

By signing up, you agree to our Terms of Use and Privacy Policy.

Let’s Get Started

By signing up, you agree to our Terms of Use and Privacy Policy.

This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the cookie policy. By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to our Privacy Policy

Loading . . .
Quiz
Question:

Answer:

Quiz Result
Total QuestionsCorrect AnswersWrong AnswersPercentage

Explore 1000+ varieties of Mock tests View more