What is SQL Injection?

SQL Injection is most favorite and most attacked vulnerabilities that Hackers, performs nowadays. From last three times Injection i.e. SQL Injection becomes first web attack published by OWASP.

SQL Injection can be defined as “It is an Injection attack in which attacker tries interface sql queries or sql statement by sending malicious payload to the website.”SQL Injection mainly Categories into three major types:-

In-Band SQL Injection

In-band is common methodology and easy-to-exploit of SQL Injection. In these injection attack, attacker uses same communication channel to both launch the attack and gather results.

In-Band SQL Injection is of two types:-

Error-based Injection:-

Error-based SQLi technique that relies on error messages thrown by the database server to obtain information about the structure of the database. For some Web application, error-based SQL injection alone is enough for a hacker to enumerate an entire database and get the relevant information.

Union-based Injection:-

Union-based SQL injection technique that leverages the UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response and tries to get the database information for an attacker.

Inferential Injection:-

Inferential SQL Injection, may take longer time for an attacker to exploit, however, it is some time difficult to exploit the sql injection. In an Inferential SQLi attack, no data is actually transferred via the web application and the attacker would not be able to see the result of an attack as seen in in-band injection. This attacker has to reconstruct the database queries by sending different payload, observing the web application’s response and behavior of database. It is also called as Blind SQL Injection (Blind SQLi).
Inferential band SQL Injection is of two types:-

Boolean-based SQL Injection

Boolean-based SQL Injection is a technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.

Time-based SQL Injection

Time-based SQL Injection is a technique that relies on sending an SQL query to the database which forces the database to wait or lock for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
Basic Syntax for Time based SQL Injection is waitfordelay(), die().

Out-of-band SQL Injection

Out-of-band SQL Injection is most difficult type of SQL Injection that attacker performs, mainly because it depends on features being enabled on the database server being used by the web application. Out-of-band SQL Injection occurs when an attacker is unable to use the same channel to launch the attack and gather results.

Out-of-band SQLi techniques would rely on the database server’s ability to make DNS or HTTP requests to deliver data to an attacker. Such is the case with Microsoft SQL Server’s xp_dirtree command, which can be used to make DNS requests to a server an attacker controls; as well as Oracle Database’s UTL_HTTP package, which can be used to send HTTP requests from SQL and PL/SQL to a server an attacker controls. Happy Hacking !!!!!!!!!

Author: Sujay Chaurasia, Director, Cybersecurity, Development and DevOps, GRhombus Technologies

Comments are closed