SQL Injection Tutorial For Beginners

SQL Injection Tutorial For Beginners

SQL injection is a web security vulnerability that allows an attacker to alter the SQL queries made to the database. This can be used to retrieve some sensitive information, like database structure, tables, columns, and their underlying data.

SQL injection is a web security vulnerability that allows an attacker to alter the SQL queries made to the database. This can be used to retrieve some sensitive information, like database structure, tables, columns, and their underlying data.

For example, suppose an application uses the following query to fetch someone’s login details:

SELECT USERNAME,PASSWORD from USERS where USERNAME='<username>' AND PASSWORD='<password>';

Here, username and password is the input provided by the user. Suppose an attacker gives the input as ' OR '1'='1 in both fields. Therefore, the SQL query will look like:

SELECT USERNAME,PASSWORD from USERS where USERNAME='' OR '1'='1' AND PASSWORD='' OR '1'='1';

This query results in a true statement, and thus, the user gets logged in. This example depicts the most basic type of SQL injection.

SQL injection can be used anywhere to fetch any sensitive information from the database.

Note: This was the most basic example and meant only for understanding purposes. You’ll mostly not find any such cases in the real world.

You can use this cheat sheet to see how to make queries over different SQL database providers.

How to Detect the Presence of SQL Injection?

In most cases, SQL injection can be detected easily by providing invalid parameters, like ', '' a' or 1=1--, "a"" or 1=1--", or a = a, a' waitfor delay '0:0:10'--, 1 waitfor delay '0:0:10'--, %26, ' or username like '%, and etc. You can then observe the changes in the behavior of the application.

You may try to analyze the length of the response from the server and also the time it takes to send the response. Payloads like ', a' or 1=1--, and etc. might show changes in the response by the database server. But if there’s no change, then we try to trigger time delays using a payload like a' waitfor delay '0:0:10'--. This might make the server delay for a specific time before sending a response.

After determining if the website is vulnerable to SQL Injection, we can try to extract some sensitive information from the database.

Before that, we need to identify the number of columns the SQL Query returns. This is essential because if we try to extract an unequal number of columns than what the query actually returns, then it will return an error.

We can determine the number of columns by using the order by command. For example:

www.onlineshopping.com/products.php?pid=8 order by 1 -- //
www.onlineshopping.com/products.php?pid=8 order by 2 -- //// If the parameter is a string then you need to add ' after it.www.onlineshopping.com/products.php?usr=b' order by 3 -- //
www.onlineshopping.com/products.php?usr=a' order by 4 -- //

The significance of -- is that it's a comment indicator in SQL, which makes the rest of the query a comment. Now to preserve the space after --, we add any character after that so that space doesn't get ignored in the HTTP request. We might also use # or /* */ for comments depending on the SQL database provider.

Continue this process until you encounter an error. If you encounter an error while using the payload order by 5 but not while using order by 4, this means that the query returns 4 columns.

How to Exploit Using SQL Injection

Once you know that the application is vulnerable to SQL injection and you have identified the number of columns, we try to find necessary information about the database, like DB name, DB user name, DB version, table names, column names of the required table, and etc. Check out the SQL injection cheat sheet to find the respective queries.

Types of SQL Injection
  1. Error-based: This type of SQL injection relies on the error messages being thrown by the database server, which might provide us some useful information regarding the database structure.
  2. Union-based: This technique uses the SQL UNION operator to combine the results of two SELECT queries and return a single table. It allows an attacker to extract information from other tables by appending the results to the original query made to the database.
  3. Blind Injection: This happens when the application is vulnerable to SQL Injection but the results of the SQL query are not returned in the HTTP response. In this case, we query the database for any true/false statement and see the changes for both true and false conditions. It is of two types:
  4. Content-based: In this technique, the database server is queried with any conditional statement and the response from the server is analyzed for any difference while sending a true condition and a false condition.
  5. Time-based: This technique relies on injecting an SQL query that makes the database wait for a specific time based on the specified condition. The time taken by the server to send back a response determines if the query is true/false.
  6. Out-of-band injection(uncommon): This is not a very common type of SQL Injection as it depends on the features being enabled on the database server. It relies on the database server's capability to make a web request like HTTP, DNS, andftp to send data to the attacker.
How to protect your code from SQL Injection?
  1. Never construct a query directly with the user’s input. Instead, use Parameterized Statements. Theymake sure that the inputs passed into SQL queries are treated safely.
  2. It’s always good the sanitize the user input. Also, proper input validation should be done for example, a name can’t be digits or a phone number can’t be alphabets. However, this can be bypassed at times.
  3. Use a safe driver to interact with your SQL Database. They automatically prevent against all SQL Injection attacks. For example, SQLAlchemy for python.
Resources
  1. SQL Map is an open-source tool thatautomates the process of detecting and exploiting SQL injection vulnerabilities.
  2. This repository has some cool resources on SQL Injection. This includes some cheat sheets and a lot of useful payloads that can be used depending on the use case.

Learn to Build SQL Query| Ultimate SQL and DataBase Concepts|Simpliv

Learn to Build SQL Query| Ultimate SQL and DataBase Concepts|Simpliv

Learn to Build SQL Query| Ultimate SQL and DataBase Concepts

Description
SQL developers are earning higher salary in IT industry, but, its not about writing queries its about understanding and applying the right query at right time and this course will let you understand complex SQL Statements in an easy way .

Moreover, This Course will teach you how to extract Data from Database and write complex queries to a database This course will focus on a wider scale by Covering Structure Query Language SQL concepts as a whole, whether Students work with MySQL, Microsoft SQL Server, Oracle Server, etc.

This course have 5 Chapters in which you will learn

Chapter 1 Fundamentals

Fundamentals
Building Blocks
Selecting Records from DB
Working with Arithmetic Expressions
Chapter 2 Conditioning Sorting and Operators

Logical Operators
Comparison Operators
Operator Precedence
Sorting Results
Chapter 3 Functions

Character Functions
Number Functions
Date Functions
Conversions
General Purpose Functions
Nesting Functions
Chapter 4 Grouping

Multiple Row Functions on a single Table
Multiple Row Functions on Many Table
Chapter 5 Joins

Understanding Primary Key
Understanding Foreign Key
Understanding Need of Joins
Cartesian Product
Equie Join Simple Join Self Join
Non Equie Join
Outer Join
Self Join
Course is Designed for College and University Students who want Solid SQL and Data Base Concepts in a short period of time.

Who this course is for:

Beginners
University or College students
Anyone who wants Solid SQL Concepts
Basic knowledge
No prior knowledge is required
PC or MAC
What will you learn
SQL Fundamentals
Understand Complex SQL Concepts in Easy way using daily life examples
Construct SQL Statements
Use SQL to retrieve data from database
Selecting Data From Database
Restricting and Sorting Data from DB
Grouping Data From DB
Construct SQL statements that will let them work with more than two tables
Use SQL Functions
Work with SQL Operators and find out precedence
Nesting in SQL
Joins
To continue:

Migrate Entity Framework Core to SQL Database on Startup

Migrate Entity Framework Core to SQL Database on Startup

This ASP.NET Core tutorial explains how to migrate Entity Framework Core to SQL Database on Startup. How to automatically migrate database changes from code in ASP.NET Core using Entity Framework Core from the Startup.cs file. Use the EF Core DB Context Service to automatically migrate database changes.

Example code tested with ASP.NET Core 3.1

This is a super quick example of how to automatically migrate database changes from code in ASP.NET Core using Entity Framework Core from the Startup.cs file.

Solution

Register the EF Core DB Context as an ASP.NET Core Service

The Entity Framework Core DB Context is registered as a service with the ASP.NET Core Dependency Injection (DI) system from the ConfigureServices() method of the Startup.cs file.

// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
    services.AddDbContext<DataContext>(x => x.UseSqlite("Data Source=LocalDatabase.db"));

    ...
}

Use the EF Core DB Context Service to automatically migrate database changes

An instance of the EF Core DB Context service is injected as a parameter into the Configure() method of the Startup.cs file, the DB Context instance is then used to apply any pending migrations to the database by calling the Database.Migrate() method.

// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env, DataContext dataContext)
{
    // migrate any database changes on startup (includes initial db creation)
    dataContext.Database.Migrate();

    ...
}
Extra Info

While updating the tutorial from an EF Core InMemory database to SQLite I ran into some difficulties trying to automatically run database migrations from the Startup.cs. At first I was following a tutorial on the MS Docs website that called services.BuildServiceProvider().GetService<MyDatabaseContext>().Database.Migrate(); from within the ConfigureServices() method, but this resulted in the following warning in the console when I ran the application:

Startup.cs(39,13): warning ASP0000: Calling 'BuildServiceProvider' from application code results in an additional copy of singleton services being created.
Consider alternatives such as dependency injecting services as parameters to 'Configure'.
[/Users/jwatmore/Projects/aspnet-core-3-registration-login-api/WebApi.csproj]

What is SQL Injection?

What is SQL Injection?

This "What is SQL Injection?" video will give you an introduction to SQL Injection Attacks. This video will give you an exhaustive on the fundamentals of SQL Injection and teach you how to use SQL Injection to hack a Web Application and also how to prevent it

What is SQL Injection? | SQL Injection Tutorial | Cybersecurity Training

Below are the topics in this video:

  1. What is SQL Injection?
  2. How SQL Injection works?
  3. How to use SQL Injection Attack?
  4. How to prevent SQL Injection?