SQL Injection :-
It is a Code Injection technique which might destroy your database knowingly or Unknowingly. We should all very careful about it.Here in this blog, we will see how Injection a) might destroy your database and how it b) will bypass security as well. Yes, lets explore with examples.
Scenario 1 ( How to break Security Login )
Here, it is to check the User login with Username and Password. Getting the inputs and passed in a query. If it matches with the User List in the User Table, then it will allow that user to login.
Input Values - Case 1
User id = 1001
Password = pass
The above given inputs will frame the SQL as below.
Select * from User_table where User id = 101 and Password = 'pass';
The above query will check Username and Password in the User table and allow if the Username and Password is perfectly matched with any of the records.
Here, there is no SQL Injection. Great.
Input Values - Case 2
User id = 1001 OR 1=1
Password = pass
The above said Input values will make SQL statement as below.
Select * from User_table where User id = 101 or 1=1 and Password = 'pass';
This will select records always even though if any one enters wrong username and password. Then the application or database is in User's hand to do whatever he want.
This is one way of doing SQL Injection. Be careful about it.
Scenario 2 ( How to Inject to destroy Database by dropping key tables )
Here, it is to pass input value to frame a SQL statement to Execute.
Delete from transaction where transaction_no = "Input Value"
Input Value - Case 1:
Transaction Number = 100001
With the above said Input Value, the query will be framed to execute as below.
Delete from transaction where transaction_no = 100001
Here, it is perfect and there is no SQL injection takes place. Perfect One. But., lets see in other two cases below.
Input Value - Case 2:
Transaction Number = 100001 or 1=1 ;
With the above said Input Value, the query will be framed to execute as below.
Delete from transaction where transaction_no = 100001 or 1=1;
We all know that, the above statement will not delete only the transaction 100001 but all the transactions in the transaction table, which is the crisis to the business.
Input Value - Case 3:
Transaction Number = 100001; drop table USER_LOGIN ;
With the above said Input Value, the query will be framed to execute as below.
Delete from transaction where transaction_no = 100001; drop table USER_LOGIN;
Think about it, after deleting transaction what will happen. The key table USER_LOGIN will be dropped which may lead to DB Login Crash.
Solution :-
1. Be very very careful about Input Parameters
2. Include this SQL injection scenarios in all your test cases during Testing.
Avoid SQL Injection and Keep our database safe always.
Thanks for all your support. We will connect in our next blog with different topic
Regards,
Sathish
No comments:
Post a Comment