SQL Injection Example

For a better understanding of how attackers do a SQL injection attack, let’s learn how to do an SQL injection attack ourselves. In this example, we will perform a basic SQL injection attack and learn the process behind it.

Suppose we have an application based on student records. Any student can view only his or her records by entering a unique and private student ID. 

Suppose we have a field like the one below: 

Student id: The student enters the following in the input field: 12222345 or 1=1. 

Query:

SELECT * FROM STUDENT WHERE
STUDENT-ID == 12222345 or 1 = 1

SQL Injection based on 1=1 is always true. As you can see in the above example, 1=1 will return all records for which this holds true. So basically, all the student data is compromised. Now the malicious user can also similarly use other SQL queries. 

Consider the following SQL query.

Query 1:

SELECT * FROM USER WHERE
USERNAME = “” AND PASSWORD=”” 

Now the malicious attacker can use the ‘=’ operator cleverly to retrieve private and secure user information. So following query when executed retrieves protected data, not intended to be shown to users.

Query 2:

SELECT* FROM User WHERE
(Username = “” OR 1=1) AND 
(Password=”” OR 1=1).

Since 1=1 always holds true, user data is compromised. 

SQL injection is a code injection technique attackers use to gain unauthorized access to a database by injecting malicious SQL commands into web page inputs.

Attackers can extract sensitive information, modify database data, execute administration operations on the database (such as shutdown DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.

In this article, we will discuss what is SQLi(SQL Injection), Types of SQL injection, SQL injection in web pages, how to prevent SQL injection attacks, and many more.