What is it:
Before I say what is it I would like to say where it happens.
Most of the websites are using a database.It can be for user login/registration, posts etc.
For example in php you can use something called
Mysqliwitch stands for mysql improved.Mysql being the database and improved says that is better but still you can exploit it.When a developer wants to access the database for something it send to the database a query.
If you're sending to the database somebody's username, you send a query with the username the user typed in.Here is the problem.The user can type anything and it can change the query like that and send malicious code into the database.
How do we use it:
It's not that hard after you found a website vulnerable to sql injection.You just type the code in a field.
For example , on a login form where you have a username and password field, the query could loke like this:
SELECT * FROM users WHERE username="username_value" AND password="users_password".If the developer uses this query there are lots of problems(never store passwords in the database, sql injection....) but if they do you can type in the username and password field the folowing:
" or ""=".
What does this will do?Well it will change the query to this:
SELECT * FROM users WHERE username="" or ""="" AND password="" or ""=""
What does this mean?Let's break it apart.
SELECT * FROM users WHEREmeans select anything from the table called users where this condition is met:
username="" or ""="" AND password="" or ""=""and this means username equals ""(nothing not even a space) or nothing equals nothing.This applies for password too.
You can do more than this.When you want to send multiple queryes at once you separate them with
;and you can type the folowing in the password field(last one)
; DROP TABLE users;.This will delete the table.
How do we make our page secure to sql injection
You can do multiple things depending on what language you're using.
- Escape special characters like " and ' and ` and ;
- Use prepared statements.
Prepared statements are a diffrent way to talk with the database.You make the query but instead of the value you put a placeholder and when you send the query you send with it the value for the placeholder too(this is the easyest I can explain).
- Prevent users from inserting those characters.