# SQL Injection

By /

Listen to this Post

SQL Injection is a code injection technique that exploits vulnerabilities in an application’s software by injecting malicious SQL queries into an input field for execution. This can lead to unauthorized access, data leaks, and even complete database compromise.

How SQL Injection Works

Attackers manipulate SQL queries by inserting malicious code into user inputs (such as login forms, search fields, or URLs). If the application fails to sanitize inputs properly, the database executes the injected code, allowing attackers to:
– Bypass authentication
– Extract sensitive data (usernames, passwords, credit card details)
– Modify or delete database records
– Execute administrative operations

Common SQL Injection Types

  1. Classic SQL Injection – Directly injects malicious SQL into input fields.
  2. Blind SQL Injection – No direct output, but attackers infer data based on behavior (time delays or boolean responses).
  3. Union-Based SQL Injection – Uses `UNION` to combine results from multiple tables.
  4. Error-Based SQL Injection – Exploits database error messages to extract information.

You Should Know:

Preventing SQL Injection

1. Use Prepared Statements (Parameterized Queries)

-- Example in PHP with PDO 
$stmt = $pdo->prepare('SELECT * FROM users WHERE email = :email'); 
$stmt->execute(['email' => $email]);

2. Input Validation & Sanitization


<h1>Python with SQLite3</h1>

import sqlite3 
conn = sqlite3.connect("database.db") 
cursor = conn.cursor() 
cursor.execute("SELECT * FROM users WHERE username = ?", (user_input,))

3. Implement Web Application Firewalls (WAF)


<h1>ModSecurity rule to block SQLi attempts</h1>

SecRule ARGS "@detectSQLi" "id:1,deny,status:403"

4. Least Privilege Principle

-- Restrict database user permissions 
GRANT SELECT ON customers TO 'webuser'@'localhost';

5. Escape User Inputs

// MySQLi real_escape_string 
$username = $mysqli->real_escape_string($_POST['username']);

Testing for SQL Injection

  • Manual Testing:
    ' OR '1'='1 
" OR "" = " 
' UNION SELECT 1,2,3-- -

  • Automated Tools:

    sqlmap -u "http://example.com/login.php?user=1" --dbs

Exploiting SQL Injection (For Educational Purposes)


<h1>Dumping database names</h1>

sqlmap -u "http://vuln-site.com?id=1" --dbs

<h1>Extracting table data</h1>

sqlmap -u "http://vuln-site.com?id=1" -D dbname --tables

<h1>Retrieving column data</h1>

sqlmap -u "http://vuln-site.com?id=1" -D dbname -T users --dump

What Undercode Say

SQL Injection remains one of the most critical web vulnerabilities due to poor input handling. Always:
– Use ORMs (like SQLAlchemy, Hibernate)
– Enforce strict input validation
– Regularly audit database permissions
– Employ WAFs and security headers

Expected Output:

A secure application that filters malicious inputs and prevents unauthorized database access.

Further Reading:

References:

Reported By: Thiago Marques – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: