Skip to main content
Engineering LibreTexts

8.1.1.1: Injection Vulnerabilities

  • Page ID
    89756
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    \( \newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\)

    ( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\id}{\mathrm{id}}\)

    \( \newcommand{\Span}{\mathrm{span}}\)

    \( \newcommand{\kernel}{\mathrm{null}\,}\)

    \( \newcommand{\range}{\mathrm{range}\,}\)

    \( \newcommand{\RealPart}{\mathrm{Re}}\)

    \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\)

    \( \newcommand{\Argument}{\mathrm{Arg}}\)

    \( \newcommand{\norm}[1]{\| #1 \|}\)

    \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\)

    \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\AA}{\unicode[.8,0]{x212B}}\)

    \( \newcommand{\vectorA}[1]{\vec{#1}}      % arrow\)

    \( \newcommand{\vectorAt}[1]{\vec{\text{#1}}}      % arrow\)

    \( \newcommand{\vectorB}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vectorC}[1]{\textbf{#1}} \)

    \( \newcommand{\vectorD}[1]{\overrightarrow{#1}} \)

    \( \newcommand{\vectorDt}[1]{\overrightarrow{\text{#1}}} \)

    \( \newcommand{\vectE}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash{\mathbf {#1}}}} \)

    \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \)

    \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)

    Injection vulnerabilities occur when a web application accepts an untrusted and malicious data as input from the user without validating it. The Structured Query Language (SQL) injection attack is one of the most common type of attack which exploits the injection vulnerabilities and targets the SQL databases by injecting the malicious commands. The process of SQL injection attack is presented as follows:

    1. The attacker clicks the forgot password option (to verify whether the webserver is vulnerable to SQL injection attack or not) and enters incorrect format of username or email address (e.g. instead of xyz@ggc.edu the attacker enters xyz?#= = 1). If the reply comes “Incorrect username format” then it means there is a filter (format checker) in place which validate the user input before getting it through the database. However, if reply comes “Error/User Not found”, this indicates the absence of the filter, which means the attacker can inject the malicious commands to webserver and manipulate the database.
    2. The attacker then enters the SQL commands in the username field and performs the destructive actions e.g. steal and manipulate the data stored in the database.

    This image combines a series of images that show an SQL injection attack as described in the previous text.

    Figure \(\PageIndex{1}\): Phases of SQL injection attack on a vulnerable web Application("Information Security" by Umar Khokhar Binh Tran is licensed under CC BY 4.0)

     

    Sqlmap is the one of the most widely used tools for SQL injection attacks which automates the process of vulnerability assessment and injection of the SQL commands. The attacker just has to enter few commands and follow a simple four (4) steps process:

    1. Identification of the databases
    2. Choose a specific database and identify tables of that databases
    3. Choose a specific table and identify the columns
    4. Dump the columns

    Injection Attack.png

    Figure \(\PageIndex{2}\):

    SQL injection attack using Sqlmap

     ("Information Security" by Umar Khokhar Binh Tran is licensed under CC BY 4.0)

    8.1.1.1: Injection Vulnerabilities is shared under a not declared license and was authored, remixed, and/or curated by LibreTexts.

    • Was this article helpful?