SQL Interview Questions
====================================== What is sql inject attack What is sql injeciton ====================================== This is the way you can pass INVALID or VUNARABLE input parameters to query and retrive information more than expected. This is the way to break the Security of Database lavel. for eg. Suppose you have sql query like statement "SELECT * FROM `users` WHERE `name` = '" + userName + "';" This SQL code is designed to pull up the records of the specified username from its table of users. You can see here that query is taking parameter dynamically. Here you may use prepared statement. At the run time value of userName variable will be added to query. If you pass the userName=' or '1'='1 the actual statement will look like SELECT * FROM `users` WHERE `name` = '' OR '1'='1'; If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of '1'='1' is always true. The following value of "userName" in the statement below would cause the deletion of the "users" table as well as the selection of all data from the "userinfo" table using an API that allows multiple statements: a';DROP TABLE `users`; SELECT * FROM `userinfo` WHERE 't' = 't The above scenario which I explained is comes under Incorrectly filtered escape characters scenario There are following way you can do query injection 1)Incorrectly filtered escape characters 2) Incorrect type handling 3) Conditional responses 4) Parameterized statements etc. |
No comments:
Post a Comment