What is Structured Query Language(SQL) Injection ?
b"
hello everyone my name is vijay kumar Devireddy and i am glad to have you back on my episode 47 today we are discussing about SQL Injection.What is SQL?SQL, or Sequel, stands for the structured query language.And it's the way that a web application communicates to a database server to ask for information.Because this is the language used to communicate with the databases and the databases hold lotsof valuable information,this has become a popular target for attacks.This brings us to the concept of an SQL Injection,which is an attack consisting of the insertion or injection of an SQL query via input data form that the client sends to the web application.SQL injections are just a specific typeof code injection though.A generalized injection attack is the insertion of additional information or code through data input from a client to an application.This code injection can occur using any type of code though.But the most common are SQL, HTML,XML, and LDAP injections.By far though, SQL injections are by far the most common.And so we're going to talk about that in this lesson as we go through.Just as SQL injections are used to insert SQL statements into a web application, these other types of code injection can also be used as an attack method, too.And so keep that in mind.Now before we start to discuss how an SQL injection works,it's important to know how a normal SQL query or request is performed.Let's pretend that you wanted to log into this website.First, you have to enter your username.So, I'm going to enter jason as mine and then you have to enter your password.So I'm going to enter my oh so super secure password of pass123 for this example.With both of those entered in, I go and click on the Login button,and the website will send my username and password to the database to verify if the username matches the password stored in the database.This is done by sending a SQL or structured query that says select any records from the user table in the database where the user_id = 'jason',and the password = 'pass123'.So, if the query finds a record in the table that has both the username of jason and the password of pass123,it's going to return the value of true to the web application.And the web application can perform whatever the next action it's supposed to do in.In this case, it logs me into the website and displays whatever the authenticated user homepage is.Now, if the username and password combination weren't foundin that database table called users,then it's going to return false,and the web application would give me some kindof a message saying please enter your password again.This is how it's supposed to work.But how does it work with an SQL injection?Let's try logging into this website again.But this time, I'm going to perform an SQL injection.So, we go back to the Login page,and I'm going to enter the username of jason once more.Then instead of entering my password,I'm going to enter the Escape character,which is a backward single quote mark,and the statement, `OR 1=1;.Now, this isn't my password, obviously.But instead, this is some code that I'm trying to inject into the SQL statement that the web application is going to send to the database when I click Login.So, let's click the Login button,and you can now see the full SQL statement that the web application has generated and sent to the database.Select any records from the user table in the database where the user_id = 'jason'.So far this is the same as our earlier legitimate login attempt. And where the password = '` OR 1=1 ;'.What is happening here?Well, this is showing us that the statement is now being sent to the database,but when it reaches that Escape character,that backward single quote,it's going to treat every thing after it as a command to process.
"