Get me outta here!

Thursday, 12 January 2012

SQL Injection

What is an SQL Injection?

SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website to perform operations on the database (often to dump the database content to the attacker) other than the usual operations as intended by the designer. SQL injection is a code injection technique that exploits a security vulnerability in a website's software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL commands are thus injected from the web form into the database of an application (like queries) to change the database content or dump the database information like credit card or passwords to the attacker. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Using well designed query language interpreters can prevent SQL injections. In the wild, it has been noted that applications experience, on average, 71 attempts an hour. When under direct attack, some applications occasionally came under aggressive attacks and at their peak, were attacked 800-1300 times per hour.


SQL Injection Attack (SQLIA) is considered one of the top 10 web application vulnerabilities of 2007 and 2010 by the Open Web Application Security Project. The attacking vector contains five main sub-classes depending on the technical aspects of the attack's deployment:
  • Classic SQLIA
  • Inference SQL Injection
  • Intracting with SQL Injection
  • DBMS specific SQLIA
  • Compounded SQLIA
Some security researchers propose that Classic SQLIA is outdated though many web applications are not hardened against them. Inference SQLIA is still a threat, because of its dynamic and flexible deployment as an attacking scenario. The DBMS specific SQLIA should be considered as supportive regardless of the utilization of Classic or Inference SQLIA. Compounded SQLIA is a new term derived from research on SQL Injection Attacking Vector in combination with other different web application attacks as:
  • SQL Injection + Insufficient authentication[4]
  • SQL Injection + DDos attacks[5]
  • SQL Injection + DNS Hijacking[6]
  • SQL Injection + XSS[7]
The Storm Worm is one representation of Compounded SQLIA. A complete overview of the SQL Injection classification is presented in the next figure, Krassen Deltchev in 2010:

A Classification of SQL Injection Attacking Vector, till 2010.
This Classification represents the state of SQLIA, respecting its evolution till 2010; further refinement is underway.[9] m/2007/01/social-engineering-and-malware.html |title=Dancho Danchev's Blog


Post a Comment

Due to the permanent shut down, I rarely visit the blog. Don't expect answers to your queries very soon.