401d8 read39 - carlosjorr/reading-notes GitHub Wiki

What is SQL injection?

s a type of cyber attack where malicious SQL (Structured Query Language) statements are injected into input fields or parameters of a web application, exploiting vulnerabilities in the application's database layer. The goal of an SQL injection attack is to manipulate the database queries and gain unauthorized access to the database or extract sensitive information.

Can you give an example of how a hacker could use SQL injection to gain unauthorized access?

Here's an example of how a hacker could use SQL injection to gain unauthorized access:

Suppose you have a simple login form on a website with the following SQL query to check user credentials:

sql

SELECT * FROM users WHERE username = '' AND password = ''; The hacker could input the following into the username field:

arduino

' OR '1'='1'; -- The SQL query would then become:

sql

SELECT * FROM users WHERE username = '' OR '1'='1'; -- ' AND password = ''; The comment (--) at the end ensures that the rest of the original query is ignored. Because '1'='1' is always true, the query would return all user records, effectively bypassing the authentication process.

What are some ways to prevent SQL injection attacks on a web server?

Use Prepared Statements (Parameterized Queries): Instead of directly inserting user input into SQL queries, use parameterized queries or prepared statements provided by your programming language or framework. These methods separate user input from the SQL query, making it harder for attackers to inject malicious code.

Input Validation and Sanitization: Validate and sanitize user input before using it in queries. Only allow input that matches the expected format and reject any input that contains suspicious characters or patterns.

Least Privilege Principle: Ensure that the database user account used by your application has the minimum required permissions. This reduces the potential impact of an SQL injection attack.