SQL Injection Masterclass

In this post, I would like to take some time to talk on the well-known attack to all people out there. The attack that I mentioned above is SQLi which also known as SQL Injection.

What SQL Injection can do to business or any organization will be considered as dangerous to the system. For any successful SQL Injection attack might impact the system on unauthorized access of database system, modify the SQL database tables and probably can gain viewing of the user listing in SQL Database.

Types of SQLi Attack

There are three types of SQLi Attack that need to know such as:

  1. In-band SQLi
  2. Out-of-band SQLi
  3. Blind SQLi

In-Band SQLi

In-Band SQLi has divided into two methods which are Error-Based attack and Union Attack.

Error-Based Attack is an SQL attack when the attacker key-in a string like ‘ into the target’s URL. The attacker can gain information based on the error that the system provided.

An example of the Error-Based Attack is something such as:

http://url.com/pageid=12′

Union-Based Attack is an SQL attack method that uses the trick of SQL statement command such as Union Select command.

An example of Union-Based Attack is something such as:

http://url.com/pageid=12 SELECT a, b FROM table1 UNION SELECT c, d FROM table2

Out-of-Band SQLi

This form of attack is normally used as an alternative to in-band and blink SQLi attack where the attacker will be using it when the SQL server is too slow to connect or unstable access to performed the attack.

However, the attacker can only use this form of attack when certain features in SQL server have been enabled and used by the web application.

Blind SQLi

This version of SQL Injection attack is a method where the attack will send payloads to the SQL Server and the attack will patiently wait for the Server response.

A well-known Blind SQL Injection that everyone knows is Boolean SQLi. This attack method is used by sending the SQL query to the server and wait for the response.

An example of Boolean SQLi is such as ‘ or 1=1 —

Another Blind SQL Injection is Time-Based SQLi. The attack is quite similar to Union SQL Injection but the only difference between them are Time-Based SQLi have time query to the server.

As the name suggests, the attacker can notify based on the database time response to know whether the query is true or false response. The HTTP response will be generated based on the time query period where the attacker can work out the message without relying too much on the database result.

Author: Wan Ariff

He brings with him more than 2 years of working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *